@inproceedings {INPROC-2012-08,
author = {Steve Strauch and Uwe Breitenb{\"u}cher and Oliver Kopp and Frank Leymann and Tobias Unger},
title = {{Cloud Data Patterns for Confidentiality}},
booktitle = {Proceedings of the 2nd International Conference on Cloud Computing and Service Science (CLOSER'12)},
publisher = {SciTePress},
institution = {Universit{\"a}t Stuttgart, Fakult{\"a}t Informatik, Elektrotechnik und Informationstechnik, Germany},
pages = {387--394},
type = {Konferenz-Beitrag},
month = {April},
year = {2012},
keywords = {patterns; confidentiality; database layer; migration; distributed application architecture; cloud data store},
language = {Englisch},
cr-category = {C.2.4 Distributed Systems,
D.2.11 Software Engineering Software Architectures,
H.3.4 Information Storage and Retrieval Systems and Software},
contact = {steve.strauch@iaas.uni-stuttgart.de},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {Cloud computing enables cost-effective, self-service, and elastic hosting of
applications in the Cloud. Applications may be partially or completely moved to
the Cloud. When hosting or moving the database layer to the Cloud, challenges
such as avoidance of disclosure of critical data have to be faced. The main
challenges are handling different levels of confidentiality and satisfying
security and privacy requirements. We provide reusable solutions in the form of
patterns.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2012-08&engl=0}
}
@inproceedings {INPROC-2011-71,
author = {Steve Strauch and Oliver Kopp and Frank Leymann and Tobias Unger},
title = {{A Taxonomy for Cloud Data Hosting Solutions}},
booktitle = {Proceedings of the International Conference on Cloud and Green Computing (CGC '11)},
publisher = {IEEE Computer Society},
institution = {Universit{\"a}t Stuttgart, Fakult{\"a}t Informatik, Elektrotechnik und Informationstechnik, Germany},
pages = {577--584},
type = {Konferenz-Beitrag},
month = {Dezember},
year = {2011},
doi = {10.1109/DASC.2011.106},
keywords = {cloud data hosting solution; taxonomy; distributed application architecture; database layer; cloud computing},
language = {Englisch},
cr-category = {C.2.4 Distributed Systems,
D.2.11 Software Engineering Software Architectures,
H.3.4 Information Storage and Retrieval Systems and Software},
contact = {steve.strauch@iaas.uni-stuttgart.de},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {Cloud computing allows reducing capital expenditure by using resources on
demand. We investigate how to build a database layer in the Cloud and present
pure and hybrid Cloud data hosting solutions. The solutions are organized in a
taxonomy. The properties used for organization are: application layer,
deployment model, location, service model, data store type, and compatibility.
Using the taxonomy, existing Cloud data hosting solutions are categorized.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2011-71&engl=0}
}
@inproceedings {INPROC-2010-92,
author = {Aliaksandr Birukou and Vincenzo D'Andrea and Frank Leymann and Jacek Serafinski and Patr{\'\i}cia Silveira and Steve Strauch and Marek Tluczek},
title = {{An Integrated Solution for Runtime Compliance Governance in SOA}},
booktitle = {Proceedings of the 8th International Conference on Service-Oriented Computing (ICSOC'10), San Francisco, California, USA, December 7-10, 2010},
publisher = {Springer},
institution = {Universit{\"a}t Stuttgart, Fakult{\"a}t Informatik, Elektrotechnik und Informationstechnik, Germany},
pages = {122--136},
type = {Konferenz-Beitrag},
month = {Dezember},
year = {2010},
doi = {10.1007/978-3-642-17358-5_9},
keywords = {Compliance Governance, Business Process, Monitoring, SOA, Complex Event Processing},
language = {Englisch},
cr-category = {H.4.1 Office Automation},
contact = {Please send an e-mail to steve.strauch@iaas.uni-stuttgart.de},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {In response to recent nancial scandals (e.g. those involving Enron, Fortis,
Parmalat), new regulations for protecting the society from nancial and
operational risks of the companies have been introduced. Therefore, companies
are required to assure compliance of their operations with those new
regulations as well as those already in place. Regulations are only one example
of compliance sources modern organizations deal with every day. Other sources
