Processes subject to simulation are considered to be executed within a context. While the control flow of a process defines possible execution traces, subjects authorized to execute process activities and objects used by activities are defined by contexts. Our approach allows to define simulation runs, each relating to one process model which is processed one after another according to the number of desired traces for each run. This way, the engine is capable of simulating situations in which there isan initial model for planned process behavior, but a variant of this model was executed for some time, possibly due to the activity of an attacker or process variation/flexibility. To support the user in defining such variants, we define model transformation operators that replace specific control flow patterns of a process. Additionally, each simulation run can relate to a set of trace transformers which operate on trace level.

During the processing of a simulation run, the engine generates valid log traces according to the control flow of the corresponding process and context and then passes them through the trace transformers which apply transformations in a post-processing manner. Trace transformers can remove or add process activities (simulating skipped activities or incomplete logging), as well as change information within traces in a way business related properties like separation/binding of duties or authorization constraints are enforced or violated.