Automated Certification for Compliant Cloud-based Business Processes

Authors

Rafael Accorsi, University of FreiburgFollow
Lutz Lowis, University of Freiburg
Yoshinori Sato, Yokohama Research LaboratoryFollow

Document Type

Research Paper

Abstract

A key problem in the deployment of
large-scale, reliable cloud computing
concerns the difficulty to certify the
compliance of business processes operating
in the cloud. Standard audit
procedures such as SAS-70 and SAS-
117 are hard to conduct for cloudbased
processes. The paper proposes
a novel approach to certify the compliance
of business processes with regulatory
requirements. The approach translates
process models into their corresponding
Petri net representations
and checks them against requirements
also expressed in this formalism. Being
based on Petri nets, the approach provides
well-founded evidence on adherence
and, in case of noncompliance, indicates
the possible vulnerabilities.

Recommended Citation

Accorsi, Rafael; Lowis, Lutz; and Sato, Yoshinori (2011) "Automated Certification for Compliant Cloud-based Business Processes," Business & Information Systems Engineering: Vol. 3: Iss. 3, 145-154.
Available at: https://aisel.aisnet.org/bise/vol3/iss3/4