of compliance include licenses of business partners and other contracts,
internal policies, and international standards. The diversity of compliance
sources introduces the problem of compliance governance in an organization. In
this paper, we propose an integrated solution for runtime compliance governance
in Service-Oriented Architectures (SOAs). We show how the proposed solution
supports the whole cycle of compliance management: from modeling compliance
requirements in domain-speci c languages through monitoring them during process
execution to displaying information about the current state of compliance in
dashboards. We focus on the runtime part of the proposed solution and describe
it in detail.We apply the developed framework in a real case study coming from
EU FP7 project COMPAS, and this case study is used through the paper to
illustrate our solution.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2010-92&engl=0}
}
@inproceedings {INPROC-2010-75,
author = {David Schumm and Tobias Anstett and Frank Leymann and Daniel Schleicher and Steve Strauch},
title = {{Essential Aspects of Compliance Management with Focus on Business Process Automation}},
booktitle = {INFORMATIK 2010: Business Process and Service Science – Proceedings of ISSS and BPSC},
editor = {Witold Abramowicz and Rainer Alt and Klaus-Peter F{\"a}hnrich and Bogdan Franczyk and Leszek A. Maciaszek},
publisher = {Gesellschaft f{\"u}r Informatik e.V. (GI)},
institution = {Universit{\"a}t Stuttgart, Fakult{\"a}t Informatik, Elektrotechnik und Informationstechnik, Germany},
series = {Lecture Notes in Informatics},
volume = {177},
pages = {127--138},
type = {Konferenz-Beitrag},
month = {September},
year = {2010},
language = {Englisch},
cr-category = {H.4.1 Office Automation},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {Compliance requirements coming from laws, regulations and internal policies
constrain how a company may carry out its business. A company must take various
different actions for preventing compliance violations and for detecting them.
Business processes have to be changed accordingly in order to adhere to these
requirements. Manual controls need to be installed in order to affect the work
which is done outside of IT systems. Technical controls are required for
assuring compliance within IT systems. In this paper, we present a compliance
management model that captures the compliance problem from a holistic point of
view. We elaborate on a technical control which is called compliance fragment
and we position it in the compliance management model. A compliance fragment is
a connected, possibly incomplete process graph that can be used as a reusable
building block for ensuring a consistent specification and integration of
compliance into a workflow. In particular, we propose language extensions to
BPEL for representing compliance fragments. Furthermore, we introduce a
methodology for integrating compliance fragments into given workflows.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2010-75&engl=0}
}
@inproceedings {INPROC-2010-52,
author = {David Schumm and Dimka Karastoyanova and Frank Leymann and Steve Strauch},
title = {{Fragmento: Advanced Process Fragment Library}},
booktitle = {Proceedings of the 19th International Conference on Information Systems Development (ISD'10), Prague, Czech Republic, August 25 - 27, 2010},
publisher = {Springer},
institution = {Universit{\"a}t Stuttgart, Fakult{\"a}t Informatik, Elektrotechnik und Informationstechnik, Germany},
pages = {659--670},
type = {Konferenz-Beitrag},
month = {August},
year = {2010},
isbn = {978-1-4419-9645-9},
keywords = {Process Fragment; Process Design; Reusability; Process Library},
language = {Englisch},
cr-category = {H.4.1 Office Automation,
D.3.3 Programming Language Constructs and Features},
contact = {David.Schumm@iaas.uni-stuttgart.de},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {Reuse is a common discipline for decreasing software development time and for
improving overall quality, independent from the domain. As business processes
represent a fundamental asset of an organization, several concepts for enabling
reuse during process modeling have been proposed. However, only few concrete
examples for reusable process artifacts have been discussed so far. In this
paper, we present the concept of process fragments and an example collection of
