A systematic review on security in Process-Aware Information Systems - Constitution, challenges, and future directions

Information and Software Technology

Volumn 56, Issue 3, 2014, Pages 273-293

  Leitner, Maria ^a   Rinderle Ma, Stefanie ^a  

^a UNIVERSITY OF VIENNA   (Austria)

Author keywords

Business Process Management; Business process security; Process Aware Information Systems; Security; Systematic literature review; Workflow security

Indexed keywords

ACCESS CONTROL; ADMINISTRATIVE DATA PROCESSING; ENTERPRISE RESOURCE MANAGEMENT; INFORMATION SYSTEMS; INFORMATION USE; SECURITY SYSTEMS;

BUSINESS PROCESS; BUSINESS PROCESS MANAGEMENT; PROCESS-AWARE INFORMATION SYSTEMS; SECURITY; SYSTEMATIC LITERATURE REVIEW; WORKFLOW SECURITY;

INFORMATION MANAGEMENT;

EID: 84892614680     PISSN: 09505849     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.infsof.2013.12.004     Document Type: Review

References (194)

1. M. Weske Business Process Management: Concepts, Languages, Architectures 2007 Springer
2. T. Mather, S. Kumaraswamy, and S. Latif Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance 2009 O'Reilly Media, Inc.
3. R. Winter, and R. Fischer Essential layers, artifacts, and dependencies of enterprise architecture J. Enterprise Architect. 3 2006 7 18
4. G. Müller, R. Accorsi, Why are business processes not secure?, in: Festschrift Prof. Johannes Buchmann, 2013.
5. Workflow Management Coalition, Workflow Security Considerations - White Paper, Technical Report Document Number WFMC-TC-1019 Document Status - Issue 1.0, Workflow Management Coalition, 1998.
6. W.M.P. van der Aalst A decade of business process management conferences: personal reflections on a developing discipline A. Barros, A. Gal, E. Kindler, Proceedings of the 10th International Conference on Business Process Management (BPM) Lecture Notes in Computer Science vol. 7481 2012 Springer 1 16
7. B. Kitchenham, Procedures for Performing Systematic Reviews, Joint Technical Report, Department of Computer Science, Keele University and Empirical Software Engineering, National ICT Australia Ltd., 2004.
8. B. Kitchenham, S. Charters, Guidelines for performing Systematic Literature Reviews in Software Engineering, EBSE Technical Report EBSE-2007-01 Version 2.3, School of Computer Science and Mathematics, Keele University and Department of Computer Science, University of Durham, 2007.
9. H.M. Cooper, L.V. Hedges, and J.C. Valentine The Handbook of Research Synthesis and Meta-Analysis 2009 Russell Sage Foundation
10. K. Petersen, R. Feldt, S. Mujtaba, and M. Mattsson Systematic mapping studies in software engineering Proceedings of the 12th International Conference on Evaluation and Assessment in Software Engineering (EASE), EASE'08 2008 British Computer Society Swinton, UK 68 77
11. R. Wendler The maturity of maturity model research: a systematic mapping study Inform. Software Technol. 54 2012 1317 1339
12. J. Wainer, P. Barthelmess, and A. Kumar W-RBAC - a workflow security model incorporating controlled overriding of constraints Int. J. Cooper. Inform. Syst. 12 2003 455 485
13. S. Jalali, and C. Wohlin Systematic literature studies: database searches vs. backward snowballing Proceedings of the ACM-IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), ESEM '12 2012 ACM New York, NY, USA 29 38
14. C. Wohlin, and R. Prikladnicki Systematic literature reviews in software engineering Inform. Software Technol. 55 2013 919 920
15. M.B. Miles, and A.M. Huberman Qualitative Data Analysis: An Expanded Sourcebook 1994 SAGE
16. V. Atluri, and W.-K. Huang An authorization model for workflows Proceedings of the 4th European Symposium on Research in Computer Security (ESORICS) 1996 Springer 44 64
17. B. Kitchenham, and P. Brereton A systematic review of systematic review process research in software engineering Inform. Software Technol. 55 2013 2049 2075
18. M.R. Berthold, N. Cebron, F. Dill, T.R. Gabriel, T. Kötter, T. Meinl, P. Ohl, K. Thiel, and B. Wiswedel KNIME - the konstanz information miner: version 2.0 and beyond SIGKDD Explor. Newslett. 11 2009 26 31
19. K. Thiel, M. Berthold, The KNIME Text Processing Feature: An Introduction, Technical Report 120403F, KNIME.com AG, 2012.
20. A.-H. Tan, Text mining: the state of the art and the challenges, in: Proceedings of the PAKDD 1999 Workshop on Knowledge Discovery from Advanced Databases, 1999, pp. 65-70.
21. H. Zhang, M.A. Babar, and P. Tell Identifying relevant studies in software engineering Inform. Software Technol. 53 2011 625 637
22. B. Schneier Secrets and Lies: Digital Security in a Networked World first ed. 2004 John Wiley & Sons
23. OASIS Web Services Business Process Execution Language (WSBPEL) TC, Web Services Business Process Execution Language Version 2.0, OASIS Standard, OASIS, 2007. < http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.pdf >.
24. A. Agrawal, M. Amend, M. Das, M. Ford, C. Keller, M. Kloppmann, D. König, F. Leymann, R. Müller, G. Pfau, et al., WS-BPEL Extension for People (BPEL4People), Specification 1.0, Active Endpoints Inc., Adobe Systems Inc., BEA Systems Inc., International Business Machines Corporation, Oracle Inc., and SAP AG, 2007. < http://public.dhe.ibm.com/software/dw/specs/ws- bpel4people/BPEL4People-v1.pdf >.
25. R. Accorsi, and R. Matulevicius Workshop on security in business processes - a workshop report Enterprise Model. Inform. Syst. Architect. 8 2013 75 80
26. R. Baskerville Information systems security design methods: implications for information systems development ACM Comput. Surv. 25 1993 375 414
27. R.J. Anderson Security Engineering: A Guide to Building Dependable Distributed Systems second ed. 2008 John Wiley & Sons
28. ISO/IEC 27000, Information technology - Security techniques - information security management systems - overview and vocabulary, Technical Report ISO/IEC 27000:2009, ISO/IEC, Switzerland, 2009.
29. S. Rinderle-Ma, and M. Leitner On evolving organizational models without losing control on authorization constraints in web service orchestrations Proceedings of the 12th IEEE Conference on Commerce and Enterprise Computing (CEC) 2010 IEEE Computer Society Los Alamitos, CA, USA 128 135
30. R.A. Botha, J.H. Eloff, A security interpretation of the workflow reference model, in: Proceedings of the Information Security - From Small Systems to Management of Secure Infrastructures, vol. 2, 1998, pp. 43-51.
31. V. Atluri Security for workflow systems Inform. Security Tech. Rep. 6 2001 59 68
32. K. Knorr, Multilevel security and information flow in petri net workflows, in: Proceedings of the 9th International Conference on Telecommunication Systems - Modeling and Analysis, Special Session on Security Aspects of Telecommunication Systems, Dallas, TX, 2001, pp. 9-20.
33. P.C.K. Hung, and K. Karlapalem A secure workflow model Proceedings of the Australasian Information Security Workshop Conference on ACSW Frontiers 2003 Vol. 21 2003 Australian Computer Society, Inc. 33 41
34. D.L. Long, J. Baker, and F. Fung A prototype secure workflow server Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC) 1999 IEEE Computer Society 129
35. V. Atluri, W.-K. Huang, An extended petri net model for supporting workflows in a multilevel secure environment, in: Proceedings of the 10th IFIP WG 11.3 Working Conference on Database Security (DBSec), 1996, pp. 199 - 216.
36. S. Ayed, N. Cuppens-Boulahia, and F. Cuppens Deploying access control in distributed workflow Proceedings of the 6th Australasian Conference on Information Security vol. 81 2008 Australian Computer Society, Inc. Wollongong, NSW, Australia 9 17
37. F. Giraldo, M. Blay-Fornarino, and S. Mosser Introducing security access control policies into legacy business processes Proceedings of the 15th IEEE International Enterprise Distributed Object Computing Conference Workshops (EDOCW) 2011 IEEE Computer Society Helsinki, Finland 42 49
38. S. Röhrig, and K. Knorr Security analysis of electronic business processes Electr. Commerce Res. 4 2004 59 81
39. E. Gudes, M.S. Olivier, and R.P.v.d. Riet Modelling, specifying and implementing workflow security in cyberspace J. Comput. Secur. 7 1999 287 315
40. K. Venter, M.S. Olivier, The delegation authorization model: A model for the dynamic delegation of authorization rights in a secure workflow management system, in: Proceedings of the 2nd Annual Conference on Information for Security for South-Africa (ISSA), Muldersdrift, South Africa, 2002, pp. 1-12 (published electronically).
41. Z. Yi, Z. Yong, and W. Weinong Modeling and analyzing of workflow authorization management J. Network Syst. Manage. 12 2004 507 535
42. S. Wu, A. Sheth, J. Miller, and Z. Luo Authorization and access control of application data in workflow systems J. Intell. Inform. Syst. 18 2002 71 94
43. J. Mangler, C. Witzany, O. Jorns, E. Schikuta, H. Wanek, and I. Ul Haq MobilegSET - secure business workflows for mobile-grid clients Concurrency Comput. Pract. Experience 22 2010 2036 2051
44. A. Rodríguez, E. Fernández-Medina, and M. Piattini A BPMN extension for the modeling of security requirements in business processes IEICE Trans. Informa. Syst. E90-D 2007 745 752
45. M. Menzel, I. Thomas, C. Meinel, Security requirements specification in service-oriented business process management, in: Proceedings of the 4th International Conference on Availability, Reliability and Security (ARES), 2009, pp. 41-48.
