Detective Information Flow Analysis for Business Processes

14 years 17 days ago

Download www.informatik.uni-freiburg.de

Abstract: We report on ongoing work towards a posteriori detection of illegal information flows for business processes, focusing on the challenges involved in doing so. Resembling a forensic investigation, our approach aims at analyzing the audit trails resultant from the execution of the business processes, locating informations flows that violate the (non-functional) requirements stipulated by security policies. The goal is to obtain fine-grained evidence of policy compliance with respect to information flows. Information flow (IF) characterizes the transfer of information from a classified container h to a public container l during the execution of a process [Lam73]. A "container" can be a logical or physical device, such as a process instance, network socket, or variable. An IF is labeled "illegal" whenever it violates the security policies expressing the non-functional requirements put on the execution of the process, in particular the confidentiality and nonin...

Rafael Accorsi, Claus Wonnemann

Real-time Traffic

BPSC 2007 | BPSC 2009 | Business Processes | Information Flow | Security Policies |

claim paper

Post Info
More Details (n/a)

Added	08 Nov 2010
Updated	08 Nov 2010
Type	Conference
Year	2009
Where	BPSC
Authors	Rafael Accorsi, Claus Wonnemann

Comments (0)

Sciweavers

Detective Information Flow Analysis for Business Processes

BPSC 2007 | BPSC 2009 | Business Processes | Information Flow | Security Policies |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers