{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,3,7]],"date-time":"2024-03-07T12:03:37Z","timestamp":1709813017522},"reference-count":51,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2011,4,20]],"date-time":"2011-04-20T00:00:00Z","timestamp":1303257600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Bus Inf Syst Eng"],"published-print":{"date-parts":[[2011,6]]},"DOI":"10.1007\/s12599-011-0155-7","type":"journal-article","created":{"date-parts":[[2011,4,19]],"date-time":"2011-04-19T05:32:57Z","timestamp":1303191177000},"page":"145-154","source":"Crossref","is-referenced-by-count":39,"title":["Automated Certification for Compliant Cloud-based Business Processes"],"prefix":"10.1007","volume":"3","author":[{"given":"Rafael","family":"Accorsi","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lutz","family":"Lowis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yoshinori","family":"Sato","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2011,4,20]]},"reference":[{"key":"155_CR1","doi-asserted-by":"crossref","unstructured":"Accorsi R, Wonnemann C (2011) Strong non-leak guarantees for workflow models. ACM, SAC, pp.\u00a0308\u2013314","DOI":"10.1145\/1982185.1982254"},{"key":"155_CR2","first-page":"48","volume-title":"A Chinese wall security model for decentralized workflow systems. ACM conference on computer and communications security","author":"V Atluri","year":"2001","unstructured":"Atluri V, Chun SA, Mazzoleni P (2001) A Chinese wall security model for decentralized workflow systems. ACM conference on computer and communications security. ACM, New York, pp 48\u201357"},{"key":"155_CR3","unstructured":"BDSG (2009) Bundesdatenschutzgesetz. German Federal Ministry of Justice"},{"issue":"1","key":"155_CR4","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1109\/TSE.2007.70746","volume":"34","author":"TD Breaux","year":"2008","unstructured":"Breaux TD, Ant\u00f3n AI (2008) Analyzing regulatory rules for privacy and security requirements. IEEE Trans Software Eng 34(1):5\u201320","journal-title":"IEEE Trans Software Eng"},{"key":"155_CR5","unstructured":"Breaux TD (2009) Legal requirements acquisition for the specification of legally compliant information systems. PhD thesis, North Carolina State University"},{"key":"155_CR6","first-page":"26","volume-title":"Proc JISBD 4","author":"C Cabanillas","year":"2010","unstructured":"Cabanillas C, Resinas M, Ruiz-Cort\u00e9s A (2010) Hints on how to face business process compliance. In: Resinas M, Ruiz-Cort\u00e9s A, Pastor JA, Sancho MR (eds) Proc JISBD 4, pp 26\u201332"},{"key":"155_CR7","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1145\/1655008.1655020","volume-title":"Proc 2009 ACM workshop on cloud computing security","author":"R Chow","year":"2009","unstructured":"Chow R, Golle P, Jakobsson M, Shi E, Staddon J, Masuoka R, Molina J (2009) Controlling data in the cloud: outsourcing computation without outsourcing control. In: Proc 2009 ACM workshop on cloud computing security. ACM, New York, pp 85\u201390"},{"key":"155_CR8","unstructured":"COMPAS (2008) Compliance-driven models, languages, and architectures for services. EU FP7 Project 215175, deliverable 2.1 \u201cState of the art in the field of compliance languages\u201d"},{"key":"155_CR9","unstructured":"CSA (2009) Security guidance for critical areas of focus in cloud computing. Cloud Security Alliance. http:\/\/www.cloudsecurityalliance.org\/ . Accessed 2010-06-29"},{"key":"155_CR10","unstructured":"CSA (2010) Top threats to cloud computing. Cloud Security Alliance. http:\/\/www.cloudsecurityalliance.org\/ . Accessed 2010-06-29"},{"issue":"9","key":"155_CR11","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1145\/130994.130998","volume":"35","author":"B Curtis","year":"1992","unstructured":"Curtis B, Kellner MI, Over J (1992) Process modeling. Comm ACM 35(9):75\u201390","journal-title":"Comm