Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Do Identity and Location Data Interrelate? New Affiliations and Privacy Concerns in Social-Driven Sharing Kapitel lesen Erstes Kapitel lesen

2019 | OriginalPaper | Buchkapitel

Decentralised and Collaborative Auditing of Workflows

verfasst von : Antonio Nehme, Vitor Jesus, Khaled Mahbub, Ali Abdallah

Erschienen in: Trust, Privacy and Security in Digital Business

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Workflows involve actions and decision making at the level of each participant. Trusted generation, collection and storage of evidence is fundamental for these systems to assert accountability in case of disputes. Ensuring the security of audit systems requires reliable protection of evidence in order to cope with its confidentiality, its integrity at generation and storage phases, as well as its availability. Collusion with an audit authority is a threat that can affect all these security aspects, and there is room for improvement in existent approaches that target this problem.
This work presents an approach for workflow auditing which targets security challenges of collusion-related threats, covers different trust and confidentiality requirements, and offers flexible levels of scrutiny for reported events. It relies on participants verifying each other’s reported audit data, and introduces a secure mechanism to share encrypted audit trails with participants while protecting their confidentiality. We discuss the adequacy of our audit approach to produce reliable evidence despite possible collusion to destroy, tamper with, or hide evidence.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel The Interrelation of Game Elements and Privacy Requirements for the Design of a System: A Metamodel
Nächstes Kapitel Gender Inference for Facebook Picture Owners
Fußnoten
Literatur
1.
2.
Accorsi, R.: A secure log architecture to support remote auditing. Math. Comput. Modell. 57(7), 1578–1591 (2013)CrossRef
3.
Ahsan, M.M., Wahab, A.W.A., Idris, M.Y.I., Khan, S., Bachura, E., Choo, K.K.R.: Class: cloud log assuring soundness and secrecy scheme for cloud forensics. IEEE Trans. Sustain. Comput. (2018)
4.
Alqahtani, S., Gamble, R.: Embedding a distributed auditing mechanism in the service cloud. In: 2014 IEEE World Congress on Services, pp. 69–76, June 2014
5.
Aravind, A., Sandeep, A.: Workflow signature for business process domain: a new solution using IBMKD. In: 2015 Global Conference on Communication Technologies (GCCT), pp. 619–622. IEEE (2015)
6.
Bates, A., et al.: Transparent web service auditing via network provenance functions. In: Proceedings of the 26th International Conference on World Wide Web, pp. 887–895. International World Wide Web Conferences Steering Committee (2017)
7.
Flores, D.A.: An authentication and auditing architecture for enhancing security on egovernment services. In: 2014 First International Conference on eDemocracy eGovernment (ICEDEG), pp. 73–76 April 2014)
8.
Gajanayake, R., Iannella, R., Sahama, T.: Sharing with care: an information accountability perspective. IEEE Internet Comput. 15(4), 31–38 (2011)CrossRef
9.
Goseva-Popstojanova, K., Li, F., Wang, X., Sangle, A.: A contribution towards solving the web workload puzzle. In: International Conference on Dependable Systems and Networks (DSN 2006), pp. 505–516. IEEE (2006)
10.
Hale, M.L., Gamble, M.T., Gamble, R.F.: A design and verification framework for service composition in the cloud. In: 2013 IEEE Ninth World Congress on Services, pp. 317–324, June 2013
11.
Kuntze, N., Rudolph, C.: Secure digital chains of evidence. In: 2011 IEEE Sixth International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), pp. 1–8. IEEE (2011)
12.
Lim, H.W., Kerschbaum, F., Wang, H.: Workflow signatures for business process compliance. IEEE Trans. Dependable Secur. Comput. 9(5), 756–769 (2012)
13.
Nami, M.R., Malekpour, A.: Application of self-managing properties in virtual organizations. In: 2008 International Symposium on Computer Science and its Applications, CSA 2008, pp. 13–16. IEEE (2008)
14.
Paxson, V.: Empirically-derived analytic models of wide-area TCP connections (1993)
15.
Rajalakshmi, J.R., Rathinraj, M., Braveen, M.: Anonymizing log management process for secure logging in the cloud. In: 2014 International Conference on Circuits, Power and Computing Technologies [ICCPCT-2014], pp. 1559–1564, March 2014
16.
Ray, I., Belyaev, K., Strizhov, M., Mulamba, D., Rajaram, M.: Secure logging as a service-delegating log management to the cloud. IEEE Syst. J. 7(2), 323–334 (2013)CrossRef
17.
Rudolph, C., Kuntze, N., Velikova, Z.: Secure web service workflow execution. Electron. Notes Theor. Comput. Sci. 236, 33–46 (2009)CrossRef
18.
19.
Sundareswaran, S., Squicciarini, A.C., Lin, D.: Ensuring distributed accountability for data sharing in the cloud. IEEE Trans. Dependable Secur. Comput. 9(4), 556–568 (2012)CrossRef
20.
Tian, F.: A supply chain traceability system for food safety based on HACCP, blockchain & internet of things. In: 2017 International Conference on Service Systems and Service Management (ICSSSM), pp. 1–6. IEEE (2017)
21.
Tian, H., et al.: Enabling public auditability for operation behaviors in cloud storage. Soft. Comput. 21(8), 2175–2187 (2017)CrossRef
22.
Velikova, Z., Schütte, J., Kuntze, N.: Towards security in decentralized workflows. In: 2009 International Conference on Ultra Modern Telecommunications & Workshops, ICUMT 2009, pp. 1–6. IEEE (2009)
23.
Waters, B.R., Balfanz, D., Durfee, G., Smetters, D.K.: Building an encrypted and searchable audit log. In: NDSS, vol. 4, pp. 5–6 (2004)
24.
25.
Werner, M., Gehrke, N.: Multilevel process mining for financial audits. IEEE Trans. Serv. Comput. 8(6), 820–832 (2015)CrossRef
26.
Wouters, K., Simoens, K., Lathouwers, D., Preneel, B.: Secure and privacy-friendly logging for egovernment services. In: 2008 Third International Conference on Availability, Reliability and Security, pp. 1091–1096, March 2008
27.
Yao, J., Chen, S., Wang, C., Levy, D., Zic, J.: Accountability as a service for the cloud: from concept to implementation with BPEL. In: 2010 6th World Congress on Services (SERVICES-1), pp. 91–98. IEEE (2010)
28.
Zawoad, S., Dutta, A., Hasan, R.: Towards building forensics enabled cloud through secure logging-as-a-service. IEEE Trans. Dependable Secur. Comput. 13(2), 148–162 (2016) CrossRef
29.
Zawoad, S., Dutta, A.K., Hasan, R.: SecLaaS: secure logging-as-a-service for cloud forensics. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 219–230. ACM (2013)
Metadaten
Titel
Decentralised and Collaborative Auditing of Workflows
verfasst von
Antonio Nehme
Vitor Jesus
Khaled Mahbub
Ali Abdallah
Copyright-Jahr
2019
Buch
Trust, Privacy and Security in Digital Business

Print ISBN: 978-3-030-27812-0

Electronic ISBN: 978-3-030-27813-7

Copyright-Jahr: 2019

DOI
https://doi.org/10.1007/978-3-030-27813-7_9

Premium Partner

    Bildnachweise