46. M. Leitner, J. Mangler, and S. Rinderle-Ma SPRINT-responsibilities: design and development of security policies in process-aware information systems J. Wireless Mobile Networks Ubiquit. Comput. Depend. Appl. (JoWUA) 2 2011 4 26
47. F.M. Maggi, M. Montali, M. Westergaard, and W.M.P. van der Aalst Monitoring business constraints with linear temporal logic: An approach based on colored automata Proceedings of the 9th International Conference on Business Process Management (BPM) vol. 6896 2011 Springer 132 147
48. L.T. Ly, S. Rinderle-Ma, D. Knuplesch, and P. Dadam Monitoring business process compliance using compliance rule graphs Proceedings of the 19th International Conference on Cooperative Information Systems (CoopIS) Lecture Notes in Computer Science 2011 Springer 82 99
49. W.M.P. van der Aalst, and A.K.A. de Medeiros Process mining and security: detecting anomalous process executions and checking process conformance Electr. Notes Theor. Comput. Sci. 121 2005 3 21
50. Z. Luo, A. Sheth, K. Kochut, and J. Miller Exception handling in workflow systems Appl. Intell. 13 2000 125 147
51. S. Rinderle, and M. Reichert Data - driven process control and exception handling in process management systems E. Dubois, K. Pohl, Proceedings of the 18th International Conference on Advanced Information Systems Engineering (CAiSE) Lecture Notes in Computer Science vol. 4001 2006 Springer 273 287
52. B. Weber, M. Reichert, W. Wild, and S. Rinderle Balancing flexibility and security in adaptive process management systems Proceedings of the 13th International Conference on Cooperative Information Systems (CoopIS), Lecture Notes in Computer Science vol. 3760 2005 Springer 59 76
53. T. Neubauer, M. Klemen, and S. Biffl Secure business process management: a roadmap Proceedings of the 1st International Conference on Availability, Reliability and Security (ARES) 2006 IEEE Computer Society 457 464
54. T. Neubauer, and J. Heurix Defining secure business processes with respect to multiple objectives Proceedings of the 3rd International Conference on Availability, Reliability and Security (ARES) 2008 IEEE Computer Society Los Alamitos, CA, USA 187 194
55. T. Neubauer, and J. Heurix Objective types for the valuation of secure business processes Proceedings of the 7th IEEE/ACIS International Conference on Computer and Information Science (ACIS) 2008 IEEE Computer Society Los Alamitos, CA, USA 231 236
56. T. Neubauer, and M. Pehn Workshop-based risk assessment for the definition of secure business processes Proceedings of the 2nd International Conference on Information, Process, and Knowledge Management (eKNOW) 2010 IEEE Computer Society 74 79
57. A. Zuccato Holistic security requirement engineering for electronic commerce Comput. Security 23 2004 63 76
58. S. Fritsch, V. Karatsiolis, M. Lippert, A. Wiesmaier, and J. Buchmann Towards secure electronic workflows A. Atzeni, A. Lioy, Proceedings of the 3rd European Public Key Infrastructure Workshop: Theory and Practice (EuroPKI) Lecture Notes in Computer Science vol. 4043 2006 Springer 154 168
59. M. Backes, B. Pfitzmann, M. Waidner, Security in business process engineering, in: Proceedings of the 1st International Conference on Business Process Management (BPM), 2003, pp. 168-183.
60. M. Jensen, S. Feja, A security modeling approach for web-service-based business processes, in: Proceedings of the 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ECBS), 2009, pp. 340-347.
61. C. Wolter, and A. Schaad Modeling of task-based authorization constraints in BPMN Proceedings of the 5th International Conference on Business Process Management (BPM) Lecture Notes in Computer Science vol. 4714 2007 Springer 64 79
62. C. Wolter, A. Schaad, and C. Meinel Task-based entailment constraints for basic workflow patterns Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, SACMAT '08 2008 ACM New York, NY, USA 51 60
63. T. Lodderstedt, D. Basin, and J. Doser SecureUML: a UML-Based modeling language for model-driven security Proceedings of the 5th International Conference on UML - The Unified Modeling Language vol. 2460 2002 Springer 426 441
64. D. Basin, J. Doser, and T. Lodderstedt Model driven security for process-oriented systems Proceedings of the 8h ACM Symposium on Access Control Models and Technologies (SACMAT), SACMAT '03 2003 ACM New York, NY, USA 100 109
65. J. Jürjens UMLsec: extending UML for secure systems development Proceedings of the 5th International Conference on UML - The Unified Modeling Language vol. 2460 2002 Springer 412 425
66. M. Hafner, M. Breu, R. Breu, A. Nowak, Modelling inter-organizational workflow security in a peer-to-peer environment, in: Proceedings of the IEEE International Conference on Web Services (ICWS), 2005, pp. 533-540.
67. M. Hafner, and R. Breu Realizing model driven security for inter-organizational workflows with WS-CDL and UML 2.0 Proceedings of the 8th International Conference on Model Driven Engineering Languages and Systems (MoDELS) Lecture Notes in Computer Science vol. 3713 2005 Springer 39 53
68. M. Decker An UML profile for the modelling of mobile business processes and workflows Proceedings of the 5th International Conference on Mobile Multimedia Communications (MobiMedia) 2009 ACM Kingston upon Thames, UK 38:1 38:7
69. D. Domingos, A. Rito-Silva, P. Veiga, Workflow access control from a business perspective, in: Proceedings of the 6th International Conference on Enterprise Information Systems (ICEIS), vol. 3, 2004, p. 18-25.
70. B. Mikolajczak, and S. Joshi Specifying selected security features of inter-organizational workflows Proceedings of the International Conference on Computational Intelligence for Modelling Control and Automation (CIMCA) vol. 2 2005 IEEE Computer Society Los Alamitos, CA, USA 958 963
71. H. Klarl, C. Wolff, C. Emig, Abbildung von zugriffskontrollaussagen in geschäftsprozessmodellen, in: Modellierung 2008 - Workshop Verhaltensmodellierung: Best Practices und neue Erkenntnisse, 2008, p. 14.
72. A. Röhm, G. Pernul, and G. Herrmann Modelling secure and fair electronic commerce Proceedings of the 14th Annual Computer Security Applications Conference (ACSAC) 1998 IEEE Computer Society 155 164
73. M. Riesner, G. Pernul, Supporting compliance through enhancing internal control systems by conceptual business process security modeling, in: Proceedings of the 21st Australasian Conference on Information Systems (ACIS), 2010, pp. 1-10.
74. P. Herrmann, and G. Herrmann Security requirement analysis of business processes Electronic Commerce Research 6 2006 305 335
75. G. Frankova, F. Massacci, and M. Seguran From early requirements analysis towards secure workflows Proceedings of IFIPTM 2007: Joint iTrust and PST Conferences on Privacy, Trust Management and Security 2007 Springer 407 410
76. J. Müller, J. Mülle, S.v. Stackelberg, and K. Böhm Secure business processes in service-oriented architectures - a requirements analysis Proceedings of the 10th IEEE European Conference on Web Services (ECOWS) 2010 IEEE Computer Society Los Alamitos, CA, USA 35 42
77. M. Séguran, C. Hébert, and G. Frankova Secure workflow development from early requirements analysis Proceedings of the 6th European Conference on Web Services (ECOWS) 2008 IEEE Computer Society Los Alamitos, CA, USA 125 134
78. N. Russell, W.M.P. van der Aalst, A. ter Hofstede, and D. Edmond Workflow resource patterns: identification, representation and tool support O. Pastor, J. Falcão e Cunha, Proceedings of the 17th International Conference on Advanced Information Systems Engineering (CAiSE) Lecture Notes in Computer Science vol. 3520 2005 Springer 11 42
79. R.S. Sandhu, E. Coyne, H. Feinstein, and C. Youman Role-based access control models IEEE Comput. 29 1996 38 47
80. D. Ferraiolo, R. Sandhu, S. Gavrila, D. Kuhn, and R. Chandramouli Proposed NIST standard for role-based acces control ACM Trans. Inform. Syst. Security 4 2001 224 274
81. E. Bertino, E. Ferrari, and V. Atluri A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems Proceedings of the 2nd ACM Workshop on Role-based Access Control 1997 ACM Fairfax, Virginia, United States 1 12
82. S. Oh, and S. Park Task-role-based access control model Information Systems 28 2003 533 562
83. S. Kandala, R. Sandhu, Secure role-based workflow models, in: Proceedings of the 15th IFIP TC11/WG11.3 Annual Working Conference on Database and Application Security, vol. XV, 2002, pp. 45-58.
84. D. Domingos, A. Rito-Silva, and P. Veiga Authorization and access control in adaptive workflows Proceedings of the 8th European Symposium on Research in Computer Security (ESORICS) 2003 Springer 23 38
85. M. Leitner, S. Rinderle-Ma, and J. Mangler AW-RBAC: access control in adaptive workflow systems Proceedings of the 6th International Conference on Availability, Reliability and Security (ARES) 2011 IEEE 27 34
86. R.K. Thomas, and R.S. Sandhu Towards a task-based paradigm for flexible and adaptable access control in distributed applications Proceedings on the 1992-1993 Workshop on New Security Paradigms 1993 ACM 138 142
87. R. Thomas, R. Sandhu, Conceptual foundations for a model of task-based authorizations, in: Proceedings of the 7th Computer Security Foundations Workshop (CSFW), 1994, pp. 66 -79.
88. R.K. Thomas, and R.S. Sandhu Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented autorization management Proceedings of the IFIP TC11 WG11.3 11th International Conference on Database Securty XI: Status and Prospects 1998 Chapman & Hall, Ltd. 166 181
89. V. Atluri, and W.-K. Huang Enforcing mandatory and discretionary security in workflow management systems J. Comput. Security 5 1997 303 339
90. V. Atluri, W.-k. Huang, and E. Bertino A semantic based execution model for multilevel secure workflows J. Comput. Security 8 2000 3 41
91. M. Kang, J. Froscher, A. Sheth, K. Kochut, J. Miller, A multilevel secure workflow management system, in: Proceedings of the 11th International Conference on Advanced Information Systems Engineering (CAISE), 1999, pp. 271-285.
