[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

Auditing Workflow Executions against Dataflow Policies

  • Conference paper
Business Information Systems (BIS 2010)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 47))

Included in the following conference series:

  • 1159 Accesses

Abstract

This paper presents IFAudit , an approach for the audit of dataflow policies in workflow models. IFAudit encompasses three steps. First, propagation graphs are generated from workflows’ log data. They represent the explicit information flows caused, e.g., by data access and message-passing, that have occurred during the execution of the workflow. Second, dataflow policies expressing security and compliance requirements are formalized in a system-independent manner as a binary relation on the workflow principals. Third, an audit algorithm analyzes the propagation graphs against the policies and delivers evidence with regard to whether the workflow complies with them. Besides presenting the corresponding algorithms, the paper discusses possible extensions to address more general types of information flows.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 35.99
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 44.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Accorsi, R.: Automated Privacy Audits to Complement the Notion of Control for Identity Management. In: de Leeuw, E., Fischer-Hübner, S., Tseng, J., Borking, J. (eds.) Policies and Research in Identity Management, IFIP, vol. 261. Springer, Heidelberg (2008)

    Google Scholar 

  2. Accorsi, R.: Safe-Keeping Digital Evidence with Secure Logging Protocols: State of the Art and Challenges. In: Proceedings IMF 2009, September 2009, pp. 94–110 (2009)

    Google Scholar 

  3. Accorsi, R., Wonnemann, C.: Detective information flow analysis for business processes. In: BPSC, pp. 223–224 (2009)

    Google Scholar 

  4. Bace, J., Rozwell, C., Feiman, J., Kirwin, B.: Understanding the costs of compliance. Technical report, Gartner Research (July 2006)

    Google Scholar 

  5. Barletta, M., Ranise, S., Viganò, L.: Verifying the Interplay of Authorization Policies and Workflow in Service-Oriented Architectures. In: CSE (3), pp. 289–296 (2009)

    Google Scholar 

  6. Benantar, M.: Access Control Systems. Springer, Heidelberg (2006)

    MATH  Google Scholar 

  7. Bussmann, K.-D., Krieg, O., Nestler, C., Salvenmoser, S., Schroth, A., Theile, A., Trunk, D.: Wirtschaftskriminalität, – Sicherheitslage in deutschen Großunternehmen. Report by Martin-Luther-Universität Halle-Wittenberg and PricewaterhouseCoopers AG (2009) (in German)

    Google Scholar 

  8. Cederquist, J.G., Corin, R., Dekker, M.A.C., Etalle, S., den Hartog, J.I.: An Audit Logic for Accountability. In: Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 34–43. IEEE Computer Society, Los Alamitos (2005)

    Chapter  Google Scholar 

  9. Etalle, S., Winsborough, W.: A posteriori compliance control. In: Proceedings of the 12th ACM symposium on Access control models and technologies, pp. 11–20 (2007)

    Google Scholar 

  10. Hammer, C., Grimme, M., Krinke, J.: Dynamic path conditions in dependence graphs. In: Proceedings PEPM 2006, pp. 58–67. ACM, New York (2006)

    Google Scholar 

  11. HIPAA: Health Insurance Portability and Accountability Act (2006), http://www.cms.hhs.gov/HIPAAGenInfo/

  12. Kähmer, M., Gilliot, M., Müller, G.: Automating Privacy Compliance with ExPDT. In: CEC/EEE, pp. 87–94 (2008)

    Google Scholar 

  13. Lampson, B.W.: A note on the confinement problem. Communications of the ACM 16(10), 613–615 (1973)

    Article  Google Scholar 

  14. Livshits, B., Nori, A.V., Rajamani, S.K., Banerjee, A.: Merlin: Specification inference for explicit information flow problems

    Google Scholar 

  15. Lohmann, N., Massuthe, P., Stahl, C., Weinberg, D.: Analyzing Interacting BPEL Processes. In: Dustdar, S., Fiadeiro, J.L., Sheth, A.P. (eds.) BPM 2006. LNCS, vol. 4102, pp. 17–32. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  16. Müller, G., Accorsi, R., Höhn, S., Sackmann, S.: Secure usage control for transparency in financial markets. Informatik Spektrum 33(1), 3–13 (2010)

    Article  Google Scholar 

  17. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)

    Article  Google Scholar 

  18. Sun, S.X., Zhao, J.L., Nunamaker, J.F., Sheng, O.R.L.: Formulating the Data-Flow Perspective for Business Process Management. Information Systems Research 17(4), 374–391 (2006)

    Article  Google Scholar 

  19. van der Aalst, W., Weijters, T., Maruster, L.: Workflow Mining: Discovering Process Models from Event Logs. IEEE Transactions on Knowledge and Data Engineering 16(9), 1128–1142 (2004)

    Article  Google Scholar 

  20. van Dongen, B.F., van der Aalst, W.M.P.: A Meta Model for Process Mining Data. In: EMOI-INTEROP, vol. 160 (2005)

    Google Scholar 

  21. Wonnemann, C., Accorsi, R., Müller, G.: On Information Flow Forensics in Business Application Scenarios. In: Proceedings Compsac 2009, vol. 2, pp. 324–328. IEEE Computer Society, Los Alamitos (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Telematics, Albert-Ludwigs-Universität Freiburg, Germany

    Rafael Accorsi & Claus Wonnemann

Authors
  1. Rafael Accorsi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Claus Wonnemann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information Systems, Poznań University of Economics, Al. Niepodległości 10, 61-875, Poznań, Poland

    Witold Abramowicz

  2. Institut für Informatik, Freie Universität Berlin, Takustr. 9, 14195, Berlin, Germany

    Robert Tolksdorf

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Accorsi, R., Wonnemann, C. (2010). Auditing Workflow Executions against Dataflow Policies. In: Abramowicz, W., Tolksdorf, R. (eds) Business Information Systems. BIS 2010. Lecture Notes in Business Information Processing, vol 47. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12814-1_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-12814-1_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-12813-4

  • Online ISBN: 978-3-642-12814-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation