-------- Original Message -------- Subject: [WI] CFP - International Workshop on Security Aspects of Process-aware Information Systems 2011 Date: Wed, 2 Feb 2011 14:10:50 +0100 From: Mark Strembeck mark.strembeck@wu.ac.at To: wi@aifb.uni-karlsruhe.de

[Apologies for cross and multiple postings. Please circulate to colleagues and prospective interested parties.]

========================================================================= Call for Papers

International Workshop on Security Aspects of Process-aware Information Systems (SAPAIS)

In conjunction with ARES 2011 August 22-26, 2011 Vienna, Austria http://www.ares-conference.eu/conf/ =========================================================================

Introduction ============

Business processes are an important source for the engineering of customized software systems and are constantly gaining attention in the area of software engineering as well as in the area of information and system security. A process-aware information system (PAIS) provides support for the specification, execution, and/or monitoring of intra- as well as inter-organizational business processes.

In this context, a complete and correct mapping of process definitions and related security policies to the corresponding software system is essential in order to assure consistency between the modeling-level specifications on the one hand, and the software system that actually manages corresponding process instances and enforces the respective policies on the other. The demand to ensure that runtime process instances comply with modeling-level processes and policies becomes even more pressing with recent laws and regulations such as the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), or the Basel II Accord. Moreover, corresponding compliance requirements also arise from security recommendations and standards such as the NIST security handbook, the NIST recommended security controls, the ISO 27000 standard family (formerly ISO 17799), legally binding agreements such as business contracts, or company-specific (internal) rules/regulations. This workshop is concerned with the different security aspects of process-aware information systems - including authentication, authorization, audit, availability, confidentiality, integrity, and privacy aspects.

Topics ====== Suggested topics include, but are not limited to: - Requirements engineering for security aspects of PAIS - Modeling-level support for security aspects of PAIS - Implementation experiences for security aspects of PAIS - Security aspects of SOA-based PAIS - Integration of PAIS security aspects in the development process - Monitoring security aspects of PAIS - Testing security aspects of PAIS - Usability aspects of secure PAIS - Change management for security aspects of PAIS - Lessons learned and case studies

Important dates: ================ - Submission Deadline: April 17th, 2011 - Author Notification: May 16th 2011 - Author Registration: June 1st 2011 - Proceedings Version: June 1st 2011 - Conference/ Workshop: August 22nd -26th 2011

Submission Guidelines =====================

Authors are invited to submit papers in IEEE Computer Society CPS style (two columns, single-spaced, including figures and references, using 10 pt fonts, and number each page). Papers must be submitted as a single PDF file. Please consult the IEEE CS CPS Author Guidelines at the following web page: http://www.computer.org/portal/web/cscps/formatting

We solicit the submission of academic workshop papers (6 pages) representing original, previously unpublished work. Submitted papers will be carefully evaluated based on originality, significance, technical soundness, and clarity of exposition.

Duplicate submissions are not allowed. A submission is considered to be a duplicate submission if it is simultaneously submitted to other conferences/workshops/journals or if it has been already accepted to be published in other conferences/workshops/journals. Duplicate submissions thus will be automatically rejected without review.

The contact author must provide the following information: Paper title, authors' names, affiliations, postal address, phone, fax, and e-mail address of the author(s), about 200-250 word abstract, and about five keywords. Paper registration and submission is done through the ARES Paper Management System at the following address: http://stdev.ifs.tuwien.ac.at/ares2011/

Submission of a paper implies that should the paper be accepted, at least one of the authors will register for the ARES conference and present the paper at the workshop. Accepted papers will be given guidelines in preparing and submitting the final manuscript(s) together with the notification of acceptance.

Publication ===========

Accepted papers will be published by IEEE Computer Society's Conference Publishing Services (CPS) and will be available online through IEEE Xplore (EI indexing). http://www.computer.org/portal/web/cscps/

Organizing committee: =====================

Workshop Co-Chairs:

Mark Strembeck, WU Vienna, Austria Stefanie Rinderle-Ma, Univ. of Vienna, Austria

Program committee ================= Ruth Breu, Univ. of Innsbruck, Austria Jason Crampton, Royal Holloway, Univ. of London, UK Schahram Dustdar, TU Vienna, Austria Ludwig Fuchs, Univ. of Regensburg, Germany Jan Mendling, HU Berlin, Germany Günter Müller, Univ. of Freiburg, Germany Gustaf Neumann, WU Vienna, Austria Stefanie Rinderle-Ma, Univ. of Vienna, Austria Andreas Schaad, SAP Research, Germany Mark Strembeck, WU Vienna, Austria A Min Tjoa, TU Vienna, Austria Barbara Weber, Univ. of Innsbruck, Austria Edgar Weippl, SBA Research, Austria Uwe Zdun, Univ. of Vienna, Austria

-- Mailing-Liste: wi@aifb.uni-karlsruhe.de Administrator: wi-admin@aifb.uni-karlsruhe.de Konfiguration: https://www.lists.uni-karlsruhe.de/sympa/info/wi