92. V. Atluri, S.A. Chun, and P. Mazzoleni Chinese wall security for decentralized workflow management systems J. Comput. Security 12 2004 799 840
93. J. Wainer, A. Kumar, and P. Barthelmess DW-RBAC: a formal security model of delegation and revocation in workflow systems Inform. Syst. 32 2007 365 384
94. K. Gaaloul, A. Schaad, U. Flegel, and F. Charoy A secure task delegation model for workflows International Conference on Emerging Security Information, Systems, and Technologies (SECURWARE) 2008 IEEE Computer Society Los Alamitos, CA, USA 10 15
95. M. Ahsant, and J. Basney Workflows in dynamic and restricted delegation Proceedings of the 4th International Conference on Availability, Reliability and Security (ARES) 2009 IEEE Computer Society 17 24
96. K. Hasebe, and M. Mabuchi Capability-role-based delegation in workflow systems Proceedings of the 8th IEEE/IFIP International Conference on Embedded and Ubiquitous Computing (EUC) 2010 IEEE Computer Society Los Alamitos, CA, USA 711 717
97. J. Crampton, and H. Khambhammettu Delegation in role-based access control Int. J. Inform. Security 7 2008 123 136
98. M.H. Kang, J.S. Park, and J.N. Froscher Access control mechanisms for inter-organizational workflow Proceedings of the sixth ACM Symposium on Access Control Models and Technologies (SACMAT) 2001 ACM New York, NY, USA 66 74
99. A. Abou El Kalam, S. Benferhat, A. Miége, R.E. Baida, F. Cuppens, C. Saurel, P. Balbiani, Y. Deswarte, and G. Trouessin Organization based access control Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY) 2003 IEEE Computer Society Los Alamitos, CA, USA 120 131
100. S. Ayed, N. Cuppens-Boulahia, and F. Cuppens Managing access and flow control requirements in distributed workflows Proceedings of the ACS/IEEE International Conference on Computer Systems and Applications (AICCSA) 2008 IEEE Computer Society Los Alamitos, CA, USA 702 710
101. M. Alam, M. Hafner, and R. Breu Constraint based role based access control in the SECTET-framework a model-driven approach J. Comput. Security 16 2008 223 260
102. A. Schaad, K. Sohr, and M. Drouineaud A workflow-based model-checking approach to inter- and intra-analysis of organisational controls in service-oriented business processes J. Inform. Assurance Security 2 2007
103. E. Bertino, E. Ferrari, and V. Atluri The specification and enforcement of authorization constraints in workflow management systems ACM Trans. Inform. Syst. Security 2 1999 65 104
104. M. Strembeck, and J. Mendling Generic algorithms for consistency checking of mutual-exclusion and binding constraints in a business process context Proceedings of the 18th International Conference on Cooperative Information Systems (CoopIS) Lecture Notes in Computer Science vol. 6426 2010 Springer 204 221
105. R.A. Botha, and J.H.P. Eloff Separation of duties for access control enforcement in workflow environments IBM Syst. J. 40 2001 666 682
106. F. Casati, S. Castano, and M.G. Fugini Managing workflow authorization constraints through active database technology Inform. Syst. Front. 3 2001 319 338
107. Q. Wang, and N. Li Satisfiability and resiliency in workflow authorization systems ACM Trans. Inform. Syst. Security (TISSEC) 13 2010 40:1 40:35
108. J. Crampton, and H. Khambhammettu Delegation and satisfiability in workflow systems Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT) 2008 ACM Estes Park, CO, USA 31 40
109. A. Awad, M. Weidlich, and M. Weske Specification, verification and explanation of violation for data aware compliance rules Service-Oriented Computing Lecture Notes in Computer Science vol. 5900 2009 Springer 500 515
110. S. Rinderle-Ma, J. Mangler, Integration of process constraints from heterogeneous sources in process-aware information systems, in: M. Nüttgens, O. Thomas, B. Weber (Eds.), Enterprise Modelling and Information Systems Architectures (EMISA 2011), Lecture Notes in Informatics (LNI), GI, vol. P-190, 2011, pp. 51-64.
111. D. Knuplesch, L.T. Ly, S. Rinderle-Ma, H. Pfeifer, and P. Dadam On enabling data-aware compliance checking of business process models J. Parsons, M. Saeki, P. Shoval, C. Woo, Y. Wand, Conceptual Modeling - ER 2010 Lecture Notes in Computer Science vol. 6412 2010 Springer 332 346
112. J. Warner, and V. Atluri Inter-instance authorization constraints for secure workflow management Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT), SACMAT '06 2006 ACM New York, NY, USA 190 199
113. M. Leitner, J. Mangler, and S. Rinderle-Ma Definition and enactment of instance-spanning process constraints X.S. Wang, I. Cruz, A. Delis, G. Huang, Proceedings of the 13th International Conference on Web Information Systems Engineering (WISE) Lecture Notes in Computer Science 2012 Springer 652 658
114. S. Sadiq, G. Governatori, and K. Namiri Modeling control objectives for business process compliance Proceedings of the 5th International Conference on Business Process Management (BPM) Lecture Notes in Computer Science vol. 4714 2007 Springer 149 164
115. L.T. Ly, S. Rinderle-Ma, K. Göser, and P. Dadam On enabling integrated process compliance with semantic constraints in process management systems - requirements, challenges, solutions Inform. Syst. Front. 14 2012 195 219
116. S.W. Sadiq, M.E. Orlowska, and W. Sadiq Specification and validation of process constraints for flexible workflows Inform. Syst. 30 2005 349 378
117. W.M.P. van der Aalst Process Mining: Discovery, Conformance and Enhancement of Business Processes 2011 Springer
118. L.T. Ly, S. Rinderle, and P. Dadam Integration and verification of semantic constraints in adaptive process management systems Data Knowl. Eng. 64 2008 3 23
119. C. Ribeiro, and P. Guedes Verifying workflow processes against organization security policies Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises (WETICE) 1999 IEEE Computer Society 190 191
120. K. Tan, J. Crampton, and C.A. Gunter The consistency of task-based authorization constraints in workflow systems Proceedings of the 17th IEEE Workshop on Computer Security Foundations 2004 IEEE Computer Society 155
121. M. Kohler, and A. Schaad Avoiding policy-based deadlocks in business processes Proceedings of the 3rd International Conference on Availability, Reliability and Security (ARES) 2008 IEEE Computer Society 709 716
122. M. Makni, S. Tata, M. Yeddes, and N. Ben Hadj-Alouane Satisfaction and coherence of deadline constraints in inter-organizational workflows Proceedings of the 18th International Conference on Cooperative Information Systems (CoopIS) Lecture Notes in Computer Science vol. 6426 2010 Springer 523 539
123. S. Schefer, M. Strembeck, J. Mendling, and A. Baumgrass Detecting and resolving conflicts of mutual-exclusion and binding constraints in a business process context Proceedings of the 19th International Conference on Cooperative Information Systems (CoopIS) Lecture Notes in Computer Science (LNCS) vol. 7044 2011 Springer Crete, Greece 329 346
124. K. Barkaoui, B. Ayed, H. Boucheneb, A. Hicheur, Verification of workflow processes under multilevel security considerations, in: Proceedings of the 3rd International Conference on Risks and Security of Internet and Systems (CRiSIS), 2008, pp. 77-84.