process fragments for illustrating our reuse concept and for showing that it
can ac-tually be applied in practice for an easier and faster development of
process-based applications. The fragment examples demonstrate different
characteristics such fragments may exhibit. We also argue that this work will
encourage reuse of process logic in terms of fragments since it also provides
an opportunity to design and develop a process fragment library for collecting
process logic explicitly. As technical enabler for the approach we present a
prototype called Fragmento.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2010-52&engl=0}
}
@inproceedings {INPROC-2010-03,
author = {David Schumm and Frank Leymann and Zhilei Ma and Thorsten Scheibler and Steve Strauch},
title = {{Integrating Compliance into Business Processes: Process Fragments as Reusable Compliance Controls}},
booktitle = {Proceedings of the Multikonferenz Wirtschaftsinformatik (MKWI'10), G{\"o}ttingen, Germany, February 23-25, 2010},
editor = {Schumann/Kolbe/Breitner/Frerichs},
address = {G{\"o}ttingen},
publisher = {Universit{\"a}tsverlag G{\"o}ttingen},
institution = {Universit{\"a}t Stuttgart, Fakult{\"a}t Informatik, Elektrotechnik und Informationstechnik, Germany},
pages = {2125--2137},
type = {Konferenz-Beitrag},
month = {Februar},
year = {2010},
isbn = {978-3-941875-31-9},
keywords = {Business Process Compliance, Process Fragment, Reusability},
language = {Englisch},
cr-category = {H.4.1 Office Automation},
contact = {David.Schumm@iaas.uni-stuttgart.de},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {Companies increasingly have to pay attention to compliance concerns addressing
business processes. Flexibly reacting to changing requirements coming from
laws, regulations, and internal guidelines, becomes a necessary part of
business process management. In this paper we propose the application of the
emerging concept of process fragments in the field of compliance management in
process-based applications. We exemplify realizing compliance requirements
employing the notion of process fragments, and we show its characteristics and
its practical application using a scenario common in industry. In doing so, we
discuss how a fragment can be identified, which design considerations need to
be taken into account, we discuss efficient storage and retrieval, and which
ways of integration into business processes are feasible. This approach
leverages the reusability of both, process models and realizations of
compliance requirements.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2010-03&engl=0}
}
@inproceedings {INPROC-2009-76,
author = {Tobias Anstett and Dimka Karastoyanova and Frank Leymann and Ralph Mietzner and Ganna Monakova and Daniel Schleicher and Steve Strauch},
title = {{MC-Cube: Mastering Customizable Compliance in the Cloud}},
booktitle = {Proceedings of the 7th International Joint Conference on Service Oriented Computing, Stockholm, Sweden, November 23-27, 2009},
editor = {Springer},
publisher = {Springer Verlag},
institution = {Universit{\"a}t Stuttgart, Fakult{\"a}t Informatik, Elektrotechnik und Informationstechnik, Germany},
pages = {592--606},
type = {Konferenz-Beitrag},
month = {November},
year = {2009},
keywords = {Cloud Computing; IaaS; PaaS; SaaS; Monitoring; Enforcement},
language = {Englisch},
cr-category = {H.2.7 Database Administration},
contact = {anstett@iaas.uni-stuttgart.de},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {Outsourcing parts of a company's processes becomes more and more important in a
globalized, distributed economy. While archi- tectural styles and technologies
such as service-oriented architecture and Web services facilitate the
distribution of business process over several departments, enterprises and
countries, these business processes still need to comply with various
regulations. These regulations can be company regulations, national, or
international regulations. When outsourcing IT-functions, enterprises must
ensure that the overall regulations are met. Therefore they need evidence from
their outsourcing partners that supports the proof of compliance to
regulations. Furthermore it must be possible to enforce the adherence to
compliance rules at partners. In this paper we introduce so-called compliance
interfaces that can be used by customers to subscribe to evidence at a provider
