Telematik IIG Uni Freiburg

WfSAC: BPM Workshop on Workflow Security Audit and Certification

Keynotes and Final Programm
Topics and guidelines
Proceedings
Committees
CFP as PDF

Despite the growing demand for compliant business processes, security and privacy incidents caused by flawed workflow specifications are still soaring. Certification as a means to provably attest workflows' adherence to security properties and auditing to detect violations happening at runtime are essential instruments to achieve reliably secure process-aware information systems. WfSAC as a BPM related workshop organized by the Business Process Security group (BPSec) brings together researchers working on well-founded methods for workflow security audit and certification and industry applying these methods in practical cases. WfSAC welcomes contributions with a multidisciplinary character, such as economic, legal, and standardization aspects.

Keynotes

- Academic talk: Ernesto Damiani (University Milan) - Towards the Certification of Services.

- Industrial talk: Mieke Jans (Hasselt U and Deloitte) - Process Mining in Auditing: From Current Limitations to Future Challenges

 

Programm

8:00-9:00

Continental breakfast

9:00-10:30

Slot 1 (Chair: Rafael Accorsi)

                   9:00-9:05

Workshop opening

                   9:05-10:05

Keynote Ernesto Damiani (Milan U): Towards the certification of Services

                   10:05-10:35

Klaus Haller: Data-Privacy Assessments for Application Landscapes: A Methodology

10:35-11:00

Coffee break

11:00-12:30

Slot 2 (Chair: Dirk Fahland) 

                   11:00-11:30

Jason Crampton and Michael Huth: On the Modeling and Verification of Security-Aware and Process-Aware Information Systems

                   11:30-12:00

Samuel Burri and Guenter Karjoth: Flexible Scoping of Authorization Constraints on Workflows with Loops and Parallelism

                   12:00-12:30

Anne Baumgrass Thomas Baier, Jan Mendling and Mark Strembeck: Conformance Checking of RBAC Policies in Process-Aware Information Systems

12:30-14:00

Lunch break

14:00-15:30

Slot 3 (Chair: Wil van der Aalst)

                   14:00-15:00

Keynote Dr. Mieke Jans (Hasselt U / Deloitte): Process Mining in Auditing: From Current Limitations to Future Challenges

                   15:00-15:30

Eduardo Portela Santos, Agnelo Vieira, Rosemary Francisco, Eduardo Rocha Loures and Marco Busetti: Modeling Business Rules for Supervisory Control of Process-Aware Information Systems

15:30-16:00

Coffee break

16:00-17:10

Slot 4 (Chair: Rafael Accorsi)

                   16:00-16:20

Elham Ramezani, Dirk Fahland, Jan Martijn Van Der Werf and Peter Mattheis: Separating Compliance Management and Business Process Management

                  16:00-16:40

Sigrid Schefer, Mark Strembeck and Jan Mendling: Checking the Satisfiability of Binding Constraints in a Business Process Context

                  16:40-17:00

Thomas Stocker: Time-based Trace Clustering for Evolution-aware Security Audits

                   17:00-17:10

Workshop closing

 

Topics of interest and submission guidelines

Accountability Formalization of security requirements
Access and usage control
 Information flow control
Audit reduction
 Large-scale auditing
Automated security analysis
 Log-formats and security
Behavioral workflow analysis
 Meta-models for analysis
Business provenance
 Practical experiences
Case studies
 Process mining and reconstruction
Certification and audit standards
 Workflow forensics
Continuous audit
 Workflow redesign
Elicitation of requirements
 Workflow similarity
Economic and legal aspects
 Workflow transformation

Submitted manuscripts must be written in English and be no longer than 12 pages. They must be anonymous and comply with the Lecture Notes in Computer Science (LNCS) format and submitted to as a PDF file to the easychair website. Submissions will be reviewed by three PC members based on their originality, significance, technical soundness and clarity of exposition. Submitted manuscripts must not substantially overlap manuscripts that have been published or that are simultaneously submitted to a conference with proceedings or a journal.

Important dates

  • Submission deadline: May 31, 2011
  • Notification of acceptance: July 1, 2011
  • Camera-ready version (pre-proceedings): July 21, 2011
  • Workshop date: August 29, 2011
  • Revised versions for LNCS: September 24, 2011.

 

Proceedings

All accepted papers will be published as post-proceedings in Springer’s Lecture Notes in Computer Science (LNCS).

Organizing committee

Preliminary program committee

  • Achim Brucker (SAP Labs, DE)
  • Fabio Casati (Trento U, IT)
  • Jason Crampton (London U, UK)
  • Isao Echizen (NII, JP)
  • Aditya Ghose (Wollongong U, AU)
  • Jana Koehler (Lucerne HS, CH)
  • Niels Lohmann (Rostock U, DE)
  • Heiko Ludwig (IBM Research, US)
  • Alexander Maedche (Mannheim U, DE)
  • Raimundas Matulevicius (Tartu U, EE)
  • Birgit Pfitzmann (IBM Research, US)
  • Silvio Ranise (FBK, IT)
  • Stefanie Rinderle-Ma (Vienna U, AT)
  • Shazia Sadiq (Queensland U, AU)
  • Pierangela Samarati (Milan U, IT)
  • Christian Schlaeger (Ernst & Young, DE)
  • Steffen Staab (Koblenz U, DE)
  • Thomas Stocker (Freiburg U, DE)
  • Barbara Weber (Innsbruck U, AT)
  • Jan Martijn van der Werf (Eindhoven TU, NL)
  • Nicola Zannone (Eindhoven TU, NL)
AnhangGröße
CFP.pdf325.14 KB