One driver of business process management is the opportunity to reduce costs by outsourcing certain tasks to third-party organizations. At the same time, it is undesirable that delicate information (e.g., trade secrets) "leak" to the involved third parties, be it for legal or economic reasons. The absence of such leaks-called noninterference-can be checked automatically. Such a check requires an assignment of each task of the business process as either confidential or public. Drawbacks of this method are that (1) this assignment of every task is cumbersome, (2) an unsuccessful check requires a corrected confidentiality assignment although (3) the diagnosis and correction of information leaks is a nontrivial task. This paper presents a modeling prototype that integrates the noninterference check into the early design phase of an interorganizational business process. It not only allows for instant feedback on confidentiality assignments, but also for an automated completion of partial assignments toward guaranteed noninterference.
展开▼