Controlling Break-the- glass Through Alignment A. Adriansyah B.F. van Dongen N. Zannone Washington D.C., 11.

Slides:



Advertisements
Similar presentations
A Case-based Approach to Business Process Monitoring S. Montani 1, G. Leonardi 1 1 Dipartimento di Informatica, University of Piemonte Orientale, Alessandria,
Advertisements

Issues Relevant To Distributed Security xuhong Zhang.
Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Andrea.
Chapter 6 Security Kernels.
Aligning Event Logs And Declare Models for Conformance Checking Massimiliano de Leoni, Fabrizio Maggi Wil van der Aalst.
Data Conformance Checking using Optimal Alignments Felix Mannhardt, Massimiliano de Leoni, Hajo A. Reijers.
Aligning Event Logs and Process Models for Multi- perspective Conformance Checking: An Approach Based on ILP Massimiliano de Leoni Wil M. P. van der Aalst.
1 Dynamic Software Updating Michael Hicks Jonathan T. Moore Scott Nettles Presented by: Ruchi Gupta Ritu Varma Rohan Puri.
AndroidCompiler. Layout Motivation Literature Review AndroidCompiler Future Works.
Models vs. Reality dr.ir. B.F. van Dongen Assistant Professor Eindhoven University of Technology
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
Saul Greenberg Groupware Infrastructures Saul Greenberg Professor Department of Computer Science University of Calgary.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
A Type System for Expressive Security Policies David Walker Cornell University.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
Boudewijn van Dongen April 27, 2005 The ProM-framework A framework for integrating process mining tools.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Complex Security Policies Dave Andersen Advanced Operating Systems Georgia State University.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Insuring Sensitive Processes through Process Mining Jorge Munoz-Gama Isao Echizen Jorge Munoz-Gama and Isao Echizen.
Portable and Predictable Performance on Heterogeneous Embedded Manycores (ARTEMIS ) ARTEMIS Project Review 28 nd October 2014 Multimedia Demonstrator.
Enforcing Concurrent Logon Policies with UserLock.
Web Policy Zeitgeist Panel SWPW 2005 – Galway, Ireland Piero Bonatti, November 7th, 2005.
SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.
SAMANVITHA RAMAYANAM 18 TH FEBRUARY 2010 CPE 691 LAYERED APPLICATION.
23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
KATHOLIEKE UNIVERSITEIT LEUVEN 1 Run time enforcement of security policies on the.NET framework Frank Piessens Joint work with many people including Lieven.
Slide 1V&V 10/2002 Software Quality Assurance Dr. Linda H. Rosenberg Assistant Director For Information Sciences Goddard Space Flight Center, NASA
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
1 Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework ¹ Dep. of Information and Communication Technology,
Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.
The Audit as a Management Tool Vermont State Auditor’s Office – April 2009.
A Method for Transparent Admission Control and Request Scheduling in E-Commerce Web Sites S. Elnikety, E. Nahum, J. Tracey and W. Zwaenpoel Presented By.
Software quality factors
Compliance Management Elham Ramezani 1. Enterprises are governed by regulations Compliance Report ✓ ✗ ✗ ✓ ✗ ✗ Laws & Regulations Diagnostic Information.
Network Perimeter Defense Josef Pojsl, Martin Macháček, Trusted Network Solutions, Inc.
Legion - A Grid OS. Object Model Everything is object Core objects - processing resource– host object - stable storage - vault object - definition of.
Personal Information Management in a Ubiquitous Computing Environment Institute of Systems & Information Technologies/KYUSHU Kenichi Takahashi.
Alignment-based Precision Checking A. Adriansyah 1, J. Munoz Gamma 2, J. Carmona 2, B.F. van Dongen 1, W.M.P. van der Aalst 1 Tallinn, 3 September 2012.
EISA (Enterprise Information Security Architecture) - detailed description of security processes and procedures to develop compliance with strategic goals.
Technical Support to SOA Governance E-Government Conference May 1-2, 2008 John Salasin, Ph.D. DARPA
Creating SmartArt 1.Create a slide and select Insert > SmartArt. 2.Choose a SmartArt design and type your text. (Choose any format to start. You can change.
"Decomposing Alignment- based Conformance Checking of Data-aware Process Models" Massimiliano de Leoni, Jorge Muñoz-Gama, Josep Carmona, Wil van der Aalst.
CS526: Information Security Chris Clifton November 25, 2003 Intrusion Detection.
Module 3 l Objectives –Identify the security risks associated with specific NT Services –Understand the risk introduced by specific protocols –Identify.
Internal Controls For Municipalities Vermont State Auditor’s Office – August 2008.
Assumptions of Secure Operation University of Sunderland CSEM02 Harry R. Erwin, PhD.
Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model.
1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.
Integrating the Healthcare Enterprise The Integration Profiles: Basic Security Profile.
Understanding Deviations AIS Nov.2014 Elham Ramezani Dirk Fahland Wil M.P. van der Aalst.
Certifying and Synthesizing Membership Equational Proofs Patrick Lincoln (SRI) joint work with Steven Eker (SRI), Jose Meseguer (Urbana) and Grigore Rosu.
The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.
Cloud App Security vs. O365 Advanced Security Management
From Restrictions to Regulations: The Social Side of Security
Online Compliance Monitoring of Service Landscapes
Model-Driven Engineering for Mission-Critical IoT Systems
O. Otenko PERMIS Project Salford University © 2002
SAMANVITHA RAMAYANAM 18TH FEBRUARY 2010 CPE 691
The Design & Implementation of Hyperupcalls
HIPAA Security Standards Final Rule
Manage Security Settings with Group Policy
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Presentation transcript:

