Claus Wonnemann

Strong non-leak guarantees for workflow models

Despite the correct deployment of access control mechanisms, information leaks can persist and undermine the compliance of workflows to regulations and policies. This paper proposes InDico, a framework for the automated detection of information leaks in workflow models based on static information flow analysis. InDico identifies leaks induced by the structure of the workflow, i.e. its control flow. To this end, it translates workflow models, e.g. in BPEL or BPMN, into Petri nets and conducts the static information flow analysis. Examples demonstrate the applicability and the kinds of information leaks InDico currently detects.

InDico: information flow analysis of business processes for confidentiality requirements

This paper presents InDico, an approach for the automated analysis of business processes against confidentiality requirements. InDico is motivated by the fact that in spite of the correct deployment of access control mechanisms, information leaks in automated business processes can persist due to erroneous process design. InDico employs a meta-model based on Petri nets to formalize and analyze business processes, thereby enabling the identification of leaks caused by a flawed process design.

Auditing Workflow Executions against Dataflow Policies

This paper presents IFAudit , an approach for the audit of dataflow policies in workflow models. IFAudit encompasses three steps. First, propagation graphs are generated from workflows’ log data. They represent the explicit information flows caused, e.g., by data access and message-passing, that have occurred during the execution of the workflow. Second, dataflow policies expressing security and compliance requirements are formalized in a system-independent manner as a binary relation on the workflow principals. Third, an audit algorithm analyzes the propagation graphs against the policies and delivers evidence with regard to whether the workflow complies with them. Besides presenting the corresponding algorithms, the paper discusses possible extensions to address more general types of information flows.

Towards Forensic Data Flow Analysis of Business Process Logs

This paper presents RecIF, a forensic technique for the analysis of business process logs to detect illegal data flows. RecIF uses propagation graphs to formally capture the data flow within a process execution. Abstracting away from the concrete traces, propagation graphs are analyzed with extensional data flow policies that denote what -- instead of how -- relevant industrial requirements, e.g. Chinese Wall and separation of duty constraints, are to be achieved. An example and the corresponding runtime figures demonstrate the feasibility of the approach.

On Information Flow Forensics in Business Application Scenarios

To-date, security analysis techniques focus on the explicit access to data, thereby neglecting information flows happening over covert channels. As a result, critical business software applications and their deployment may be labeled secure, whereas in fact they are not. We present ongoing research towards information flow forensics, a novel approach for the a-posteriori detection of information flow. We motivate our work by illustrating the implications of illicit information flow in different software application scenarios and demonstrate why current approaches fall short of effectively enforcing information flow policies in many cases. We show that information flow forensics can mitigate these drawbacks and outline some interesting research challenges involved in its realization.

SWAT: A Security Workflow Analysis Toolkit for Reliably Secure Process-aware Information Systems

This paper reports on ongoing work on SWAT, a new toolkit for security workflow analysis. SWAT provides a platform for the realization and testing of well-founded methods to detect information leaks in workflows, both for the workflow certification and for audit based upon the execution traces. Besides presenting the SWATs functionality and high-level architecture, an example illustrates its operation.

Forensic Leak Detection for Business Process Models

This paper presents a formal forensic technique based on information flow analysis to detect data and information leaks in business process models. The approach can be uniformly applied to the analysis of process specifications and the log files generated during process execution. The Petri net dialect IF net is used to provide a common basis for the formalization of isolation properties, the representation of business process specifications and their analysis. The utility of the approach is illustrated using an eHealth case study.

Password Management for EPC Class 1 Generation 2 Transponders

RFID systems compliant to the widely-used standard EPC class 1 generation 2 lack effective security mechanisms. We show that passwords used to protect critical functionality can be obtained by attackers with only moderate effort. Since more capable systems are not likely to replace the current standard in the medium term, it is crucial to embed the deployment of RFID technology into IT-ecosystems that ensure a minimization of the potential damage caused by an attack. This objective can be achieved by using transponder-individual passwords. The associated challenge of an efficient and scalable password management remains one of most pressing problems of an enterprise-spanning RFID deployment, however. In this paper, we present two approaches for a password management infrastructure and describe their integration into a retailers processes.

RFID – ist Sicherheit in offenen Anwendungen erreichbar?

ZusammenfassungRFID-Technologie wird bereits seit vielen Jahren erfolgreich für die Steuerung industrieller Prozesse eingesetzt. Nur ein kleiner Teil dieser Anwendungen benutzt RFID allerdings in offenen Kreisläufen, in denen auch unternehmensfremde Personen mit Transpondern interagieren. Dies sind genau die Fälle, in denen der Einsatz von RFID zur Verletzung von Datensicherheit und informationeller Selbstbestimmung Einzelner führen kann.Der Beitrag untersucht die spezifischen Bedrohungen, die in derartigen Szenarien von RFID ausgehen können und stellt aktuelle Forschungsergebnisse vor, mit denen diesen Bedrohungen begegnet werden kann. Dabei werden neben Möglichkeiten zur Zugriffkontrolle auf Transponderebene auch regulatorische Maßnahmen und Mechanismen zur Kontrolle nachfolgender Datenverarbeitung untersucht.AbstractRFID technology has been successfully deployed in industry for many years. Only a small fraction of these deployments uses RFID in applications that allow external parties to get in touch with transponders. These are exactly those cases in which violations of data protection goals or an individual’s personal privacy might happen due to RFID usage.The article examines the specific threats that might evolve from the application of RFID technology in suchlike scenarios and presents current research tackling those threats. Along with access control techniques, approaches striving to rule out misuse through regulations and mechanisms for backend usage control are discussed.