and to enforce regulations at a provider. We introduce a general compliance
architecture that allows compliance to be monitored and enforced at services
deployed in any emerging cloud delivery model.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2009-76&engl=0}
}
@inproceedings {INPROC-2009-41,
author = {Tobias Anstett and Frank Leymann and Ralph Mietzner and Steve Strauch},
title = {{Towards BPEL in the Cloud: Exploiting Different Delivery Models for the Execution of Business Processes}},
booktitle = {Proceedings of the International Workshop on Cloud Services (IWCS 2009) in conjunction with the 7th IEEE International Conference on Web Services (ICWS 2009), Los Angeles, CA, USA, July 10, 2009},
publisher = {IEEE},
institution = {Universit{\"a}t Stuttgart, Fakult{\"a}t Informatik, Elektrotechnik und Informationstechnik, Germany},
pages = {670--677},
type = {Workshop-Beitrag},
month = {Juli},
year = {2009},
keywords = {BPEL; Cloud Computing; SaaS; PaaS; IaaS; Security; Trust},
language = {Englisch},
cr-category = {H.4.1 Office Automation},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {More and more companies are outsourcing parts of their business processes to
third party providers to exploit the expertise and economies of scale of these
third party providers. In the IT field, emerging delivery models for software
such as Software as a Service and cloud computing offer the possibility to
outsource applications and computing infrastructure and thus enable enterprises
to focus on their core competences. In this paper we investigate how the new
delivery models affect the outsourcing of business processes modeled in
WS-BPEL. WS-BPEL is the standard to model and execute business processes in Web
service-based IT landscapes. We describe how security and trust issues affect
the execution of BPEL processes in the cloud and show the requirements on the
middleware supporting the execution of BPEL processes.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2009-41&engl=0}
}
@inproceedings {INPROC-2009-30,
author = {Florian Daniel and Fabio Casati and Vincenzo D'Andrea and Steve Strauch and David Schumm and Frank Leymann and Emmanuel Mulo and Uwe Zdun and Schahram Dustdar and Samir Sebahi and Fabien de Marchi and Mohand-Said Hacid},
title = {{Business Compliance Governance in Service-Oriented Architectures}},
booktitle = {Proceedings of the IEEE Twenty-Third International Conference on Advanced Information Networking and Applications (AINA'09), Bradford, United Kingdom, May 26-29, 2009},
editor = {Irfan Awan and Muhammad Younas and Takahiro Hara and Arjan Durresi},
address = {Los Alamitos, California},
publisher = {IEEE Press},
institution = {Universit{\"a}t Stuttgart, Fakult{\"a}t Informatik, Elektrotechnik und Informationstechnik, Germany},
pages = {113--120},
type = {Konferenz-Beitrag},
month = {Mai},
year = {2009},
isbn = {978-1-4244-4000-9},
keywords = {Compliance, Process Fragments, SOA, Compliance governance, Business process management, View-based modeling},
language = {Englisch},
cr-category = {H.4.1 Office Automation},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {Governing business compliance with regulations, laws, best practices,
contracts, and the like is not an easy task, and so far there are only limited
software products available that help a company to express compliance rules and
to analyze its compliance state. We argue that today’s SOA-based way of
implementing and conducting business (e.g., using Web services and business
process engines) lends itself very well to the development of a comprehensive
compliance government solution that effectively aids companies in being
compliant. In this paper, we contextualize the compliance problem in SOA-based
businesses, we highlight which are the most salient research challenges that
need to be addressed, and we describe our approach to compliance governance,
spanning design, execution, and evaluation concerns.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2009-30&engl=0}
}
@inproceedings {INPROC-2009-23,
author = {Branimir Wetzstein and Steve Strauch and Frank Leymann},
title = {{Measuring Performance Metrics of WS-BPEL Service Compositions}},
booktitle = {Proceedings of the Fifth International Conference on Networking and Services (ICNS 2009), Valencia, Spain, April 20-25, 2009},
publisher = {IEEE Computer Society},
institution = {Universit{\"a}t Stuttgart, Fakult{\"a}t Informatik, Elektrotechnik und Informationstechnik, Germany},
type = {Konferenz-Beitrag},
month = {April},
year = {2009},
keywords = {KPI, Performance Measurement, Process Performace Metric, WS-BPEL, Service Composition},
language = {Englisch},
cr-category = {H.4.1 Office Automation},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {In this paper we present an approach to the development of monitoring solutions
for processes implemented as WSBPEL service compositions. The approach allows
modeling of process performance metrics in a platform-independent manner and
then generating an event-based monitor model for a specific WS-BPEL process
engine. We create a metamodel which enables modeling of different types of
process performance metrics. In particular, our approach supports modeling of
metrics related to correlated processes. In the deployment phase, we generate a
monitor model based on a proprietary event metamodel of a process engine. In
addition, we determine which events are needed for the calculation of PPMs, and
generate corresponding deployment information for the process engine.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2009-23&engl=0}
}
@article {ART-2011-18,
author = {Oliver Kopp and Katharina G{\"o}rlach and Dimka Karastoyanova and Frank Leymann and Michael Reiter and David Schumm and Mirko Sonntag and Steve Strauch and Tobias Unger and Matthias Wieland and Rania Khalaf},
title = {{A Classification of BPEL Extensions}},
journal = {Journal of Systems Integration},
publisher = {Online},
volume = {2},
number = {4},
pages = {2--28},
type = {Artikel in Zeitschrift},
month = {November},
year = {2011},
issn = {1804-2724},
keywords = {BPEL Extension; Classification of Extensions; Extension Guidelines},
language = {Englisch},
cr-category = {H.4.1 Office Automation},
ee = {ftp://ftp.informatik.uni-stuttgart.de/pub/library/ncstrl.ustuttgart_fi/ART-2011-18/ART-2011-18.pdf,
http://www.si-journal.org/index.php/JSI/article/view/103},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {The Business Process Execution Language (BPEL) has emerged as de-facto standard
for business processes implementation. This language is designed to be
extensible for including additional valuable features in a standardized manner.
There are a number of BPEL extensions available. They are, however, neither
classified nor evaluated with respect to their compliance to the BPEL standard.
This article fills this gap by providing a framework for classifying BPEL
extensions, a classification of existing extensions, and a guideline for
designing BPEL extensions.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=ART-2011-18&engl=0}
}
@article {ART-2011-02,
author = {David Schumm and Dimka Karastoyanova and Oliver Kopp and Frank Leymann and Mirko Sonntag and Steve Strauch},
title = {{Process Fragment Libraries for Easier and Faster Development of Process-based Applications}},
journal = {Journal of Systems Integration},
publisher = {Online},
volume = {2},
number = {1},
pages = {39--55},
type = {Artikel in Zeitschrift},
month = {Januar},
year = {2011},
issn = {1804-2724},
keywords = {Process Fragment; Process Design; Reusability; Process Library.},
language = {Englisch},
cr-category = {H.4.1 Office Automation},
ee = {http://www.si-journal.org/,
http://www.si-journal.org/index.php/JSI/article/view/83},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {The term “process fragment” is recently gaining momentum in business process
management research. We understand a process fragment as a connected and
reusable process structure, which has relaxed completeness and consistency
criteria compared to executable processes. We claim that process fragments
allow for an easier and faster development of process-based applications. As
evidence to this claim we present a process fragment concept and show a sample
collection of concrete, real-world process fragments. We present advanced
application scenarios for using such fragments in development of process-based
applications. Process fragments are typically managed in a repository, forming
a process fragment library. On top of a process fragment library from previous
work, we discuss the potential impact of using process fragment libraries in
cross-enterprise collaboration and application integration.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=ART-2011-02&engl=0}
}