International Workshop on Security Aspects of Process-aware Information Systems (SAPAIS)

In conjunction with ARES 2011
August 22-26, 2011
Vienna, Austria

Call for Papers


Business processes are an important source for the engineering of
customized software systems and are constantly gaining attention in
the area of software engineering as well as in the area of information
and system security.  A process-aware information system (PAIS) provides
support for the specification, execution, and/or monitoring of intra-
as well as inter-organizational business processes.

In this context, a complete and correct mapping of process definitions
and related security policies to the corresponding software system is
essential in order to assure consistency between the modeling-level
specifications on the one hand, and the software system that actually
manages corresponding process instances and enforces the respective
policies on the other. The demand to ensure that runtime process
instances comply with modeling-level processes and policies becomes
even more pressing with recent laws and regulations such as the
Sarbanes-Oxley Act (SOX), the Health Insurance Portability and
Accountability Act (HIPAA), or the Basel II Accord.  Moreover,
corresponding compliance requirements also arise from security
recommendations and standards such as the NIST security handbook, the
NIST recommended security controls, the ISO 27000 standard family
(formerly ISO 17799), legally binding agreements such as business
contracts, or company-specific (internal) rules/regulations. This
workshop is concerned with the different security aspects of
process-aware information systems - including authentication,
authorization, audit, availability, confidentiality, integrity, and
privacy aspects.


Suggested topics include, but are not limited to:
- Requirements engineering for security aspects of PAIS
- Modeling-level support for security aspects of PAIS
- Implementation experiences for security aspects of PAIS
- Security aspects of SOA-based PAIS
- Integration of PAIS security aspects in the development process
- Monitoring security aspects of PAIS
- Testing security aspects of PAIS
- Usability aspects of secure PAIS
- Change management for security aspects of PAIS
- Lessons learned and case studies

Important dates:

- Submission Deadline:      April 17th, 2011 April 24th, 2011 (extended)
- Author Notification:      May 16th 2011
- Author Registration:      June 1st 2011
- Proceedings Version:      June 1st 2011
- Conference/ Workshop:     August 22nd -26th 2011

Submission Guidelines

Authors are invited to submit papers in  CPS
style (two columns, single-spaced, including figures and references,
using 10 pt fonts, and number each page). Papers must be submitted as
a single PDF file. Please consult the iCPS Author Guidelines at
the following web page:

We solicit the submission of academic workshop papers (6 pages)
representing original, previously unpublished work. Submitted papers
will be carefully evaluated based on originality, significance,
technical soundness, and clarity of exposition.

Duplicate submissions are not allowed. A submission is considered to
be a duplicate submission if it is simultaneously submitted to other
conferences/workshops/journals or if it has been already accepted to
be published in other conferences/workshops/journals. Duplicate
submissions thus will be automatically rejected without review.

The contact author must provide the following information: Paper
title, authors' names, affiliations, postal address, phone, fax, and
e-mail address of the author(s), about 200-250 word abstract, and
about five keywords. Paper registration and submission is done through
the ARES Paper Management System at the following address:

Submission of a paper implies that should the paper be accepted, at
least one of the authors will register for the ARES conference and
present the paper at the workshop. Accepted papers will be given
guidelines in preparing and submitting the final manuscript(s)
together with the notification of acceptance.


Accepted papers will be published byConference Publishing Services (CPS) and will be available online
through IEEE Xplore (EI indexing). http://www.computer.org/portal/web/cscps/

Organizing committee:

Workshop Co-Chairs

Mark Strembeck, WU Vienna, Austria
Stefanie Rinderle-Ma, Univ. of Vienna, Austria

Program committee

Ruth Breu, Univ. of Innsbruck, Austria
Jason Crampton, Royal Holloway, Univ. of London, UK
Schahram Dustdar, TU Vienna, Austria
Ludwig Fuchs, Univ. of Regensburg, Germany
Jan Mendling, HU Berlin, Germany
Günter Müller, Univ. of Freiburg, Germany
Gustaf Neumann, WU Vienna, Austria
Stefanie Rinderle-Ma, Univ. of Vienna, Austria
Andreas Schaad, SAP Research, Germany
Mark Strembeck, WU Vienna, Austria
A Min Tjoa, TU Vienna, Austria
Barbara Weber, Univ. of Innsbruck, Austria
Edgar Weippl, SBA Research, Austria
Uwe Zdun, Univ. of Vienna, Austria