Document Type

Research Paper


A key problem in the deployment of
large-scale, reliable cloud computing
concerns the difficulty to certify the
compliance of business processes operating
in the cloud. Standard audit
procedures such as SAS-70 and SAS-
117 are hard to conduct for cloudbased
processes. The paper proposes
a novel approach to certify the compliance
of business processes with regulatory
requirements. The approach translates
process models into their corresponding
Petri net representations
and checks them against requirements
also expressed in this formalism. Being
based on Petri nets, the approach provides
well-founded evidence on adherence
and, in case of noncompliance, indicates
the possible vulnerabilities.