Leitner M.,University of Vienna |
Rinderle-Ma S.,University of Vienna |
Mangler J.,SBA Research
Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011 | Year: 2011
Flexibility is one of the key challenges for Workflow Systems nowadays. Typically, a workflow covers the following four aspects which might all be subject to change: control flow, data flow, organizational structures, and application components (services). Existing work in research and practice shows that changes must be applied in a controlled manner in order to avoid security problems. In this context, attempts have been made to manage administrative or operative changes using role-based access control (RBAC) models. However, most approaches focus on either administrative changes such as role updating and administration or operative changes, for example, inserting a new activity into a running workflow instance. The distinct handling of certain changes is cumbersome and hence should be reduced by introducing a RBAC model that pays attention to all kinds of possible workflow changes. Hence, in this paper, we present an extended RBAC model for adaptive workflow systems (AW-RBAC) that includes change operations and a variety of objects that are subject to change within workflow systems. Under such a model supervised administrative and operative changes can be enforced on a set of objects in workflow systems. Doing so, the AW-RBAC model improves security during workflow changes and reduces administration costs. The AW-RBAC model is evaluated by means of practical examples and a proof-of-concept implementation. © 2011 IEEE.
Heurix J.,SBA Research |
Neubauer T.,Vienna University of Technology
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2011
E-health allows better communication between health care providers and higher availability of medical data. However, the downside of interconnected systems is the increased probability of unauthorized access to highly sensitive records that could result in serious discrimination against the patient. This article provides an overview of actual privacy threats and presents a pseudonymization approach that preserves the patient's privacy and data confidentiality. It allows (direct care) primary use of medical records by authorized health care providers and privacy-preserving (non-direct care) secondary use by researchers. The solution also addresses the identifying nature of genetic data by extending the basic pseudonymization approach with queryable encryption. © 2011 Springer-Verlag.
Bozic J.,University of Graz |
Simos D.E.,SBA Research |
Wotawa F.,University of Graz
9th International Workshop on Automation of Software Test, AST 2014 - Proceedings | Year: 2014
The number of potential security threats rises with the increasing number of web applications, which cause tremendous financial and existential implications for developers and users as well. The biggest challenge for security testing is to specify and implement ways in order to detect potential vulnerabilities of the developed system in a never ending quest against new security threats but also to cover already known ones so that a program is suited against typical attack vectors. For these purposes many approaches have been developed in the area of model-based security testing in order to come up with solutions for real-world application problems. These approaches provide theoretical background as well as practical solutions for certain security issues. In this paper, we partially rely on previous work but focus on the representation of attack patterns using UML state diagrams. We extend previous work in combining the attack pattern models with combinatorial testing in order to provide concrete test input, which is submitted to the system under test. With combinatorial testing we capture different combinations of inputs and thus increasing the likelihood to find weaknesses in the implementation under test that can be exploited. Besides the foundations of our approach we further report on first experiments that indicate its practical use.
Leitner M.,University of Vienna |
Mangler J.,SBA Research |
Rinderle-Ma S.,University of Vienna
Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications | Year: 2011
Process-Aware Information Systems (PAIS) enable the definition, execution, and management of business processes. Typically, processes are specified by control flow, data flow, and users or services, authorized to execute process tasks. During process execution, it is often necessary to access sensitive data such as patient or customer information. To secure this confidential data, the use of security policies becomes an essential factor for the application of PAIS in practice. In general, PAIS security policies are specified based on access rules and authorization constraints. On top of these rules, context policies referring to data, location, or time might pose restrictions. Over the years, several approaches for modeling and enforcing security policies in PAIS have appeared. Many of them restrict security policy specification to access rules and authorization constraints, but neglect additional properties such as context information. As a further limitation, security policies are often defined in a heterogeneous way: whereas access rules are mostly defined at process task level leading to a merge of process logic and security aspects, additional policies such as authorization constraints are defined separately from the process logic. Consequently, security policies are not stored and managed centrally, but are rather distributed over different PAIS components, for example, the process model repository or the organizational model manager. In this paper, we introduce the formal concepts behind our SPRINT approach that aims at the consequent separation of security policies and process logic. Specifically, the SPRINT security policy data model and design methodology based on the concepts of responsibilities, permissions, and constraints will be provided. The concepts are evaluated based on a comparison with existing PAIS and a demonstration of the SPRINT prototype. The goal is to unify diverse security policies in different PAIS subsystems, to make security policies independent of these subsystems in order to restrain complexity from process modeling and evolution, and to allow for comprehensive security policy development and maintenance.
Fenz S.,Vienna University of Technology |
Ekelhart A.,SBA Research |
Neubauer T.,Vienna University of Technology
Communications of the Association for Information Systems | Year: 2011
As companies are increasingly exposed to information security threats, decision makers are permanently forced to pay attention to security issues. Information security risk management provides an approach for measuring the security through risk assessment, risk mitigation, and risk evaluation. Although a variety of approaches have been proposed, decision makers lack well-founded techniques that (1) show them what they are getting for their investment, (2) show them if their investment is efficient, and (3) do not demand in-depth knowledge of the IT security domain. This article defines a methodology for management decision makers that effectively addresses these problems. This work involves the conception, design, and implementation of the methodology into a software solution. The results from two qualitative case studies show the advantages of this methodology in comparison to established methodologies. 2011 by the Association for Information Systems.