Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
BPSC
2009
2009
Detective Information Flow Analysis for Business Processes
Abstract: We report on ongoing work towards a posteriori detection of illegal information flows for business processes, focusing on the challenges involved in doing so. Resembling a forensic investigation, our approach aims at analyzing the audit trails resultant from the execution of the business processes, locating informations flows that violate the (non-functional) requirements stipulated by security policies. The goal is to obtain fine-grained evidence of policy compliance with respect to information flows. Information flow (IF) characterizes the transfer of information from a classified container h to a public container l during the execution of a process [Lam73]. A "container" can be a logical or physical device, such as a process instance, network socket, or variable. An IF is labeled "illegal" whenever it violates the security policies expressing the non-functional requirements put on the execution of the process, in particular the confidentiality and nonin...
Real-time TrafficRelated Content
| Added | 08 Nov 2010 |
| Updated | 08 Nov 2010 |
| Type | Conference |
| Year | 2009 |
| Where | BPSC |
| Authors | Rafael Accorsi, Claus Wonnemann |
Comments (0)
Researcher Info
|
