Maria Leitner

Learn More
Flexibility is one of the key challenges for Workflow Systems nowadays. Typically, a workflow covers the following four aspects which might all be subject to change: control flow, data flow, organizational structures, and application components (services). Existing work in research and practice shows that changes must be applied in a controlled manner in(More)
Context: Security in Process-Aware Information Systems (PAIS) has gained increased attention in current research and practice. However, a common understanding and agreement on security is still missing. In addition, the proliferation of literature makes it cumbersome to overlook and determine state of the art and further to identify research challenges and(More)
Process-Aware Information Systems (PAIS) enable the definition, execution, and management of business processes. Typically, processes are specified by control flow, data flow, and users or services , authorized to execute process tasks. During process execution, it is often necessary to access sensitive data such as patient or customer information. To(More)
Currently, many approaches address the enforcement and monitoring of constraints over business processes. However, main focus has been put on constraint verication for intra-instance process constraints so far, i.e., constraints that aect single instances. Existing approaches addressing instance-spanning constraints only consider certain scenarios. In other(More)
Enhancing existing business process modeling languages with security concepts has attracted increased attention in research and several graphical notations and symbols have been proposed. How these extensions can be comprehended by users has not been evaluated yet. However, the comprehensibility of security concepts integrated within business process models(More)
Enabling security is one of the key challenges in adaptive Process-Aware Information Systems (PAIS). Since automating business processes involves many participants, uses private and public data, and communicates with external services security becomes inevitable. In current systems, security is enforced by an access control model and supplementary(More)
In recent years, business process models are used to dene security properties for the corresponding business information systems. In this context, a number of approaches emerged that integrate security properties into standard process modeling languages. Often, these security properties are depicted as text annotations or graphical extensions. However,(More)
Providing adequate access control is crucial for the proper execution of any Web Service (WS) orchestration. Typically, access rules and authorization constraints are defined for a WS orchestration and are resolved over an organizational model at runtime in order to find authorized users to perform orchestration tasks. As known from many practical studies,(More)
Quality-of-Service (QoS) aware service selection problems are a crucial issue in both Grids and distributed, service-oriented systems. When several implementations per service exist, one has to be selected for each workflow step. Several heuristics have been proposed, including blackboard and genetic algorithms. Their applicability and performance has(More)
Role-based Access Control (RBAC) is de facto standard for access control in Process-aware Information Systems (PAIS); it grants authorization to users based on roles (i.e. sets of permissions). So far, research has centered on the design and run time aspects of RBAC. An evaluation and verication of a RBAC system (e.g., to evaluate ex post which users acting(More)