ACM"},{"issue":"12","key":"155_CR12","doi-asserted-by":"crossref","first-page":"1281","DOI":"10.1016\/j.infsof.2008.02.006","volume":"50","author":"R Dijkman","year":"2008","unstructured":"Dijkman R, Dumas M, Ouyang C (2008) Semantics and analysis of business process models in BPMN. Information & Software Technology 50(12):1281\u20131294","journal-title":"Information & Software Technology"},{"key":"155_CR13","first-page":"71","volume":"67","author":"M Ehrig","year":"2007","unstructured":"Ehrig M, Koschmider A, Oberweis A (2007) Measuring similarity between semantic business process models. ACS CRPIT 67:71\u201380","journal-title":"ACS CRPIT"},{"issue":"2","key":"155_CR14","first-page":"179","volume":"54","author":"F Etro","year":"2009","unstructured":"Etro F (2009) The economic impact of cloud computing on business creation, employment and output in Europe. Review of Business and Economics 54(2):179\u2013218","journal-title":"Review of Business and Economics"},{"key":"155_CR15","unstructured":"European Commission (1995) Directive 95\/46\/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data"},{"key":"155_CR16","unstructured":"ENISA (2009) Cloud computing\u2014benefits, risks and recommendations for information security. European Network Information and Security Agency"},{"key":"155_CR17","first-page":"168","volume":"4749","author":"A Ghose","year":"2007","unstructured":"Ghose A, Koliadis G (2007) Auditing business process compliance. Springer LNCS 4749:168\u2013180","journal-title":"Springer LNCS"},{"key":"155_CR18","volume-title":"Congress of the USA","author":"GLB","year":"1999","unstructured":"GLB (1999) Gramm-Leach-Bliley Act. In: Congress of the USA"},{"key":"155_CR19","first-page":"5","volume":"14","author":"G Governatori","year":"2009","unstructured":"Governatori G, Hoffmann J, Sadiq SW, Weber I (2009) Detecting regulatory compliance for business process models through semantic annotations. Springer LNBPI 14:5\u201317","journal-title":"Springer LNBPI"},{"issue":"7","key":"155_CR20","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1145\/1364782.1364786","volume":"51","author":"B Hayes","year":"2009","unstructured":"Hayes B (2009) Cloud computing. Comm ACM 51(7):9\u201311","journal-title":"Comm ACM"},{"key":"155_CR21","volume-title":"Congress of the USA","author":"HIPAA","year":"1996","unstructured":"HIPAA (1996) Health insurance portability and accountability act. In: Congress of the USA"},{"key":"155_CR22","first-page":"1589","volume-title":"ACM symposium on applied computing","author":"S H\u00f6hn","year":"2009","unstructured":"H\u00f6hn S (2009) Model-based reasoning on the achievement of business goals. In: ACM symposium on applied computing. ACM, New York, pp 1589\u20131593"},{"key":"155_CR23","first-page":"21","volume":"5700","author":"H Huang","year":"2009","unstructured":"Huang H, Kirchner H (2009) Component-based security policy design with colored Petri nets. Springer LNCS 5700:21\u201342","journal-title":"Springer LNCS"},{"key":"155_CR24","unstructured":"IIG (2010) BW2PN: BPEL+WSDL to Petri net transformation. Software tool developed at the University of Freiburg, IIG Telematics. http:\/\/www.telematik.uni-freiburg.de\/comcert\/ . Accessed 2010-06-29"},{"key":"155_CR25","first-page":"905","volume":"5871","author":"B Katt","year":"2009","unstructured":"Katt B, Zhang X, Hafner M (2009) Towards a usage control policy specification with Petri nets. Springer LNCS 5871:905\u2013912","journal-title":"Springer LNCS"},{"issue":"10","key":"155_CR26","doi-asserted-by":"crossref","first-page":"613","DOI":"10.1145\/362375.362389","volume":"16","author":"B Lampson","year":"1973","unstructured":"Lampson B (1973) A note on the confinement problem. Commun ACM 16(10):613\u2013615","journal-title":"Commun ACM"},{"issue":"2","key":"155_CR27","doi-asserted-by":"crossref","first-page":"335","DOI":"10.1147\/sj.462.0335","volume":"46","author":"Y