125. A. Schaad, V. Lotz, and K. Sohr A model-checking approach to analysing organisational controls in a loan origination process Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies SACMAT '06 2006 ACM New York, NY, USA 139 149
126. M. Barletta, S. Ranise, and L. Viganó Verifying the interplay of authorization policies and workflow in service-oriented architectures Proceedings of the IEEE International Conference on Computational Science and Engineering (CSE) vol. 3 2009 IEEE Computer Society Los Alamitos, CA, USA 289 296
127. A. Armando, and S. Ponta Model checking of security-sensitive business processes Proceedings of the 6th International Workshop on Formal Aspects in Security and Trust (FAST) Lecture Notes in Computer Science vol. 5983 2010 Springer 66 80
128. M. Pesic, and W.M.P. van der Aalst A declarative approach for flexible business processes management J. Eder, S. Dustdar, Proceedings of the Business Process Management Workshops Lecture Notes in Computer Science vol. 4103 2006 Springer 169 180
129. M. Alberti, F. Chesani, M. Gavanelli, E. Lamma, P. Mello, M. Montali, P. Torroni, Expressing and verifying business contracts with abductive, in: G. Boella, L.v.d. Torre, H. Verhagen (Eds.), Normative Multi-agent Systems, Dagstuhl Seminar Proceedings, Internationales Begegnungs- und Forschungszentrum f++r Informatik (IBFI), Schloss Dagstuhl, Germany, Dagstuhl, Germany, 2007, pp. 1-29.
130. M. Montali, F.M. Maggi, F. Chesani, P. Mello, W.M.P. van der Aalst, Monitoring Business Constraints with the Event Calculus, DEIS DEIS-LIA-002-11, Universita degli Studi di Bologna, 2011.
131. A. Awad, and M. Weske Visualization of compliance violation in business process models Proceedings of the Business Process Management Workshops Lecture Notes in Business Information Processing vol. 43 2009 Springer 182 193
132. M. Weidlich, H. Ziekow, J. Mendling, O. G++nther, M. Weske, and N. Desai Event-based monitoring of process execution violations Proceedings of the 9th International Conference on Business Process Management (BPM) vol. 6896 2011 Springer 182 198
133. J. Eder, J. Mangler, E. Mussi, B. Pernici, Using stateful activities to facilitate monitoring and repair in workflow choreographies, in: Proceedings of the International Workshop on Self Healing Web Services, Congress on Services - I, 2009, pp. 219-226.
134. F. Bezerra, J. Wainer, Anomaly detection algorithms in business process logs, in: Proceedings of the 10th International Conference on Enterprise Information Systems (ICEIS), volume AIDSS, Barcelona, Spain, 2008, p. 11-18.
135. F. Bezerra, J. Wainer, and W.M.P. van der Aalst Anomaly detection using process mining Proceedings of the 10th Workshop on Business Process Modeling, Development, and Support (BPMDS) Lecture Notes in Business Information Processing vol. 29 2009 Springer 149 161
136. W.M.P. van der Aalst, M. Dumas, C. Ouyang, A. Rozinat, and E. Verbeek Conformance checking of service behavior ACM Trans. Internet Technol. 8 2008 1 30
137. A. Baumgrass, T. Baier, J. Mendling, and M. Strembeck Conformance checking of RBAC policies in process-aware information systems Proceedings of the Business Process Management Workshops Lecture Notes in Business Information Processing vol. 100 2011 Springer 435 446
138. R. Accorsi, and C. Wonnemann Auditing workflow executions against dataflow policies Proceedings of the 13th International Conference on Business Information Systems (BIS) Lecture Notes in Business Information Processing vol. 47 2010 Springer 207 217
139. R. Accorsi, and T. Stocker On the exploitation of process mining for security audits: the conformance checking case Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC), SAC '12 2012 ACM New York, NY, USA 1709 1716
140. M. Song, and W.M.P. van der Aalst Towards comprehensive support for organizational mining Decis. Support Syst. 46 2008 300 317
141. L. Ly, S. Rinderle, P. Dadam, and M. Reichert Mining staff assignment rules from event-based data Business Process Management Workshops Lecture Notes in Computer Science vol. 3812 2005 Springer 177 190
142. M. Leitner, A. Baumgrass, S. Schefer-Wenzl, S. Rinderle-Ma, and M. Strembeck A case study on the suitability of process mining to produce current-state RBAC model Proceedings of the Business Process Management Workshops Lecture Notes in Business Information Processing vol. 132 2012 Springer Tallinn, Estonia 719 724
143. M. Leitner Delta analysis of role-based access control models Proceedings of the 14th International Conference on Computer Aided Systems Theory (EUROCAST 2013) Lecture Notes in Computer Science vol. 8111 2013 Springer 507 514
144. F. Curbera, Y. Doganata, A. Martens, N. Mukhi, and A. Slominski Business provenance - a technology to increase traceability of end-to-end operations Proceedings of the 16th International Conference on Cooperative Information Systems (CoopIS) Lecture Notes in Computer Science vol. 5331 2008 Springer 100 119
145. Y. Doganata, and F. Curbera Effect of using automated auditing tools on detecting compliance failures in unmanaged processes Proceedings of the 7th International Conference on Business Process Management Lecture Notes in Computer Science vol. 5701 2009 Springer 310 326
146. J. Eder, and W. Liebhart Workflow recovery Proceedings of the 1st IFCIS International Conference on Cooperative Information Systems (CoopIS) 1996 IEEE Computer Society Brussels, Belgium 124 134
147. N. Russell, W. van der Aalst, and A. Hofstede Workflow exception patterns Proceedings of the 18th International Conference on Advanced Information Systems Engineering (CAiSE) Lecture Notes in Computer Science vol. 4001 2006 Springer 288 302
