Business Process Compliance via Security Validation as a Service

Abstract

Abstract—Modern enterprise systems are often processbased, i. e., they allow for the direct execution of business processes that are specified in a high-level language such as BPMN. In this paper, we present a service, called Security Validation as a Service (SVaaS) for validating the compliance of the business processes during design-time. Basically, while modeling a business process the business analyst specifies as well the security and compliance requirements the business process should comply to. By pressing a button, these requirements are validated and the results are presented in a graphical format to the business analysis. At the core of SVaaS lies a rigorous and industrially viable approach in which the security validation business logic is handled server-side (SVaaS Server) in the Cloud, while the clientside user interface that business analysts use is handled by a light-weight SVaaS Connector. As proof-of-concept we created a SVaaS prototype in which the SVaaS Server is deployed on the SAP NetWeaver Cloud and two SVaaS Connectors are built to enable two well-known BPMN tools, SAP NetWeaver BPM and Activiti, to consume SVaaS against industrial relevant business processes. Keywords-Validation, Security, Business Process Management I