Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Ontology-based analysis of compliance and regulatory requirements of business processes

: Humberg, Thorsten; Wessel, Christian; Poggenpohl, Daniel; Wenzel, Sven; Ruhroth, Thomas; Jürjens, Jan

Desprez, F. ; Institute for Systems and Technologies of Information, Control and Communication -INSTICC-, Setubal:
CLOSER 2013, 3rd International Conference on Cloud Computing and Services Science. Proceedings : Aachen, Germany, 8 - 10 May 2013
SciTe Press, 2013
ISBN: 978-989-8565-52-5
International Conference on Cloud Computing and Services Science (CLOSER) <3, 2013, Aachen>
Bundesministerium für Bildung und Forschung BMBF
01IS11008C; SecureClouds
Bundesministerium für Bildung und Forschung BMBF
01IS11008D; SecureClouds
Fraunhofer ISST ()

Despite its significant potential benefits, the concept of Cloud Computing is still regarded with skepticism in most companies. One of the main obstacle is posed by concerns about the systems' security and compliance issues. Examining system and process models for compliance manually is time-consuming and error-prone, in particular due to the mere extent of potentially relevant sources of security and compliance concerns that have to be considered. This paper proposes techniques to ease these problems by providing support in identifying relevant aspects, as well as suggesting possible methods (from an existing pool of such) to actually check a given model. We developed a two-step approach: At first, we build an ontology to formalize rules from relevant standards, augmented with additional semantic information. This ontology is then utilized in the analysis of an actual model of a system or a business process in order to detect possible compliance obligations.