Affiliation:
1. 1 Institute of Computer Science and Social Studies, Freiburg im Breisgau
2. 2 AristaFlow GmbH, Neu-Ulm
Abstract
Abstract
This paper reports on approaches and tool support for security
and compliance analysis of executable business processes,
so-called workflows, employed in the GESINE project. Specifically,
focusing on the business layer and the corresponding workflow
entities along the business process management lifecycle (i. e.,
workflow model, instance and event log), the techniques reported
on in this paper cover the design time, run time and audit time
analysis. Their goal is to verify the adherence to security
requirements, such as the four-eyes principle and separation and
binding of duties. Altogether, the complementary techniques
described in this paper enable a holistic approach to ensure the
security of workflows.