Controlling Break-the- glass Through Alignment A. Adriansyah B.F. van Dongen N. Zannone Washington D.C., 11 Sep th ASE/IEEE International Conference on Information Privacy, Security, Risk and Trust COMMIT/

Enforcement Mechanisms 2 Trace : aclreh Strict: “l” is not allowed Relaxed: to which extent deviations are allowed?

: aclreh: a: ac: acl Enforcement mechanisms Security policies define allowed behavior Basic idea: infringements are violations and as such should not be permitted 3 Trace

: aclreh Run-time Enforcement 4 Trace : a: ac: acl

Break-the-Glass Existing protection mechanisms are very rigid Systems have to cope with exceptions – e.g., dealing with emergencies Include break-the-glass functionality – Bypass security mechanisms – Introduce weak point in the system 5

Overview 6 Process Model AlignmentsBreak-the-glass Architecture High-level Deviations Experiments Trace (Event Log)

Alignments 7 Trace : l a r c lrc >> ct4ct4 lt3lt3 e et5et5 rt2rt2 Prefix Alignment : e a at1at1 Synchronous moves Move on Model Move on Log lrc >> ct4ct4 lt3lt3 e et5et5 rt2rt2 Alignment : a at1at1 >> ht9ht9 Non-completion is penalized

Overview 8 Process Model AlignmentsBreak-the-glass Architecture High-level Deviations Experiments Trace (Event Log)

Controlled Break-the-glass Architecture 9 Process Model User Restricted Data Event Log Security Officer Break-the-glass Control Conformance Checker Logging Server Access Control Deviation Budget

2 1 Controlled Break-the-glass Example 10 Trace : l a r c lrc >> ct4ct4 lt3lt3 e et5et5 rt2rt2 Prefix Alignment : e Budget 0

Overview 11 Process Model AlignmentsBreak-the-glass Architecture High-level Deviations Experiments Trace (Event Log)

l r r l Swapped Activities 12 Trace : a c Prefix Alignment : e lrc >> ct4ct4 lt3lt3 e et5et5 rt2rt2 a at1at1 Process Model lrc ct4ct4 e et5et5 rt3'rt3' a at1at1 lt2'lt2' Prefix Alignment (without Pattern) lrc >> ct4ct4 lt3lt3 e et5et5 rt2rt2 a at1at1 Pattern Synchronous move: x/2 Move on model: + 

l r r l Swapped Activities 13 Trace : a c Prefix Alignment : e lrc >> ct4ct4 lt3lt3 e et5et5 rt2rt2 a at1at1 Process Model lrc ct4ct4 e et5et5 rt3'rt3' a at1at1 lt2'lt2' Prefix Alignment (without Pattern) lrc >> ct4ct4 lt3lt3 e et5et5 rt2rt2 a at1at1 Pattern Synchronous move: x/2 Move on model: + 

r l Replaced Activities 14 Trace : a e Alignment : l Process Model e et5et5 rl >> ct4ct4 lt3lt3 a at1at1 rt2rt2 l t tt9'tt9' Pattern Synchronous move: x Move on model: +  t

Overview 15 Process Model AlignmentsBreak-the-glass Architecture High-level Deviations Experiments Trace (Event Log)

Experiments 16 Synthetic Data Generated traces from a process model Injected deviations in traces Real-life Data Logs of a Dutch hospital 70% used to mine process model 30% used to verify compliance Comparison between automatic and manual verification

Experiments: Synthetic data 17 Without pattern All possible patterns Selected patterns

Experiments: Real-life data 18 n. casesResultMotivation 1OverestimationRepetition of the same transition 6OverestimationReordering 5UnderestimationDifficult to manually identify a corresponding run of the process model

Overview 19 Process Model AlignmentsBreak-the-glass Architecture High-level Deviations Experiments Trace (Event Log)

Conclusions Flexible architecture for controlling break-the-glass Diagnostics on high/low-level deviations Open Issues Assumption: Cost optimal alignment is the most “probable” Define cost function Determine deviation budget 20

Q&A 21

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.