18.08.13 - 23.08.13, Seminar 13341

Verifiably Secure Process-Aware Information Systems

The following text appeared on our web pages prior to the seminar, and was included as part of the invitation.

Motivation

Business processes play a major role in many commercial software systems and are of considerable interest to the research communities in Software Engineering, and Information and System Security. A process-aware information system provides support for the specification, execution, monitoring and auditing of intra- as well as cross-organizational business processes. This requires, on the one hand, strong security and compliance guarantees; on the other, these guarantees must be substantiated by formal methods ensuring a verifiably secure business process enactment. At this interface, many additional and practically relevant research questions can be asked, and their answers are bound to have impact in academia and industry alike. Relatively little work has been done, however, on adapting or creating new formal methods with which one can check that processes are compliant with rules, preserve demanded privacy constraints, and enforce desired security policies at the same time.

The seminar is dedicated to probing the central problems of this area, such as:

  • How to ensure legal compliance of flexible, evolving business processes and their management in a verifiable and cost-effective manner?
  • How to support collaborative platforms and products whilst still ensuring the appropriate security and privacy of collaboration partners?
  • How to support resiliency, robustness and traceability in the (remote) execution of business processes?
  • How to reliably and predictably compose existing business processes in order to realize opportunistic and short-term services?

Those questions will be discussed at the seminar by participants from various research and application areas, including Petri Nets, Business Process Modeling, Workflow Management, Process Mining, Software and Information System Engineering, and Security and Formal Methods. The seminar's strategic objectives are to act as a means of identifying shared problems, to provide opportunities for transferring knowledge and tools, and to serve as an incubator for sustained collaborations across these communities in the form of writing scientific papers and research proposals and, ultimately, the management of funded research projects.