Information leak detection in business process models: Theory, application, and tool support

Accorsi, Rafael; Lehmann, Andreas; Lohmann, Niels

doi:10.1016/j.is.2013.12.006

Cited by 25 publications

(11 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…An extension of workflow nets to algebraic nets is used in [18], to reduce an information flow analysis to a check of the soundness property with the MAUDE model checker. While the previous both approaches focussed on the data flow, other side channels are considered for the more general problem of non-interference in [19]. This work extends previous work on information flow analysis [20]- [22], reducing the problem to reachability in Petri nets.…”

Section: A Information Flow Analysis For Business Processesmentioning

confidence: 78%

“…This work extends previous work on information flow analysis [20]- [22], reducing the problem to reachability in Petri nets. While the prior approaches required a full state space analysis, the more recent tooling in [19] exploits state space reduction techniques implemented in the LoLA model checker. In the same line of research also falls [23].…”

Section: A Information Flow Analysis For Business Processesmentioning

confidence: 99%

“…In spite of the fact that mandatory access control using lattice-based security models has a strong formal foundation, there is, with the exception of the pencil-and-paper proof in [19], a general lack of soundness guarantees for information flow analysis in the domain. Note that this issue is clearly addressed by our certified analysis approach.…”

Section: A Information Flow Analysis For Business Processesmentioning

confidence: 99%

See 2 more Smart Citations

Certified Information Flow Analysis of Service Implementations

Heinze

Türker²

2018

2018 IEEE 11th Conference on Service-Oriented Computing and Applications (SOCA)

View full text Add to dashboard Cite

Process analysis enables the certification of distributed business processes using automated process compliance checks. In such an auditing scenario, analysis correctness is key but is usually taken for granted. We therefore argue in this paper for the idea of certified analysis. As is shown by the example of a static information flow analysis and its accompanying Coq development, certified analysis of distributed business processes is feasible and provides machine-checkable correctness certificates and thus helps in increasing thrustworthiness of automated process compliance audits.• We address a heap-based data model for process data as prevalent in state-of-the-art process engines.• We present a formal development for proving the correctness of unified points-to/taint analysis in line with most recent research [4].

show abstract

Section: A Information Flow Analysis For Business Processesmentioning

confidence: 78%

Section: A Information Flow Analysis For Business Processesmentioning

confidence: 99%

Section: A Information Flow Analysis For Business Processesmentioning

confidence: 99%

See 1 more Smart Citation

Certified Information Flow Analysis of Service Implementations

Heinze

Türker²

2018

2018 IEEE 11th Conference on Service-Oriented Computing and Applications (SOCA)

View full text Add to dashboard Cite

show abstract

“…IRiS Analytics checks security vulnerabilities as dependencies of the given instance of the workflow 'Information exchange' between the participating IT systems as a Black Box [3] and, if necessary and possible, additionally their internal data traces with a White Box test scheme [17]. The former evaluation results in evidence INFOR-MATION ; the evaluation of the workflow instance results in evidence DATA TRACE .…”

Section: Iris: User-centered It Risk Analyticsmentioning

confidence: 99%

Adaptive User-Centered Security

Wohlgemuth

2014

Advanced Information Systems Engineering

View full text Add to dashboard Cite

Part 1: Cross-Domain Conference and Workshop on Multidisciplinary Research and Practice for Information Systems (CD-ARES 2014): Software SecurityInternational audienceOne future challenge in informatics is the integration of humans in an infrastructure of data-centric IT services. A critical activity of this infrastructure is trustworthy information exchange to reduce threats due to misuse of (personal) information. Privacy by Design as the present methodology for developing privacy-preserving and secure IT systems aims to reduce security vulnerabilities already in the early requirement analysis phase of software development. Incident reports show, however, that not only an implementation of a model bears vulnerabilities but also the gap between rigorous view of threat and security model on the world and real view on a run-time environment with its dependencies. Dependencies threaten reliability of information, and in case of personal information, privacy as well. With the aim of improving security and privacy during run-time, this work proposes to extend Privacy by Design by adapting an IT system not only to inevitable security vulnerabilities but in particular to their users’ view on an information exchange and its IT support with different, eventually opposite security interests

show abstract

“…Розглядалось також застосування систем ЕДО в грід-середовищі [12]. Ряд робіт присвячений такому аспекту побудови СЕД, як її безпека [13].…”

Section: аналіз літературних даних і постановка проблемиunclassified

Creating a document workflow for example scientific organizations

Поліновський¹,

Брустінов²,

Malkina³

et al. 2014

EEJET

View full text Add to dashboard Cite

ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ ФОРМУВАННЯ WORKFLOW НА ПРИКЛАДІ ДОКУМЕНТООБІГУ НАУКОВОЇ УСТАНОВИ В. В. П о л і н о в с ь к и й Кандидат технічних наук Інститут комп'ютерних технологій Вищій навчальний заклад "Відкритий міжнародний університет розвитку людини "Україна" вул. Хорива, 1/г, м. Київ,

show abstract

Information leak detection in business process models: Theory, application, and tool support

Cited by 25 publications

References 26 publications

Certified Information Flow Analysis of Service Implementations

Certified Information Flow Analysis of Service Implementations

Adaptive User-Centered Security

Creating a document workflow for example scientific organizations

Contact Info

Product

Resources

About