14 research outputs found
Valued Workflow Satisfiability Problem
A workflow is a collection of steps that must be executed in some specific
order to achieve an objective. A computerised workflow management system may
enforce authorisation policies and constraints, thereby restricting which users
can perform particular steps in a workflow. The existence of policies and
constraints may mean that a workflow is unsatisfiable, in the sense that it is
impossible to find an authorised user for each step in the workflow and satisfy
all constraints. In this paper, we consider the problem of finding the "least
bad" assignment of users to workflow steps by assigning a weight to each policy
and constraint violation. To this end, we introduce a framework for associating
costs with the violation of workflow policies and constraints and define the
\emph{valued workflow satisfiability problem} (Valued WSP), whose solution is
an assignment of steps to users of minimum cost. We establish the computational
complexity of Valued WSP with user-independent constraints and show that it is
fixed-parameter tractable. We then describe an algorithm for solving Valued WSP
with user-independent constraints and evaluate its performance, comparing it to
that of an off-the-shelf mixed integer programming package
The bi-objective workflow satisfiability problem and workflow resiliency
A computerized workflow management system may enforce a security policy, specified in terms of authorized actions and constraints, thereby restricting which users can perform particular steps in a workflow. The existence of a security policy may mean that a workflow is unsatisfiable, in the sense that it is impossible to find a valid plan (an assignment of steps to authorized users such that all constraints are satisfied). Work in the literature focuses on the workflow satisfiability problem, a decision problem that outputs a valid plan if the instance is satisfiable (and a negative result otherwise). In this paper, we introduce the Bi-Objective Workflow Satisfiability Problem (BO-WSP), which enables us to solve optimization problems related to workflows and security policies. In particular, we are able to compute a “least bad” plan when some components of the security policy may be violated. In general, BO-WSP is intractable from both the classical and parameterized complexity point of view (where the parameter is the number of steps). We prove that computing a Pareto front for BO-WSP is fixed-parameter tractable (FPT) if we restrict our attention to user-independent constraints. This result has important practical consequences, since most constraints of practical interest in the literature are user-independent. Our proof is constructive and defines an algorithm, the implementation of which we describe and evaluate. We also present a second algorithm to compute a Pareto front which solves multiples instances of a related problem using mixed integer programming (MIP). We compare the performance of both our algorithms on synthetic instances, and show that the FPT algorithm outperforms the MIP-based one by several orders of magnitude on most instances. Finally, we study the important question of workflow resiliency and prove new results establishing that known decision problems are fixed-parameter tractable when restricted to user-independent constraints. We then propose a new way of modeling the availability of users and demonstrate that many questions related to resiliency in the context of this new model may be reduced to instances of BO-WSP
Recommended from our members
Mobile App Installation: the Role of Precautions and Desensitization
The purpose of this research is to investigate precautions that consumers take before installing mobile apps and consumer’s potential desensitization to excessive app permission requests. Through a survey of 209 participants, a prediction model was created that attempts to predict whether respondents would download applications asking for excessive permissions. The model results indicate those that take more precautions are less likely to download apps requesting excessive permissions. However, the precautions taken by participants may be inadequate and may leave consumers with a false since of security. Another key finding with the support of Communication Theory and the C-HIP Model is that some consumers have become desensitized to excessive permission requests. These consumers knowingly install apps requesting excessive permissions for reasons such as nothing bad has happened to them before, they trust the market, or they really want the app. The security implications of permission desensitization and inadequate precautions are discussed
Valued Authorization Policy Existence Problem:Theory and Experiments
Recent work has shown that many problems of satisfiability and resiliency in
workflows may be viewed as special cases of the authorization policy existence
problem (APEP), which returns an authorization policy if one exists and 'No'
otherwise. However, in many practical settings it would be more useful to
obtain a 'least bad' policy than just a 'No', where 'least bad' is
characterized by some numerical value indicating the extent to which the policy
violates the base authorization relation and constraints. Accordingly, we
introduce the Valued APEP, which returns an authorization policy of minimum
weight, where the (non-negative) weight is determined by the constraints
violated by the returned solution. We then establish a number of results
concerning the parameterized complexity of Valued APEP. We prove that the
problem is fixed-parameter tractable (FPT) if the set of constraints satisfies
two restrictions, but is intractable if only one of these restrictions holds.
