{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,14]],"date-time":"2025-06-14T04:03:39Z","timestamp":1749873819137,"version":"3.41.0"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031949302","type":"print"},{"value":"9783031949319","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-94931-9_29","type":"book-chapter","created":{"date-parts":[[2025,6,13]],"date-time":"2025-06-13T05:44:30Z","timestamp":1749793470000},"page":"355-367","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Explaining the\u00a0Compliance of\u00a0Security Policies for\u00a0GDPR in\u00a0Business Processes"],"prefix":"10.1007","author":[{"given":"Jos\u00e9 Luis","family":"Cobo-Ariza","sequence":"first","affiliation":[]},{"given":"Joaqu\u00edn","family":"Arregui","sequence":"additional","affiliation":[]},{"given":"Antonia M. Reina","family":"Quintero","sequence":"additional","affiliation":[]},{"given":"\u00c1ngel Jes\u00fas","family":"Varela-Vaca","sequence":"additional","affiliation":[]},{"given":"Mar\u00eda Teresa","family":"G\u00f3mez-L\u00f3pez","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,6,14]]},"reference":[{"key":"29_CR1","doi-asserted-by":"crossref","unstructured":"Almeida Teixeira, G., Mira da Silva, M., Pereira, R.: The critical success factors of GDPR implementation: a systematic literature review. Digit. Policy, Regul. Gov. 21(4), 402\u2013418 (2019)","DOI":"10.1108\/DPRG-01-2019-0007"},{"key":"29_CR2","doi-asserted-by":"crossref","unstructured":"Varela-Vaca, \u00c1.J., G\u00f3mez-L\u00f3pez, M.T.,\u00a0Zamora, Y.M.,\u00a0Gasca, R.M.: Business process models and simulation to enable GDPR compliance. Int. J. Inf. Secur. 24(1), 1\u201321 (2025)","DOI":"10.1007\/s10207-024-00952-7"},{"key":"29_CR3","doi-asserted-by":"publisher","unstructured":"Basin, D., Debois, S., Hildebrandt, T.: On purpose and by necessity: compliance under the GDPR. In: Meiklejohn, S., Sako, K. (eds.) FC 2018. LNCS, vol. 10957, pp. 20\u201337. Springer, Heidelberg (2018). https:\/\/doi.org\/10.1007\/978-3-662-58387-6_2","DOI":"10.1007\/978-3-662-58387-6_2"},{"key":"29_CR4","doi-asserted-by":"crossref","unstructured":"Baumgrass, A., Baier, T., Mendling, J., Strembeck, M.: Conformance checking of RBAC policies in process-aware information systems. In: Business Process Management orkshops - BPM 2011 International Workshops, Clermont-Ferrand, France, August 29, 2011, Revised Selected Papers, Part II, volume 100 of Lecture Notes in Business Information Processing, pp. 435\u2013446. Springer (2011)","DOI":"10.1007\/978-3-642-28115-0_41"},{"key":"29_CR5","doi-asserted-by":"crossref","unstructured":"Sandhu, R., Park, J.: Usage control: a vision for next generation access control. Comput. Netw. Secur., 17\u201331 (2003)","DOI":"10.1007\/978-3-540-45215-7_2"},{"key":"29_CR6","doi-asserted-by":"crossref","unstructured":"Brunel, J., Cuppens, F., Cuppens, N., Sans, T., Bodeveix, J.-P.: Security policy compliance with violation management. In: Proceedings of the 2007 ACM Workshop on Formal Methods in Security Engineering, pp. 31\u201340 (2007)","DOI":"10.1145\/1314436.1314441"},{"key":"29_CR7","doi-asserted-by":"crossref","unstructured":"M\u00fcller, G., Accorsi, R.: Why are business processes not secure? In: Number Theory and Cryptography - Papers in Honor of Johannes Buchmann on the Occasion of His 60th Birthday, pp. 240\u2013254 (2013)","DOI":"10.1007\/978-3-642-42001-6_17"},{"issue":"3","key":"29_CR8","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1016\/j.infsof.2013.12.004","volume":"56","author":"M Leitner","year":"2014","unstructured":"Leitner, M., Rinderle-Ma, S.: A systematic review on security in process-aware information systems - constitution, challenges, and future directions. Inf. Softw. Technol. 56(3), 273\u2013293 (2014)","journal-title":"Inf. Softw. Technol."},{"key":"29_CR9","doi-asserted-by":"crossref","unstructured":"Vidgof, M., Bachhofner, S., Mendling, J.: Large language models for business process management: opportunities and challenges. In: Business Process Management Forum - BPM 2023, volume 490 of Lecture Notes in Business Information Processing, pp. 107\u2013123. Springer (2023)","DOI":"10.1007\/978-3-031-41623-1_7"},{"key":"29_CR10","first-page":"103006","volume":"64","author":"A Quintero","year":"2022","unstructured":"Quintero, A., P\u00e9rez, S.M., Varela-Vaca, \u00c1.J., L\u00f3pez, M., Cabot, J.: A domain-specific language for the specification of UCON policies. J. Inf. Secur. Appl. 64, 103006 (2022)","journal-title":"J. Inf. Secur. Appl."},{"key":"29_CR11","doi-asserted-by":"crossref","unstructured":"Botha, R.A., Eloff, J.H.P.: Separation of duties for access control enforcement in workflow environments. IBM Syst. J. 40(3), 666\u2013682 (2001)","DOI":"10.1147\/sj.403.0666"},{"key":"29_CR12","doi-asserted-by":"crossref","unstructured":"Koukovini, M., Papagiannakopoulou, E., Lioudakis, G.V., Dellas, N., Kaklamani, D.I., Venieris, I.S.: Privacy Compliance Requirements in Workflow Environments. In: Handbook of Research on Digital Crime, Cyberspace Security, and Information Assurance. IGI Global (2014)","DOI":"10.4018\/978-1-4666-6324-4.ch011"},{"issue":"3","key":"29_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3641289","volume":"15","author":"X Yupeng Chang","year":"2024","unstructured":"Yupeng Chang, X., et al.: A survey on evaluation of large language models. ACM Trans. Intell. Syst. Technol. 15(3), 1\u201345 (2024)","journal-title":"ACM Trans. Intell. Syst. Technol."},{"key":"29_CR14","unstructured":"Lewis, P., et al.: Retrieval-augmented generation for knowledge-intensive NLP tasks. In: Proceedings of the 34th International Conference on Neural Information Processing Systems (NeurIPS 2020), pp. 9459\u20139474. Curran Associates, Inc. (2020)"},{"key":"29_CR15","doi-asserted-by":"crossref","unstructured":"Zamfirescu-Pereira, J.D., Wong, R.Y., Hartmann, B., Yang, Q.: Why johnny can\u2019t prompt: how non-AI experts try (and fail) to design LLM prompts. In: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems, CHI \u201923, pp. 1\u201321. ACM (2023)","DOI":"10.1145\/3544548.3581388"},{"key":"29_CR16","doi-asserted-by":"crossref","unstructured":"Kourani, H., Berti, A., Schuster, D., van der Aalst, W.M.: Process modeling with large language models. In: Enterprise, Business-Process and Information Systems Modeling - 25th International Conference, BPMDS 2024, volume 511 of Lecture Notes in Business Information Processing, pp. 229\u2013244. Springer (2024)","DOI":"10.1007\/978-3-031-61007-3_18"},{"key":"29_CR17","unstructured":"OpenAI. GPT-4 Technical Report, pp. 1\u201317. arXiv preprint: arXiv:2303.08774v6 (2024)"},{"key":"29_CR18","unstructured":"DeepSeek-AI. Deepseek-r1: Incentivizing reasoning capability in LLMS via reinforcement learning. In: Proceedings of the AIME 2024 Conference. arXiv (2025)"},{"key":"29_CR19","unstructured":"Touvron, H., et al.: Llama: open and efficient foundation language models (2023)"},{"key":"29_CR20","doi-asserted-by":"crossref","unstructured":"Bernardi, M. L., Casciani, A., Cimitile, M., Marrella, A.: Conversing with business process-aware large language models: the BPLLM framework. J. Intell. Inf. Syst. (2024)","DOI":"10.21203\/rs.3.rs-4125790\/v1"},{"key":"29_CR21","doi-asserted-by":"crossref","unstructured":"Gomez-Lopez, M.T., Gasca, R.M., Rinderle-Ma, S.: Explaining the incorrect temporal events during business process monitoring by means of compliance rules and model-based diagnosis. In: 17th IEEE International Enterprise Distributed Object Computing Conference Workshops, EDOC Workshops, 2013, pp. 163\u2013172 (2013)","DOI":"10.1109\/EDOCW.2013.25"},{"issue":"1","key":"29_CR22","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1007\/s10115-017-1142-1","volume":"57","author":"M Hashmi","year":"2018","unstructured":"Hashmi, M., Governatori, G., Lam, H.-P., Wynn, M.T.: Are we done with business process compliance: state of the art and challenges ahead. Knowl. Inf. Syst. 57(1), 79\u2013133 (2018). https:\/\/doi.org\/10.1007\/s10115-017-1142-1","journal-title":"Knowl. Inf. Syst."},{"key":"29_CR23","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1016\/j.entcs.2004.10.013","volume":"121","author":"WM Van der Aalst","year":"2005","unstructured":"Van der Aalst, W.M., de Medeiros, A.: Process mining and security: detecting anomalous process executions and checking process conformance. Electr. Notes Theor. Comput. Sci. 121, 3\u201321 (2005)","journal-title":"Electr. Notes Theor. Comput. Sci."},{"key":"29_CR24","doi-asserted-by":"publisher","unstructured":"Bezerra, F., Wainer, J., van der Aalst, W.: Anomaly detection using process mining. In: Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Ukor, R. (eds.) BPMDS\/EMMSAD -2009. LNBIP, vol. 29, pp. 149\u2013161. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-01862-6_13","DOI":"10.1007\/978-3-642-01862-6_13"},{"key":"29_CR25","doi-asserted-by":"crossref","unstructured":"Alrahili, R.: Towards employing process mining for role based access control analysis: a systematic literature review. In: Proceedings of the Future Technologies Conference (FTC) 2021, Volume 1, pp. 904\u2013927. Springer International Publishing, Cham (2022)","DOI":"10.1007\/978-3-030-89906-6_58"},{"key":"29_CR26","doi-asserted-by":"publisher","first-page":"139546","DOI":"10.1109\/ACCESS.2020.3012147","volume":"8","author":"E Asare","year":"2020","unstructured":"Asare, E., Wang, L., Fang, X.: Conformance checking: workflow of hospitals and workflow of open-source EMRs. IEEE Access 8, 139546\u2013139566 (2020)","journal-title":"IEEE Access"},{"key":"29_CR27","doi-asserted-by":"crossref","unstructured":"Accorsi, R., Stocker, T.: On the exploitation of process mining for security audits: the conformance checking case. In: Proceedings of the ACM Symposium on Applied Computing, SAC 2012, pp. 1709\u20131716. ACM (2012)","DOI":"10.1145\/2245276.2232051"},{"key":"29_CR28","unstructured":"Zahoransky, R.M., Holderer, J., Lange, A., Brenig, C.: Process analysis as first step towards automated business security. In: 24th European Conference on Information Systems, ECIS 2016, Istanbul, Turkey, June 12-15, 2016 (2016)"},{"key":"29_CR29","doi-asserted-by":"publisher","unstructured":"Salnitri, M., Alizadeh, M., Giovanella, D., Zannone, N., Giorgini, P.: From security-by-design to the identification of security-critical deviations in process executions. In: Mendling, J., Mouratidis, H. (eds.) CAiSE 2018. LNBIP, vol. 317, pp. 218\u2013234. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-92901-9_19","DOI":"10.1007\/978-3-319-92901-9_19"},{"issue":"6","key":"29_CR30","doi-asserted-by":"publisher","first-page":"1415","DOI":"10.1007\/s10270-020-00820-7","volume":"19","author":"C Cabanillas","year":"2020","unstructured":"Cabanillas, C., Ackermann, L., Sch\u00f6nig, S., Sturm, C., Mendling, J.: The RALph miner for automated discovery and verification of resource-aware process models. Softw. Syst. Model. 19(6), 1415\u20131441 (2020). https:\/\/doi.org\/10.1007\/s10270-020-00820-7","journal-title":"Softw. Syst. Model."},{"key":"29_CR31","doi-asserted-by":"publisher","first-page":"9027","DOI":"10.1109\/ACCESS.2018.2791666","volume":"6","author":"A Amjad","year":"2018","unstructured":"Amjad, A., Azam, F., Anwar, M.W., Butt, W.H., Rashid, M.: Event-driven process chain for modeling and verification of business requirements-a systematic literature review. IEEE Access 6, 9027\u20139048 (2018)","journal-title":"IEEE Access"},{"key":"29_CR32","doi-asserted-by":"crossref","unstructured":"Amjad, A., Azam, F., Anwar, M.W., Butt, W.H.: Verification of event-driven process chain with timed automata and time petri nets. In: 2017 9th IEEE-GCC Conference and Exhibition (GCCCE), pp. 1\u20136 (2017)","DOI":"10.1109\/IEEEGCC.2017.8448053"},{"key":"29_CR33","unstructured":"Fardbastani, M.A., Allahdadi, F., Sharifi, M.: EDBPM: an event-driven business process monitoring mechanism. Int. J. Inf. Commun. Technol. Res., 10(2) (2018)"},{"key":"29_CR34","doi-asserted-by":"crossref","unstructured":"Mothukuri, V., Parizi, R.M., Massa, J.L.: LLMSmartSec: Smart contract security auditing with LLM and annotated control flow graph. In: IEEE International Conference on Blockchain, Blockchain, 2024, pp. 434\u2013441. IEEE (2024)","DOI":"10.1109\/Blockchain62396.2024.00064"},{"key":"29_CR35","doi-asserted-by":"crossref","unstructured":"Lashkevich, K., Milani, F., Avramenko, M., Dumas, M.: LLM-Assisted optimization of waiting time in business processes: A prompting method. In: Business Process Management - 22nd International Conference, BPM 2024, Krakow, Poland, September 1-6, 2024, Proceedings, volume 14940 of Lecture Notes in Computer Science, pp. 474\u2013492. Springer (2024)","DOI":"10.1007\/978-3-031-70396-6_27"}],"container-title":["Lecture Notes in Business Information Processing","Advanced Information Systems Engineering Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-94931-9_29","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,13]],"date-time":"2025-06-13T05:44:40Z","timestamp":1749793480000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-94931-9_29"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031949302","9783031949319"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-94931-9_29","relation":{},"ISSN":["1865-1348","1865-1356"],"issn-type":[{"value":"1865-1348","type":"print"},{"value":"1865-1356","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"14 June 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CAiSE","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Advanced Information Systems Engineering","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Vienna","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Austria","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 June 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 June 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"37","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"caise2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/conferences.big.tuwien.ac.at\/caise2025\/index.php","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}