Workshop on Resilient and Secure BPM - Tackling current Frontiers (SecBPM 2013)

To be held on September 2, 2013 in conjunction with the 8th International Conference on Availability, Reliability and Security (ARES 2013 – http://www.ares-conference.eu).

September 2nd – 6th, 2013
University of Regensburg
Regensburg, Germany

Since the vast majority of business decisions is based on data, reliable information technology (IT) is a prerequisite for business continuity and, therefore, crucial for the entire economy. The execution of these IT-based business process management systems (BPM) enables performance optimization and flexible adaptation to business change. However, regulation, governance and integration with customers and with potentially global partners require techniques to handle both resilience and security issues: While security encompasses unwanted information and control flow between business processes and to unauthorized users, resilience handles unexpected disturbances and assures in a business sense an acceptable termination of business processes.

Especially, modern IT infrastructures such as Cloud Computing face significant risks associated with compliance and legal regulations.

Standardization is one approach, others are advanced method of research like security by design control of BPM, process mining, reconstruction from secure logs for correct auditing, as well as and above all a systematic and formalized requirements engineeringto reach a flexible and multi-objective design.

However, practice shows product offerings of companies and even most research directions focus on the time of design. The time of execution and the time after execution is partially neglected, and maybe one reason why resilience and security lack attention, but are considered limiting factors of technology adaption for especially small and medium sized companies.The lack of security guarantees is currently considered one of the largest challenges for the operational use of BPM and cloud computing.

The aim of this workshop is to identify and to discuss current challenges in BPM with regards to reflecting and integrating security and resilience requirements in operational BPM.This encompasses the demonstration of prototypes in order to support decision makers to identify requirements.

We encourage academic researchers and industry experts to present and discuss novel ideas as well as solutions at work to bridge the current gap between researches on the one hand as well as large and smaller industry on the other hand.


In order to register to ARES 2013, please visit our registration site >>here<<.

Tentative Schedule

Workshop Date: 02 September 2013


    1. Müller, Günter (Uni Freiburg): Security and Compliance in BPM

    2. Syring, Arnt (Uni Freiburg): MERCOR: Security Requirements Structuring

    3. Koslowski, Thomas (Uni Freiburg): Resilient BMP - Status Quo and Challenges

    4. Eymann, Torsten (Uni Bayreuth): Requirements and acceptance of secure business processes - first insights from case studies

    5. Fenz, Stefan (SBA Research): IT-Security Audits for SMEs

    6. Fenz, Stefan (TU Wien): Formalizing Risk- and Compliance-Management

    7. Jurisch, Martin (Aristaflow): Demonstration