Automated Certification for Compliant Cloud-Based Business Processes
Cloud Computing workflows need to adhere to a variety of rules and offer high flexibility. This is at odds with the compliance certification currently being carried out in a manual fashion. The paper presents Concert, an approach for the automated analysis of workflows. If a workflow does not adhere to the given rules, re-usable rule patterns are used to pinpoint the workflow vulnerabilities. The results of this design time analysis can be used as certificate by Cloud providers to signal compliance. Auditors can check the rule adherence of workflows before workflow execution, and thanks to the rule patterns certification is open to scrutiny by customers.