Advances in computer technologies facilitate the implementation of inter-organizational business processes. At the same time, managing the security of these processes is increasingly difficult. Compliance with high level specifcations, like normatives and pre-agreed protocols, rules and requirements, is difficult to validate. Here we discuss how Conformance Checking, a specific area of Process Mining, can be adapted for this purpose. Its role is to verify if an execution of a business process satisfies specifications represented by formal models (e.g. Petri Nets, Transition Systems, structures based on partial orders, etc). In the process mining literature, few efforts have been dedicated to online checking of business processes and choreographies for security purposes. The main requirement is high precision and reliability of event logs. They should record, precisely and unambiguously, all security-relevant activities of the analyzed process. Mantaining high-level logs becomes difficult with choreographies: log data are distributed, and must be related to events. Important metadata of event logs, like timestamps, can be ambiguous. Moreover, some data cannot be distributed due to security or privacy issues. These problems result in security-relevant ambiguities in event logs. Here we define a framework to create high-level event logs for online inter-organizational compliance checking using a Validation Authority. The system described here has been implemented in the issuing infrastructure for the Italian Electronic Identity card. © 2013 IEEE.
Talamo, M., Arcieri, F., Schunck, C., D'Iddio, A. (2013). Conformance checking of electronic business processes to secure distributed transactions. In The 47th Annual international Carnahan conference on security technology (pp.119-126) [10.1109/CCST.2013.6922056].
Conformance checking of electronic business processes to secure distributed transactions
TALAMO, MAURIZIO;ARCIERI, FRANCO;SCHUNCK, CHRISTIAN;
2013-01-01
Abstract
Advances in computer technologies facilitate the implementation of inter-organizational business processes. At the same time, managing the security of these processes is increasingly difficult. Compliance with high level specifcations, like normatives and pre-agreed protocols, rules and requirements, is difficult to validate. Here we discuss how Conformance Checking, a specific area of Process Mining, can be adapted for this purpose. Its role is to verify if an execution of a business process satisfies specifications represented by formal models (e.g. Petri Nets, Transition Systems, structures based on partial orders, etc). In the process mining literature, few efforts have been dedicated to online checking of business processes and choreographies for security purposes. The main requirement is high precision and reliability of event logs. They should record, precisely and unambiguously, all security-relevant activities of the analyzed process. Mantaining high-level logs becomes difficult with choreographies: log data are distributed, and must be related to events. Important metadata of event logs, like timestamps, can be ambiguous. Moreover, some data cannot be distributed due to security or privacy issues. These problems result in security-relevant ambiguities in event logs. Here we define a framework to create high-level event logs for online inter-organizational compliance checking using a Validation Authority. The system described here has been implemented in the issuing infrastructure for the Italian Electronic Identity card. © 2013 IEEE.File | Dimensione | Formato | |
---|---|---|---|
2013 Conformance checking of electronic business.pdf
solo utenti autorizzati
Licenza:
Non specificato
Dimensione
420.15 kB
Formato
Adobe PDF
|
420.15 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.