Information Flow Security for Business Process Models - just one click away
نویسندگان
چکیده
When outsourcing tasks of a business process to a third party, information flow security becomes a critical issue. In particular implicit information leaks are an intriguing problem. Given a business process one could ask whether the execution of a confidential task is kept secret to a third party which can observe some public (nonconfidential) tasks. A business process is secure in sense of implicit information flow if a third party can not deduce the execution of confidential tasks based on observations of public tasks. We will show that we can verify much faster whether a given process model is secure, support a new information flow property, and support the modeler to create a secure process using a graphical modeling tool. The demo might be interesting for all process modelers and those who are concerned with security in the BPM community.
منابع مشابه
Resolving vulnerability identification errors using security requirements on business process models
Purpose – In any information security risk assessment, vulnerabilities are usually identified by information-gathering techniques. However, vulnerability identification errors – wrongly identified or unidentified vulnerabilities – can occur as uncertain data are used. Furthermore, businesses’ security needs are not considered sufficiently. Hence, security functions may not protect business asse...
متن کاملAutomatic Information Flow Analysis of Business Process Models
We present an automated and efficient approach for the verification of information flow control for business process models. Building on the concept of Place-based Non-Interference, the novelty is that Petri net reachability is employed to detect places in which information leaks occur. We show that the approach is sound and complete, and present its implementation, the Anica tool. Anica employ...
متن کاملPROVIDE A MODEL FOR IDENTIFYING AND RANKING THE MANAGERIAL FACTORS AFFECTING INFORMATION SECURITY IN ORGANIZATION BY USING VIKOR METHOD; CASE STUDY: TEHRAN UNIVERSITY OF MEDICAL SCIENCES
<span style="color: #000000; font-family: Tahoma, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: -webkit-left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; ba...
متن کاملPROVIDE A MODEL FOR IDENTIFYING AND RANKING THE MANAGERIAL FACTORS AFFECTING INFORMATION SECURITY IN ORGANIZATION BY USING VIKOR METHOD; CASE STUDY: TEHRAN UNIVERSITY OF MEDICAL SCIENCES
<span style="color: #000000; font-family: Tahoma, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: -webkit-left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; ba...
متن کاملASIC design protection against reverse engineering during the fabrication process using automatic netlist obfuscation design flow
Fab-less business model in semiconductor industry has led to serious concerns about trustworthy hardware. In untrusted foundries and manufacturing companies, submitted layout may be analyzed and reverse engineered to steal the information of a design or insert malicious Trojans. Understanding the netlist topology is the ultimate goal of the reverse engineering process. In this paper, we propose...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012