In conjunction with the 12th International Conference on Business Process Management
(BPM 2014)









Get the flyer

Despite the growing demand for business processes that comply with security policies, security and privacy incidents caused by erroneous workflow specifications are regrettably common. This is, in part, because business process management and security are seldom addressed together, thereby hindering the development of trustworthy and security-compliant business processes. The third edition of the Workshop on Security in Business Processes (SBP’14) seeks to bring together researchers and practitioners interested in the management and modelling of secure business processes in process-aware information systems.

The goal of SBP’14 is to obtain a deeper understanding of a rapidly maturing, yet still largely under-investigated field of business process security, audit and control, including both thorough security requirements formalization, secure process modelling, and mechanisms for verification, monitoring and auditing. Besides the “technical” intent to substantially advance the current state of the art, SBP’14 aims to identify active research areas in academia and industry; get a snapshot of the current approaches and existing tool-support; encourage approaches and techniques that combine formal foundations with industrial applicability; and highlight new research directions and challenges. In tackling these questions we hope to make a substantial contribution to reliable and secure business process management.

In particular, SBP’14 encourages innovative methods for workflow security modelling, security audit and control throughout the business process lifecycle: from design time verification to online operational support and post-mortem analysis. Furthermore, it welcomes contributions beyond the strictly technical, such as those considering social, economic, legal and standardisation issues.

Topics of Interest:
  • Alignment
  • Authorization
  • Accountability
  • Audit reduction
  • Business provenance
  • Case studies
  • Conformance/compliance checking
  • Continuous audit
  • Cost-benefit analysis
  • Data-centric process mining
  • Economics of audit
  • Experience reports
  • Formal reasoning
  • Fraud detection
  • Information flow control
  • Meta-models for analysis
  • Operational decision support
  • Privacy-aware process discovery
  • Requirements elicitation
  • Requirements formalization
  • Risk Measurement
  • Runtime verification and monitoring
  • Security modelling
  • Security testing
  • Trace clustering
  • Usage control
  • Workflow forensics
  • Workflow simulation

Chair: R. Accorsi

Keynote Frank van Geffen
From Early Experiments to a Company-wide Process Mining Success
10:30-11:00    Coffee break
Chair: R. Matulevičius
11:00-11:40 P1 X. Lu, D. Fahland, W.M.P. van der Aalst
Conformance Checking Based on Partially Ordered Event Data
Discussant: presenter of P2
11:40-12:05 P2 J.M.E.M. van Der Werf, H.M.W. Verbeek
Online Compliance Monitoring of Service Landscapes
Discussant: presenter of P3
12:05-12:30 P3 R. Guanciale, D. Gurov
Privacy Preserving Business Process Fusion
Discussant: presenter of P1
12:30-13:30   Lunch
13:30-15:00 Tutorial R. Matulevičius
Security Requirements Elicitation from Business Processes


Frank van Geffen
Rabobank, the Netherlands
Abstract of the presentation: Our challenge is to match the customer needs of tomorrow. The speed and complexity of today’s changes require a different approach to process improvement. Process mining, or automated business process discovery, is a bpm technique that helps in gaining insight in how processes are actually performed, how systems are used and how people work together. Through the explosive growth of data and significant advances in analysis and visualization technology it’s possible to unlock valuable process information by analyzing transaction data. The use of automated business process discovery techniques yield new valuable insights. Process analysis done this way becomes fact based, full, for real and fast.

As an introduction Frank van Geffen will tell about his experience with introducing this new technology at Rabobank. Based on his practical experience he will state the specific value of this technique for Rabobank. The main topic of the key-note will focus on the trade-off between rapid and continuous innovation and security aspects of processes. Frank will share some of the dilemma’s Rabobank is facing today and the near future.
Short intro: As chairman of the special interest group on process mining within the Dutch society of information professionals (NGI – NGN), he promotes the sharing of network, knowledge and application of process mining in the Netherlands. As a member of the IEEE Taskforce on Process Mining he promotes the sharing of network, knowledge and application of process mining world wide. Continuous improvement is an important motive for him to develop himself and others. He uses innovation to look at things in different ways and discover new connections.


Submitted manuscripts must be written in English and be no longer than 12 pages. They must be formatted using the LNBIP format format and submitted as a PDF document to the EasyChair website. Submissions will be reviewed on the basis of their originality, significance, technical soundness and clarity of exposition.  Each submission will be reviewed by at least three PC members. Submitted manuscripts must not substantially overlap manuscripts that have been published or submitted to another peer-reviewed conference or journal.

The workshop papers will be published by Springer as a post-workshop proceedings volume in the series Lecture Notes in Business Information Processing (LNBIP).

  • Paper submission: June 8th, 2014 (- extended! -)
  • Paper notification: July 1st, 2014
  • Camera-ready: July 23rd, 2014
  • Workshop: September 8th, 2014

Honorary PC Chair
Program Committee Chairs
Publicity Chairs
  • Giovanni Livraga, University of Milan, Italy
  • Anne Baumgrass, University of Potsdam, Germany
  • Achim D. Brucker, SAP Labs, Germany
  • Khaled Gaaloul, CRP Henri Tudor, Luxembourg
  • Aditya Ghose, University of Wollongong, Australia
  • Mati Golani, ORT Braude College, Israel
  • Anat Goldstein, Ben-Gurion University of the Negev, Israel
  • Hejiao Huang, Shenzhen Graduate School, Harbin Institute of Technology, China
  • Michael Huth, Imperial College, UK
  • Fuyuki Ishikawa, National Institute of Infomatics Tokyo, Japan
  • Jan Jürjens, Technical University of Dortmund, Germany
  • Dimka Karastoyanova, University of Stuttgart, Germany
  • Guenter Karjoth, Lucerne University of Applied Sciences and Arts, Switzerland
  • Seok-Won Lee, Ajou University, Korea
  • Lin Liu, Tsinghua University, China
  • Heiko Ludwig, IBM Research, US
  • Nicolas Mayer, CRP Henri Tudor, Luxembourg
  • Per Hċkon Meland, SINTEF ICT, Norway
  • Marco Montali, Free University of Bozen-Bolzano, Italy
  • Haralambos Mouratidis, University of Brighton, UK
  • Andreas Opdahl, University of Bergen, Norway
  • Günther Pernul, University of Regensburg, Germany
  • Silvio Ranise, FBK-IRST, Italy
  • Stefanie Rinderle-Ma, University of Vienna, Austria
  • David G. Rosado, University of Castilla-La Mancha, Spain
  • Shazia Sadiq, Queensland University, Australia
  • Guttorm Sindre, Norwegian University of Science and Technology, Norway
  • Pnina Soffer, University of Haifa, Israel
  • Mark Strembeck, Vienna University of Economics and Business, Austria
  • Arnon Sturm, Ben-Gurion University of the Negev, Israel
  • Matthias Weidlich, Imperial College, UK
  • Jan Martijn van der Werf, Utrecht University, the Netherlands
  • Nicola Zannone, Eindhoven University of Technology, the Netherlands

SBP'13 (see the report), Dagstuhl Seminar on Verifiably Secure PaIS (see the report)
2012: SBP'12 (see the report )
2011: ABPSM'11, WfSAC'11