Liu","year":"2007","unstructured":"Liu Y, M\u00fcller S, Xu K (2007) A static compliance-checking approach framework for business process models. IBM System Journal 46(2):335\u2013361","journal-title":"IBM System Journal"},{"key":"155_CR28","first-page":"268","volume":"3649","author":"R Liu","year":"2005","unstructured":"Liu R, Kumar A (2005) An analysis and taxonomy of unstructured workflows. Springer LNCS 3649:268\u2013284","journal-title":"Springer LNCS"},{"key":"155_CR29","first-page":"46","volume":"5460","author":"N Lohmann","year":"2009","unstructured":"Lohmann N, Verbeek E, Dijkman RM (2009) Petri net transformations for business processes\u2014A survey. Springer LNCS 5460:46\u201363","journal-title":"Springer LNCS"},{"key":"155_CR30","doi-asserted-by":"crossref","unstructured":"Lowis L, Accorsi R (2010) Vulnerability analysis in SOA-based business processes. IEEE Transactions on Services Computing (in press)","DOI":"10.1109\/TSC.2010.37"},{"issue":"1","key":"155_CR31","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1805286.1805290","volume":"2","author":"HS Meda","year":"2010","unstructured":"Meda HS, Sen AK, Bagchi A (2010) On detecting data flow errors in workflows. Journal of Data and Information Quality 2(1):1\u201331","journal-title":"Journal of Data and Information Quality"},{"key":"155_CR32","first-page":"81","volume":"147","author":"G Monakova","year":"2009","unstructured":"Monakova G, Kopp O, Leymann F, Moser S, Sch\u00e4fers K (2009) Verifying business rules using a SMT solver for BPEL processes. GI LNI 147:81\u201394","journal-title":"GI LNI"},{"issue":"4","key":"155_CR33","doi-asserted-by":"crossref","first-page":"541","DOI":"10.1109\/5.24143","volume":"77","author":"T Murata","year":"1989","unstructured":"Murata T (1989) Petri nets: properties, analysis and applications. Proc IEEE 77(4):541\u2013580","journal-title":"Proc IEEE"},{"key":"155_CR34","unstructured":"Organisation for Economic Co-Operation and Development (OECD) (1980) OECD guidelines on the protection of privacy and transborder flows of personal data"},{"key":"155_CR35","unstructured":"Oryx (2010) The Oryx project. http:\/\/bpt.hpi.uni-potsdam.de\/Oryx\/WebHome . Accessed 2010-06-29"},{"key":"155_CR36","first-page":"484","volume":"3826","author":"C Ouyang","year":"2005","unstructured":"Ouyang C, Verbeek E, van\u00a0der Aalst WMP, Breutel S, Dumas M, ter Hofstede AHM (2005) WofBPEL: a tool for automated analysis of BPEL processes. Springer LNCS 3826:484\u2013489","journal-title":"Springer LNCS"},{"key":"155_CR37","doi-asserted-by":"crossref","first-page":"128","DOI":"10.1145\/984334.984339","volume":"7","author":"J Park","year":"2004","unstructured":"Park J, Sandhu R (2004) The UCONABC usage control model. ACM Transactions on Information and System Security 7:128\u2013174","journal-title":"ACM Transactions on Information and System Security"},{"key":"155_CR38","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1145\/1151030.1151053","volume":"49","author":"A Pretschner","year":"2006","unstructured":"Pretschner A, Hilty M, Basin D (2006) Distributed usage control. Comm ACM 49:39\u201344","journal-title":"Comm ACM"},{"key":"155_CR39","first-page":"149","volume":"4714","author":"S Sadiq","year":"2007","unstructured":"Sadiq S, Governatori G, Namiri K (2007) Modeling control objectives for business process compliance. Business process management. Springer LNCS 4714:149\u2013164","journal-title":"Springer LNCS"},{"key":"155_CR40","unstructured":"Saha D (2008) A hitchhiker\u2019s guide to galaxy a.k.a. Netweaver business process modelling. http:\/\/www.sdn.sap.com\/irj\/scn\/weblogs?blog=\/pub\/wlg\/10947 . Accessed 2010-06-29"},{"issue":"1","key":"155_CR41","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1145\/353323.353382","volume":"3","author":"F Schneider","year":"2000","unstructured":"Schneider