@MASTERSTHESIS\{IMM2007-05127,
    author       = "R. Friis-Jensen",
    title        = "A {CC} Approach to Secure Workflow Systems",
    year         = "2007",
    keywords     = "Common Criteria, Protection Profile, Security Target, Security Evaluation, Workflow, Workflow system",
    school       = "Informatics and Mathematical Modelling, Technical University of Denmark, {DTU}",
    address      = "Richard Petersens Plads, Building 321, {DK-}2800 Kgs. Lyngby",
    type         = "",
    note         = "Supervised by Prof. Robin Sharp, {IMM,} {DTU}.",
    url          = "http://www2.compute.dtu.dk/pubdb/pubs/5127-full.html",
    abstract     = "Secure workflow systems are used to maintain secure and non-repudiable records of possibly very complex transactions or other business processes within a business or organisation. Such systems are coming more and more into focus, as requirements for electronically documentable business practices increase. Possible applications include areas as diverse as maintaining secure accounting records, processing of examination answers and handling laboratory records. 

This thesis analyses the security requirements of such a system using an approach based on the Common Criteria for Information Technology Security Evaluation (CC). A Protection Profile (PP) is developed which in an implementationindependent manner describes the security requirements of a Secure Workflow System. On the basis of the {PP} a Security Target (ST), which conforms to the {PP} is developed. The {ST} identifies and describes the security requirements of a specific Secure Workflow System, which uses a centralised architecture. The {ST} is used to produce concrete specifications for this system which may be used for implementing a concrete system."
}