Advances in computer technologies facilitate the implementation of inter-organizational business processes. At the same time, managing the security of these processes is increasingly difficult. Compliance with high level specifcations, like normatives and pre-agreed protocols, rules and requirements, is difficult to validate. Here we discuss how Conformance Checking, a specific area of Process Mining, can be adapted for this purpose. Its role is to verify if an execution of a business process satisfies specifications represented by formal models (e.g. Petri Nets, Transition Systems, structures based on partial orders, etc). In the process mining literature, few efforts have been dedicated to online checking of business processes and choreographies for security purposes. The main requirement is high precision and reliability of event logs. They should record, precisely and unambiguously, all security-relevant activities of the analyzed process. Mantaining high-level logs becomes difficult with choreographies: log data are distributed, and must be related to events. Important metadata of event logs, like timestamps, can be ambiguous. Moreover, some data cannot be distributed due to security or privacy issues. These problems result in security-relevant ambiguities in event logs. Here we define a framework to create high-level event logs for online inter-organizational compliance checking using a Validation Authority. The system described here has been implemented in the issuing infrastructure for the Italian Electronic Identity card. © 2013 IEEE.

Talamo, M., Arcieri, F., Schunck, C., D'Iddio, A. (2013). Conformance checking of electronic business processes to secure distributed transactions. In The 47th Annual international Carnahan conference on security technology (pp.119-126) [10.1109/CCST.2013.6922056].

Conformance checking of electronic business processes to secure distributed transactions

TALAMO, MAURIZIO;ARCIERI, FRANCO;SCHUNCK, CHRISTIAN;
2013-01-01

Abstract

Advances in computer technologies facilitate the implementation of inter-organizational business processes. At the same time, managing the security of these processes is increasingly difficult. Compliance with high level specifcations, like normatives and pre-agreed protocols, rules and requirements, is difficult to validate. Here we discuss how Conformance Checking, a specific area of Process Mining, can be adapted for this purpose. Its role is to verify if an execution of a business process satisfies specifications represented by formal models (e.g. Petri Nets, Transition Systems, structures based on partial orders, etc). In the process mining literature, few efforts have been dedicated to online checking of business processes and choreographies for security purposes. The main requirement is high precision and reliability of event logs. They should record, precisely and unambiguously, all security-relevant activities of the analyzed process. Mantaining high-level logs becomes difficult with choreographies: log data are distributed, and must be related to events. Important metadata of event logs, like timestamps, can be ambiguous. Moreover, some data cannot be distributed due to security or privacy issues. These problems result in security-relevant ambiguities in event logs. Here we define a framework to create high-level event logs for online inter-organizational compliance checking using a Validation Authority. The system described here has been implemented in the issuing infrastructure for the Italian Electronic Identity card. © 2013 IEEE.
International Carnahan Conference on security technology (ICCST), 47.
Medellin (Colombia)
2013
47.
Rilevanza internazionale
2013
2013
Settore ING-INF/05 - Sistemi di Elaborazione delle Informazioni
Settore INF/01 - Informatica
English
Intervento a convegno
Talamo, M., Arcieri, F., Schunck, C., D'Iddio, A. (2013). Conformance checking of electronic business processes to secure distributed transactions. In The 47th Annual international Carnahan conference on security technology (pp.119-126) [10.1109/CCST.2013.6922056].
Talamo, M; Arcieri, F; Schunck, C; D'Iddio, A
File in questo prodotto:
File Dimensione Formato  
2013 Conformance checking of electronic business.pdf

non disponibili

Licenza: Non specificato
Dimensione 420.15 kB
Formato Adobe PDF
420.15 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2108/108687
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 7
  • ???jsp.display-item.citation.isi??? 0
social impact