148. F. Casati, S. Ceri, S. Paraboschi, and G. Pozzi Specification and implementation of exceptions in workflow management systems ACM Trans. Database Syst. (TODS) 24 1999 405 451
149. C. Hagen, and G. Alonso Exception handling in workflow management systems IEEE Trans. Software Eng. 26 2000 943 958
150. J. Eder, and M. Lehmann Workflow data guards Proceedings of the 13th International Conference on Cooperative Information Systems (CoopIS) Lecture Notes in Computer Science vol. 3760 2005 Springer 502 519
151. S. Nepal, A. Fekete, P. Greenfield, J. Jang, D. Kuo, and T. Shi A service-oriented workflow language for robust interacting applications Proceedings of the 13th International Conference on Cooperative Information Systems (CoopIS) Lecture Notes in Computer Science vol. 3760 2005 Springer 40 58
152. J. Tang, and S.-Y. Hwang A scheme to specify and implement ad-hoc recovery in workflow systems H.-J. Schek, G. Alonso, F. Saltor, I. Ramos, Proceedings of the 6th International Conference on Extending Database Technology (EDBT) Lecture Notes in Computer Science vol. 1377 1998 Springer 484 498
153. R. Hamadi, and B. Benatallah Recovery nets: towards self-adaptive workflow systems Proceedings of the 5th International Conference on Web Information Systems Engineering (WISE) vol. 3306 2004 Springer 439 453
154. C. Fung, P. Hung, System recovery through dynamic regeneration of workflow specification, in: Proceedings of the 8th IEEE International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC), 2005, pp. 149-156.
155. C. Fung, P. Hung, W. Kearns, S. Uczekaj, Dynamic regeneration of workflow specification with access control requirements in MANET, in: Proceedings of the International Conference on Web Services (ICWS), 2006, pp. 761-769.
156. M. Yu, P. Liu, and W. Zang The implementation and evaluation of a recovery system for workflows J. Network Comput. Appl. 32 2009 158 183
157. Y. Zhu, T. Xin, and I. Ray Recovering from malicious attacks in workflow systems K.V. Andersen, J. Debenham, R. Wagner, Proceedings of the 16th International Conference on Database and Expert Systems Applications (DEXA) Lecture Notes in Computer Science vol. 3588 2005 Springer 14 23
158. I. Ray, T. Xin, and Y. Zhu Ensuring task dependencies during workflow recovery F. Galindo, M. Takizawa, R. TraunMüller, Proceedings of the 15th International Conference on Database and Expert Systems Applications (DEXA) Lecture Notes in Computer Science vol. 3180 2004 Springer 24 33
159. E. Bertino, L. Martino, F. Paci, and A. Squicciarini Security for Web Services and Service-Oriented Architectures 2010 Springer
160. J. Mendling, K. Ploesser, and M. Strembeck Specifying separation of duty constraints in BPEL4People processes Proceedings of the 11th International Conference on Business Information Systems (BIS) Lecture Notes in Business Information Processing vol. 7 2008 Springer 273 284
161. J. Thomas, F. Paci, E. Bertino, and P. Eugster User tasks and access control over web services Proceedings of the IEEE International Conference on Web Services (ICWS) 2007 IEEE Computer Society Los Alamitos, CA, USA 60 69
162. E. Bertino, J. Crampton, and F. Paci Access control and authorization constraints for WS-BPEL Proceedings of the 13th IEEE International Conference on Web Services (ICWS) 2006 IEEE Computer Society Los Alamitos, CA, USA 275 284
163. H. Koshutanski, and F. Massacci An access control framework for business processes for web services Proceedings of the 2003 ACM workshop on XML security, XMLSEC '03 2003 ACM New York, NY, USA 15 24
164. H. Koshutanski, and F. Massacci Interactive access control for web services Y. Deswarte, F. Cuppens, S. Jajodia, L. Wang, Security and protection in information processing systems IFIP International Federation for Information Processing vol. 147 2004 Springer US 150 166
165. B. Carminati, E. Ferrari, and P.C.K. Hung Security conscious web service composition Proceedings of the IEEE International Conference on Web Services (ICWS) 2006 IEEE Computer Society Los Alamitos, CA, USA 489 496
166. C. Rudolph, N. Kuntze, and Z. Velikova Secure web service workflow execution Electro. Notes Theor. Comput. Sci. (ENTCS) 236 2009 33 46
167. M. Altunay, D. Brown, G. Byrd, and R. Dean Trust-based secure workflow path construction B. Benatallah, F. Casati, P. Traverso, Proceedings of the 3rd International Conference on Service-Oriented Computing (ICSOC) Lecture Notes in Computer Science vol. 3826 2005 Springer 382 395
168. I. Chebbi, and S. Tata CoopFlow: a framework for inter-organizational workflow cooperation Proceedings of the 13th International Conference on Cooperative Information Systems (CoopIS) Lecture Notes in Computer Science vol. 3760 2005 Springer 112 129
169. M. Hafner, R. Breu, B. Agreiter, and A. Nowak Sectet: an extensible framework for the realization of secure inter-organizational workflows Internet Res. 16 2006 491 506
170. M. Hafner, M. Memon, and R. Breu SeAAS-A reference architecture for security services in SOA J. Universal Comput. Sci. 15 2009 2916 2936
171. L. Lowis, and R. Accorsi Vulnerability analysis in SOA-Based business processes IEEE Trans. Serv. Comput. 4 2011 230 242
172. M. Jensen, N. Gruschka, R. Herkenhöner, and N. Luttenberger SOA and web services: new technologies, new standards - new attacks Proceedings of the 5th IEEE European Conference on Web Services (ECOWS) 2007 IEEE Computer Society 35 44
173. M. Jensen, N. Gruschka, and R. Herkenhöner A survey of attacks on web services Comput. Sci. - Res. Develop. 24 2009 185 197
174. N. Gruschka, M. Jensen, N. Luttenberger, A stateful web service firewall for BPEL, in: Proceedings of the IEEE International Conference on Web Services (ICWS), Salt Lake City, UT, USA, 2007, pp. 142-149.