(Most constraints known to be of practical use satisfy both restrictions.) We
also introduce a new type of resiliency for workflow satisfiability problem,
show how it can be addressed using Valued APEP and use this to build a set of
benchmark instances for Valued APEP. Following a set of computational
experiments with two mixed integer programming (MIP) formulations, we
demonstrate that the Valued APEP formulation based on the user profile concept
has FPT-like running time and usually significantly outperforms a naive
formulation.Comment: 32 pages, 5 figures. Preliminary version appeared in SACMAT 2021
(https://doi.org/10.1145/3450569.3463571). Some of the theoretical results
(algorithms) have been improved. Computational experiments have been added to
this versio
Extracting Role-Based Access Control Models from Business Process Event Logs
Keeruliste äriprotsesside ja järjest suurenevate andmemahtude juures on väljakutsuvaks
ülesandeks analüüsida ja parandada ettevõtte äriprotsessi andmeturvalisust. Infosüsteemid,
mis toetavad äriprotsessi mudeli (abstraktne esitus äriprotsessist) rakendamist, registreerivad
äriprotsessi tegevusi sündmustena eraldi logisse. Salvestatud sündmuste logid on aluseks
äriprotsessiga seotud andmete kaevamiseks. Need andmed on vajalikud äriprotsessi
analüüsimiseks ja parendamiseks, kuid neid andmeid võib kasutada ka turvaanalüüsiks.
Turvaanalüüsi üheks eesmärgiks on ka kontrollida, kas nende andmete hulgas turvalisusega
seotud informatsioon on kooskõlas praeguste turvanõuetega. Lisaks, äriprotsessi logide peal
saab rakendada äriprotsessikaeve (uurimisvaldkond, mis ühendab andmekaeve ja
äriprotsesside modelleerimise) tehnikaid, et luua äriprotsessi mudeleid. Lisaks äriprotsessi
mudelitele on võimalik tuletada ka teisi mudeleid, näiteks turvamudeleid, mida saab hiljem
kasutada turvameetmete tagamiseks infosüsteemis. Käesoleva töö eesmärgiks on esitada üks
võimalik meetod, kuidas luua rollipõhist ligipääsukontrolli esitatavaid turvamudeleid (Role-
Based Access Control models) XES-formaadis sündmuste logidest, mis on salvestatud
äriprotsessi toetava infosüsteemi poolt. Lisatähelepanu on suunatud kaitstavate infovarade
väljaselgitamiseks sündmuste logide põhjal. Need infovarad on näiteks dokumendid,
dokumendiväljad, või muud andmed, mida töödeldakse äriprotsessi tegevuste jooksul. Lisaks,
me hindame antud meetodi rakendatavust reaalse äriprotsessi sündmuste logi peal. Ühe
võimaliku meetodina me kontrollime sündmuste logi andmete ja seoste vastavust juurdepääsu
õigustega olemasoleva rollipõhise juurdepääsu kontrolli turvamudelis. Lõppkokkuvõttes võib
sündmuste logidest tuletatud rollipõhist ligipääsu kontrolli mudelit võtta aluseks
turvaanalüüsiks või rakendada mõnes süsteemis juurdepääsumehhanismina.Today, as business processes are getting more complex and the volumes of stored data about
business process executions are increasing in size, collecting information for the analysis and
for the improvement of the business process security1, is becoming a complex task.
