Strong non-leak guarantees for workflow models

Accorsi, Rafael; Wonnemann, Claus

doi:10.1145/1982185.1982254

Cited by 24 publications

(8 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(Accorsi et al, 2011a), (Accorsi et al, 2011b), (Accorsi et al, 2012), (Fenz et al, 2009), , (Lehmann et al, 2013), and (Lohmann et al, 2009)) and confidentiality determination methods implemented as part of different risk assessment methods (e.g., NIST (Barker et al, 2008a), Magerit (Spanish Ministry for Public Administrations, 2006), and Mehari (CLUSIF, 2010)). When dealing with confidentiality requirements in business processes one of the first decisions to make is the level to which each asset should be protected.…”

Section: Related Workmentioning

confidence: 99%

How to Assess Confidentiality Requirements of Corporate Assets?

Cervantes

Fenz

2014

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Confidentiality is an important property that organizations relying on information technology have to preserve. The purpose of this work is to provide a structured approach for identifying confidentiality requirements. A key step in the information security risk management process is the determination of the impact level arisen from a loss of confidentiality, integrity or availability. We deal here with impact level determination regarding confidentiality by proposing a method to calculate impact levels based on the different kind of consequences typically arisen from threats. The proposed approach assesses the impact arisen from confidentiality losses on different areas separately and uses a parameterized model that allows organizations to adjust it according to their specific needs. A validation of the developed approach has been conducted in a small software development company.

show abstract

Section: Related Workmentioning

confidence: 99%

How to Assess Confidentiality Requirements of Corporate Assets?

Cervantes

Fenz

2014

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

show abstract

“…information flow analysis [3,7,17,29]) on basis of process logs are envisioned, recovered models have to fulfill strict requirements. Specifically, mined models have to show the exact log behavior without introducing additional behavior.…”

Section: Control Flow Discovery Appliedmentioning

confidence: 99%

“…As shown in [7], information on the structure, data flow and data dependencies can be used to effectively detect information flows and, hence, help auditors in searching for violations of isolation properties. On the other hand, there are no approaches combining all three dimensions.…”

Section: Case and Data Perspectivementioning

confidence: 99%

On the exploitation of process mining for security audits

Accorsi

Stocker

Müller

2013

Proceedings of the 28th Annual ACM Symposium on Applied Computing

Self Cite

View full text Add to dashboard Cite

This paper reports on the potential of process mining as a basis for security audits of business process and corresponding business process management systems. In particular, it focuses on process discovery as a means to reconstruct process-related structures from event logs, such as the process' control flow, social network and data flows. Based on this information, security analysis to determine the compliance with security and privacy requirements can be automated.

show abstract

“…Based upon InDico [2], the mined workflow specifications can be automatically tested for a multitude of security properties, including MAC-based, non-interference, and enterprise relevant properties, such as Chinese-wall and separation of duties. InDico aims to provide a well-founded, uniform approach and corresponding tool-support for the automated analysis of existing and/or mined workflow specifications for security properties.…”

Section: Expected Impactmentioning

confidence: 99%

Data Flow-Oriented Process Mining to Support Security Audits

Stocker

2012

Service-Oriented Computing

View full text Add to dashboard Cite

Abstract. The automated execution of dynamically-evolving business processes in service-oriented architectures requires audit methods to assert that they fulfill required security properties. Process mining techniques can provide models for the actual process behavior, but mostly disregard the dynamics of processes running in highly flexible environments and neglect the data flow perspective. This research plan is on novel data-oriented mining techniques to tackle these shortcomings in order to support effective security audits.

show abstract

Strong non-leak guarantees for workflow models

Cited by 24 publications

References 32 publications

How to Assess Confidentiality Requirements of Corporate Assets?

How to Assess Confidentiality Requirements of Corporate Assets?

On the exploitation of process mining for security audits

Data Flow-Oriented Process Mining to Support Security Audits

Contact Info

Product

Resources

About