F (2000) Enforceable security policies. ACM Trans Inf Syst Secur 3(1):30\u201350","journal-title":"ACM Trans Inf Syst Secur"},{"key":"155_CR42","volume-title":"Congress of the USA","author":"SOX","year":"2002","unstructured":"SOX (2002) Sarbanes-Oxley act. In: Congress of the USA"},{"issue":"3","key":"155_CR43","doi-asserted-by":"crossref","first-page":"281","DOI":"10.1023\/A:1011457324641","volume":"3","author":"EA Stohr","year":"2001","unstructured":"Stohr EA, Zhao JL (2001) Workflow automation: overview and research issues. Information Systems Frontiers 3(3):281\u2013296","journal-title":"Information Systems Frontiers"},{"key":"155_CR44","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1109\/SERVICES.2007.23","volume":"1","author":"A Svirskas","year":"2007","unstructured":"Svirskas A, Courbis C, Molva R, Bed\u017einskas J (2007) Compliance proofs for collaborative interactions using aspect-oriented approach. IEEE Congress on Services 1:33\u201340","journal-title":"IEEE Congress on Services"},{"key":"155_CR45","unstructured":"TMG (2009) Telemediengesetz. German Federal Ministry of Justice"},{"key":"155_CR46","first-page":"425","volume":"5565","author":"N Tr\u010dka","year":"2009","unstructured":"Tr\u010dka N, van\u00a0der Aalst WMP, Sidorova N (2009) Data-flow anti-patterns: discovering data-flow errors in workflows. Springer LNCS 5565:425\u2013439","journal-title":"Springer LNCS"},{"issue":"1","key":"155_CR47","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1142\/S0218126698000043","volume":"8","author":"WMP Aalst van\u00a0der","year":"1998","unstructured":"van\u00a0der Aalst WMP (1998) The application of Petri nets to workflow management. Journal of Circuits, Systems, and Computers 8(1):21\u201366","journal-title":"Journal of Circuits, Systems, and Computers"},{"key":"155_CR48","first-page":"174","volume":"80","author":"WMP Aalst van\u00a0der","year":"2003","unstructured":"van\u00a0der Aalst WMP (2003) Challenges in business process management: verification of business processing using Petri nets. Bulletin of the EATCS 80:174\u2013199","journal-title":"Bulletin of the EATCS"},{"issue":"6","key":"155_CR49","doi-asserted-by":"crossref","first-page":"578","DOI":"10.1016\/j.compind.2007.01.001","volume":"58","author":"BF Dongen van","year":"2007","unstructured":"van Dongen BF, Jansen-Vullers MH, Verbeek HMW, van\u00a0der Aalst WMP (2007) Verification of the SAP reference models using EPC reduction, state-space analysis, and invariants. Computers in Industry 58(6):578\u2013601","journal-title":"Computers in Industry"},{"key":"155_CR50","first-page":"19","volume":"14","author":"G Wagner","year":"2002","unstructured":"Wagner G (2002) How to design a general rule markup language. GI LNI 14:19\u201337","journal-title":"GI LNI"},{"key":"155_CR51","first-page":"126","volume-title":"International conference on quality software. IEEE","author":"PYH Wong","year":"2008","unstructured":"Wong PYH, Gibbons J (2008) Verifying business process compatibility. In: International conference on quality software. IEEE, pp 126\u2013131"}],"container-title":["Business &amp; Information Systems Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s12599-011-0155-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s12599-011-0155-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s12599-011-0155-7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,10]],"date-time":"2019-06-10T00:26:21Z","timestamp":1560126381000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s12599-011-0155-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,4,20]]},"references-count":51,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2011,6]]}},"alternative-id":["155"],"URL":"https:\/\/doi.org\/10.1007\/s12599-011-0155-7","relation":{},"ISSN":["1867-0202"],"issn-type":[{"value":"1867-0202","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011,4,20]]}}}