Information systems that support business processes record business process executions into
event logs which capture the behavior of system usage in terms of events. Business process
event logs can be used for analysing and improving the business process, but also for
analysing the information security. One of the main goals of security analysis is to check the
compliance with existing security requirements. Also event logs can be the basis for business
process mining, or shortly process mining. Utilizing bottom-up process mining on event logs,
we can extract business process-related information for security analysis. Process mining is
not just only for discovering business process models, but also other models, such as security
models. For this purpose, we present a possible approach to extract RBAC models
(semi-)automatically from event logs in XES format. The focus is also on determining the
protected business assets, such as document or other artifact data that is exchanged and
accessed during business process activities. In addition, we evaluate the applicability of this
approach with conformance checking where we check the compliance of a real-life event log
with respect to the LTL constraints translated from RBAC model. Eventually, the purpose of
the extracted RBAC models is that they provide a basis for security analysis and they can be
adapted by other applications in order to implement access control mechanism
Query-based access control for secure collaborative modeling using bidirectional transformations
Large-scale model-driven system engineering projects are carried out collaboratively. Engineering artifacts stored in model repositories are developed in either offline (checkout-modify-commit) or online (GoogleDoc-style) scenarios. Complex systems frequently integrate models and components developed by different teams, vendors and suppliers. Thus confidentiality and integrity of design artifacts need to be protected by access control policies.
We propose a technique for secure collaborative modeling where (1) fine-grained access control for models can be defined by model queries, and (2) such access control policies are strictly enforced by bidirectional model transformations. Each collaborator obtains a filtered local copy of the model containing only those model elements which they are allowed to read; write access control policies are checked on the server upon submitting model changes. We illustrate the approach and carry out an initial scalability assessment using a case study of the MONDO EU project
Reasoning on the usage control security policies over data artifact business process models
The inclusion of security aspects in organizations is a crucial aspect to ensure compliance with both internal and external regulations. Business process models are a well-known mechanism to describe and automate the activities of the organizations, which should include security policies to ensure the correct performance of the daily activities. Frequently, these security policies involve complex data which cannot be represented using the standard Business Process Model Notation (BPMN). In this paper, we propose the enrichment of the BPMN with a UML class diagram to describe the data model, that is also combined with security policies defined using the UCONABC framework annotated within the business process model. The integration of the business process model, the data model, and the security policies provides a context where more complex reasoning can be applied about the satisfiability of the security policies in accordance with the business process and data models. To do so, wetransform the original models, including security policies, into the BAUML framework (an artifact-centric approach to business process modelling). Once this is done, it is possible to ensure that there are no inherent errors in the model (verification) and that it fulfils the business requirements (validation), thus ensuring that the business process and the security policies are compatible and that they are aligned with the business security requirements.This work has been supported by Project PID2020-112540RB-C44 funded by MCIN/AEI/ 10.13039/501100011033, Project TIN2017-87610-R funded by MCIN/AEI/10.13039/501100011033 and FEDER “Una manera de hacer Europa”, Project 2017-SGR-1749 by the Generalitat de Catalunya, Projects COPERNICA (P20 01224) and METAMORFOSIS by the Junta de Andalucía.Peer ReviewedPostprint (published version
Trustworthiness in Mobile Cyber Physical Systems
Computing and communication capabilities are increasingly embedded in diverse objects and structures in the physical environment. They will link the ‘cyberworld’ of computing and communications with the physical world. These applications are called cyber physical systems (CPS). Obviously, the increased involvement of real-world entities leads to a greater demand for trustworthy systems. Hence, we use "system trustworthiness" here, which can guarantee continuous service in the presence of internal errors or external attacks. Mobile CPS (MCPS) is a prominent subcategory of CPS in which the physical component has no permanent location. Mobile Internet devices already provide ubiquitous platforms for building novel MCPS applications. The objective of this Special Issue is to contribute to research in modern/future trustworthy MCPS, including design, modeling, simulation, dependability, and so on. It is imperative to address the issues which are critical to their mobility, report significant advances in the underlying science, and discuss the challenges of development and implementation in various applications of MCPS