175. W.-K. Huang, and V. Atluri SecureFlow: a secure web-enabled workflow management system Proceedings of the 4th ACM Workshop on Role-based Access Control 1999 ACM Fairfax, Virginia, United States 83 94
176. J. Wainer, F. Bezerra, and P. Barthelmess Tucupi: a flexible workflow system based on overridable constraints Proceedings of the 2004 ACM Symposium on Applied Computing, SAC '04 2004 ACM New York, NY, USA 498 502
177. C. Payne, D. Thomsen, J. Bogle, and R. O'Brien Napoleon: a recipe for workflow Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC) 1999 IEEE Computer Society Los Alamitos, CA, USA 134 142
178. Y. Sun, X. Meng, S. Liu, and P. Pan Flexible workflow incorporated with RBAC W. Shen, K.-M. Chao, Z. Lin, J.-P. Barthŕs, A. James, Proceedings of the 9th International Conference on Computer Supported Cooperative Work in Design II Lecture Notes in Computer Science vol. 3865 2006 Springer 525 534
179. G. Russello, C. Dong, and N. Dulay Consent-based workflows for healthcare management Proceedings of the 9th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY) 2008 IEEE Computer Society Los Alamitos, CA, USA 153 161
180. G. Russello, C. Dong, and N. Dulay A workflow-based access control framework for e-health applications Proceedings of the 22nd International Conference on Advanced Information Networking and Applications Workshops 2008 IEEE Computer Society Los Alamitos, CA, USA 111 120
181. P.C.K. Hung, and K. Karlapalem Secure disconnected agent interaction for electronic commerce activities using CapBasED-AMS Information Technology and Management 3 2002 329 351
182. M. Olivier, and E. Gudes Wrappers - a mechanism to support state-based authorisation in web applications Data Knowl. Eng. 43 2002 281 292
183. E. Gudes, and A. Tubman AutoWF: a secure web workflow system using autonomous objects Data Knowl. Eng. 43 2002 1 27
184. D.L. Moody Theoretical and practical issues in evaluating the quality of conceptual models: current state and future directions Data Knowl. Eng. 55 2005 243 276
185. K.A. Scarfone, M.P. Souppaya, A. Cody, A.D. Orebaugh, SP 800-115. Technical Guide to Information Security Testing and Assessment, Technical Report, National Institute of Standards & Technology, Gaithersburg, MD, United States, 2008.
186. S. Schefer, and M. Strembeck Modeling support for delegating roles, tasks, and duties in a process-related RBAC context Proceedings of the Advanced Information Systems Engineering Workshops - CAiSE 2011 International Workshop vol. 83 2011 Springer 660 667
187. R. Khoury, and N. Tawbi Corrective enforcement: a new paradigm of security policy enforcement by monitors ACM Trans. Inform. Syst. Security (TISSEC) 15 2012 10:1 10:27
188. G.L. Orgill, G.W. Romney, M.G. Bailey, and P.M. Orgill The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems Proceedings of the 5th Conference on Information Technology Education, CITC5 '04 2004 ACM New York, NY, USA 177 181
189. M.E. Whitman, and H.J. Mattord Principles of Information Security 2011 Cengage Learning
190. M. Leitner, M. Miller, and S. Rinderle-Ma An analysis and evaluation of security aspects in the business process model and notation Proceedings of the 8th International Conference on Availability, Reliability and Security (ARES) 2013 IEEE Regensburg, Germany 262 267
191. M. Leitner, S. Schefer-Wenzl, S. Rinderle-Ma, and M. Strembeck An experimental study on the design and modeling of security concepts in business processes Proceedings of the 6th IFIP WG 8.1 Working Conference on the Practice of Enterprice Modeling (PoEM) 2013 Springer Riga, Latvia 236 250
192. L. Fuchs, G. Pernul, and R. Sandhu Roles in information security - a survey and classification of the research area Comput. Security 30 2011 748 769
193. W.M.P. van der Aalst, A.H.M. ter Hofstede, B. Kiepuszewski, and A.P. Barros Workflow patterns Distribut. Parall. Databases 14 2003 5 51
194. B. Weber, M. Reichert, and S. Rinderle-Ma Change patterns and change support features - enhancing flexibility in process-aware information systems Data Knowl. Eng. 66 2008 438 466