Time patterns for process-aware information systems

Companies increasingly adopt process-aware information systems (PAISs) due to their promising perspectives for improved business process support. Although the proper handling of temporal constraints is crucial in this context, existing PAISs vary significantly regarding their support of the temporal perspective of a business process. To make PAISs comparable with respect to their ability to deal with temporal constraints and to facilitate the development of a time-aware PAIS, this paper suggests 10 time patterns. All patterns are based on empirical evidence we gathered in case studies. Additionally, they are validated through a systematic literature review. Based on the time patterns, we then provide an in-depth evaluation of selected PAISs and academic approaches. Altogether, the 10 time patterns will not only facilitate the selection of technologies for realizing time- and process-aware information systems but can also be used as reference for implementing time support in PAISs

Composition and Declassification in Possibilistic Information Flow Security

Formal methods for security can rule out whole classes of security vulnerabilities, but applying them in practice remains challenging. This thesis develops formal verification techniques for information flow security that combine the expressivity and scalability strengths of existing frameworks. It builds upon Bounded Deducibility (BD) Security, which allows specifying and verifying fine-grained policies about what information may flow when to whom. Our main technical result is a compositionality theorem for BD Security, providing scalability by allowing us to verify security properties of a large system by verifying smaller components. Its practical utility is illustrated by a case study of verifying confidentiality properties of a distributed social media platform. Moreover, we discuss its use for the modular development of secure workflow systems, and for the security-preserving enforcement of safety and security properties other than information flow control