FORTES: Forensic Information Flow Analysis of Business Processes

Authors Rafael Accorsi, Günter Müller



PDF
Thumbnail PDF

File

DagSemProc.10141.4.pdf
  • Filesize: 104 kB
  • 3 pages

Document Identifiers

Author Details

Rafael Accorsi
Günter Müller

Cite As Get BibTex

Rafael Accorsi and Günter Müller. FORTES: Forensic Information Flow Analysis of Business Processes. In Distributed Usage Control. Dagstuhl Seminar Proceedings, Volume 10141, pp. 1-3, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2010) https://doi.org/10.4230/DagSemProc.10141.4

Abstract

Nearly 70% of all business processes in use today rely on automated workflow systems for their execution. Despite the growing expenses in the design of advanced tools for secure and compliant deployment of workflows, an exponential growth of dependability incidents persists. Concepts beyond access control focusing on information flow control offer new paradigms to design security mechanisms for reliable and secure IT-based workflows.

This talk presents FORTES, an approach for the forensic analysis of information flow properties. FORTES claims that information flow control can be made usable as a core of an audit-control system. For this purpose, it reconstructs workflow models from secure log files (i.e. execution traces) and, applying security policies, analyzes the information flows to distinguish security relevant from security irrelevant information flows. FORTES thus cannot prevent security policy violations, but by detecting them with well-founded analysis, improve the precision of audit controls and the generated certificates.

Subject Classification

Keywords
  • Audit
  • Information flow analysis
  • business processes

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail