Presentation is loading. Please wait.

Presentation is loading. Please wait.

Controlling Break-the- glass Through Alignment A. Adriansyah B.F. van Dongen N. Zannone Washington D.C., 11.

Published byMarvin Greene Modified over 8 years ago

Similar presentations

Presentation on theme: "Controlling Break-the- glass Through Alignment A. Adriansyah B.F. van Dongen N. Zannone Washington D.C., 11."— Presentation transcript:

1 Controlling Break-the- glass Through Alignment A. Adriansyah B.F. van Dongen N. Zannone {a.adriansyah,b.f.v.dongen,n.zannone}@tue.nl Washington D.C., 11 Sep 2013 5th ASE/IEEE International Conference on Information Privacy, Security, Risk and Trust COMMIT/

2 Enforcement Mechanisms 2 Trace : aclreh Strict: “l” is not allowed Relaxed: to which extent deviations are allowed?

3 : aclreh: a: ac: acl Enforcement mechanisms Security policies define allowed behavior Basic idea: infringements are violations and as such should not be permitted 3 Trace

4 : aclreh Run-time Enforcement 4 Trace : a: ac: acl

5 Break-the-Glass Existing protection mechanisms are very rigid Systems have to cope with exceptions – e.g., dealing with emergencies Include break-the-glass functionality – Bypass security mechanisms – Introduce weak point in the system 5

6 Overview 6 Process Model AlignmentsBreak-the-glass Architecture High-level Deviations Experiments Trace (Event Log)

7 Alignments 7 Trace : l a r c lrc >> ct4ct4 lt3lt3 e et5et5 rt2rt2 Prefix Alignment : e a at1at1 Synchronous moves Move on Model Move on Log lrc >> ct4ct4 lt3lt3 e et5et5 rt2rt2 Alignment : a at1at1 >> ht9ht9 Non-completion is penalized

8 Overview 8 Process Model AlignmentsBreak-the-glass Architecture High-level Deviations Experiments Trace (Event Log)

9 Controlled Break-the-glass Architecture 9 Process Model User Restricted Data Event Log Security Officer Break-the-glass Control Conformance Checker Logging Server Access Control Deviation Budget

10 2 1 Controlled Break-the-glass Example 10 Trace : l a r c lrc >> ct4ct4 lt3lt3 e et5et5 rt2rt2 Prefix Alignment : e Budget 0

11 Overview 11 Process Model AlignmentsBreak-the-glass Architecture High-level Deviations Experiments Trace (Event Log)

12 l r r l Swapped Activities 12 Trace : a c Prefix Alignment : e lrc >> ct4ct4 lt3lt3 e et5et5 rt2rt2 a at1at1 Process Model lrc ct4ct4 e et5et5 rt3'rt3' a at1at1 lt2'lt2' Prefix Alignment (without Pattern) lrc >> ct4ct4 lt3lt3 e et5et5 rt2rt2 a at1at1 Pattern Synchronous move: x/2 Move on model: + 

13 l r r l Swapped Activities 13 Trace : a c Prefix Alignment : e lrc >> ct4ct4 lt3lt3 e et5et5 rt2rt2 a at1at1 Process Model lrc ct4ct4 e et5et5 rt3'rt3' a at1at1 lt2'lt2' Prefix Alignment (without Pattern) lrc >> ct4ct4 lt3lt3 e et5et5 rt2rt2 a at1at1 Pattern Synchronous move: x/2 Move on model: + 

14 r l Replaced Activities 14 Trace : a e Alignment : l Process Model e et5et5 rl >> ct4ct4 lt3lt3 a at1at1 rt2rt2 l t tt9'tt9' Pattern Synchronous move: x Move on model: +  t

15 Overview 15 Process Model AlignmentsBreak-the-glass Architecture High-level Deviations Experiments Trace (Event Log)

16 Experiments 16 Synthetic Data Generated traces from a process model Injected deviations in traces Real-life Data Logs of a Dutch hospital 70% used to mine process model 30% used to verify compliance Comparison between automatic and manual verification

17 Experiments: Synthetic data 17 Without pattern All possible patterns Selected patterns

18 Experiments: Real-life data 18 n. casesResultMotivation 1OverestimationRepetition of the same transition 6OverestimationReordering 5UnderestimationDifficult to manually identify a corresponding run of the process model

19 Overview 19 Process Model AlignmentsBreak-the-glass Architecture High-level Deviations Experiments Trace (Event Log)

20 Conclusions Flexible architecture for controlling break-the-glass Diagnostics on high/low-level deviations Open Issues Assumption: Cost optimal alignment is the most “probable” Define cost function Determine deviation budget 20

21 Q&A 21

Download ppt "Controlling Break-the- glass Through Alignment A. Adriansyah B.F. van Dongen N. Zannone Washington D.C., 11."

Similar presentations

A Case-based Approach to Business Process Monitoring S. Montani 1, G. Leonardi 1 1 Dipartimento di Informatica, University of Piemonte Orientale, Alessandria,

A Case-based Approach to Business Process Monitoring S. Montani 1, G. Leonardi 1 1 Dipartimento di Informatica, University of Piemonte Orientale, Alessandria,
Issues Relevant To Distributed Security xuhong Zhang.

Issues Relevant To Distributed Security xuhong Zhang.
Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: Big data security evaluation UNIFI-CNR Nicola Nostro, Andrea.

Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Andrea.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
Aligning Event Logs And Declare Models for Conformance Checking Massimiliano de Leoni, Fabrizio Maggi Wil van der Aalst.

Aligning Event Logs And Declare Models for Conformance Checking Massimiliano de Leoni, Fabrizio Maggi Wil van der Aalst.
Data Conformance Checking using Optimal Alignments Felix Mannhardt, Massimiliano de Leoni, Hajo A. Reijers.

Data Conformance Checking using Optimal Alignments Felix Mannhardt, Massimiliano de Leoni, Hajo A. Reijers.
Aligning Event Logs and Process Models for Multi- perspective Conformance Checking: An Approach Based on ILP Massimiliano de Leoni Wil M. P. van der Aalst.

Aligning Event Logs and Process Models for Multi- perspective Conformance Checking: An Approach Based on ILP Massimiliano de Leoni Wil M. P. van der Aalst.
1 Dynamic Software Updating Michael Hicks Jonathan T. Moore Scott Nettles Presented by: Ruchi Gupta Ritu Varma Rohan Puri.

1 Dynamic Software Updating Michael Hicks Jonathan T. Moore Scott Nettles Presented by: Ruchi Gupta Ritu Varma Rohan Puri.
AndroidCompiler. Layout Motivation Literature Review AndroidCompiler Future Works.

AndroidCompiler. Layout Motivation Literature Review AndroidCompiler Future Works.
Models vs. Reality dr.ir. B.F. van Dongen Assistant Professor Eindhoven University of Technology

Models vs. Reality dr.ir. B.F. van Dongen Assistant Professor Eindhoven University of Technology
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.

Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
Saul Greenberg Groupware Infrastructures Saul Greenberg Professor Department of Computer Science University of Calgary.

Saul Greenberg Groupware Infrastructures Saul Greenberg Professor Department of Computer Science University of Calgary.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.

Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
A Type System for Expressive Security Policies David Walker Cornell University.

A Type System for Expressive Security Policies David Walker Cornell University.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
Boudewijn van Dongen April 27, 2005 The ProM-framework A framework for integrating process mining tools.

Boudewijn van Dongen April 27, 2005 The ProM-framework A framework for integrating process mining tools.

Similar presentations

Ads by Google