Audit-based compliance control

Cederquist, Jan; Corin, Ricardo; Dekker, M.A.C.; Etalle, Sandro; Hartog, J.I. den; Lenzini, Gabriele

doi:10.1007/s10207-007-0017-y

Cited by 67 publications

(48 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The resulting diagnostics of these techniques have been applied in various context. For example, it is used to assess the quality of a model with respect to the reality [10], to repair or simplify models based on diagnosed deviations [11,5], to perform auditing and compliance analysis [12,3,2], to find decision points in processes [13], to conduct root cause analysis [14] and performance analysis [4].…”

Section: Resultsmentioning

confidence: 99%

Conformance Checking Based on Partially Ordered Event Data

Fahland

Aalst

2015

Business Process Management Workshops

View full text Add to dashboard Cite

Abstract. Conformance checking is becoming more important for the analysis of business processes. While the diagnosed results of conformance checking techniques are used in diverse context such as enabling auditing and performance analysis, the quality and reliability of the conformance checking techniques themselves have not been analyzed rigorously. As the existing conformance checking techniques heavily rely on the total ordering of events, their diagnostics are unreliable and often even misleading when the timestamps of events are coarse or incorrect. This paper presents an approach to incorporate flexibility, uncertainty, concurrency and explicit orderings between events in the input as well as in the output of conformance checking using partially ordered traces and partially ordered alignments, respectively. The paper also illustrates various ways to acquire partially ordered traces from existing logs. In addition, a quantitative-based quality metric is introduced to objectively compare the results of conformance checking. The approach is implemented in ProM plugins and has been evaluated using artificial logs.

show abstract

Section: Resultsmentioning

confidence: 99%

Conformance Checking Based on Partially Ordered Event Data

Fahland

Aalst

2015

Business Process Management Workshops

View full text Add to dashboard Cite

show abstract

“…First Order Logic (FOL) Logics have been used in several well-developed auditing systems [24,10], for the encoding of both audit logs and queries. FOL in particular is attractive due to readily available implementation support, e.g.…”

Section: Support For Various Approachesmentioning

confidence: 99%

Correct Audit Logging: Theory and Practice

Amir-Mohammadian

Chong

Skalka

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Retrospective security has become increasingly important to the theory and practice of cyber security, with auditing a crucial component of it. However, in systems where auditing is used, programs are typically instrumented to generate audit logs using manual, ad-hoc strategies. This is a potential source of error even if log analysis techniques are formal, since the relation of the log itself to program execution is unclear. This paper focuses on provably correct program rewriting algorithms for instrumenting formal logging specifications. Correctness guarantees that the execution of an instrumented program produces sound and complete audit logs, properties defined by an information containment relation between logs and the program's logging semantics. We also propose a program rewriting approach to instrumentation for audit log generation, in a manner that guarantees correct log generation even for untrusted programs. As a case study, we develop such a tool for OpenMRS, a popular medical records management system, and consider instrumentation of break the glass policies.

show abstract

“…There are many examples of where and how this could be achieved, from a posteriori access control [13] to blacklisting in online auction sites, or from our own example of the parable above taken through Alice's agent's eyes, through advanced Trust Management system techniques that ensure accountability.…”

Section: Regret Managementmentioning

confidence: 99%

Examining Trust, Forgiveness and Regret as Computational Concepts

Marsh

Briggs

2009

Human–Computer Interaction Series

View full text Add to dashboard Cite

The study of trust has advanced tremendously in recent years, to the extent that the goal of a more unified formalisation of the concept is becoming feasible. To that end, we have begun to examine the closely related concepts of regret and forgiveness and their relationship to trust and its siblings. The resultant formalisation allows computational tractability in, for instance artificial agents. Moreover, regret and forgiveness, when allied to trust, are very powerful tools in the Ambient Intelligence (AmI) security area, especially where Human Computer Interaction and concrete human understanding are key. This paper introduces the concepts of regret and forgiveness, exploring them from social psychological as well as a computational viewpoint, and presents an extension to Marsh's original trust formalisation that takes them into account. It discusses and explores work in the AmI environment, and further potential applications.

show abstract

Audit-based compliance control

Cited by 67 publications

References 34 publications

Conformance Checking Based on Partially Ordered Event Data

Conformance Checking Based on Partially Ordered Event Data

Correct Audit Logging: Theory and Practice

Examining Trust, Forgiveness and Regret as Computational Concepts

Contact Info

Product

Resources

About