Skip to main content
SpringerLink
Log in
Book cover

International Conference on Business Process Management

BPM 2014: Business Process Management Workshops pp 89–95Cite as

Online Compliance Monitoring of Service Landscapes

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 202))

Abstract

Today, it is a challenging task to keep a service application running over the internet safe and secure. Based on a collection of security requirements, a so-called golden configuration can be created for such an application. When the application has been configured according to this golden configuration, it is assumed that it satisfies these requirements, that is, that it is safe and secure. This assumption is based on the best practices that were used for creating the golden configuration, and on assumptions like that nothing out-of-the-ordinary occurs. Whether the requirements are actually violated, can be checked on the traces that are left behind by the configured service application. Today’s applications typically log an enormous amount of data to keep track of everything that has happened. As such, such an event log can be regarded as the ground truth for the entire application: A security requirement is violated if and only if it shows in the event log. This paper introduces the ProMSecCo tool, which has been built to check whether the security requirements that have been used to create the golden configuration are violated by the event log as generated by the configured service application.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    European FP7 project on POlicy and SECurity COnfiguration management, see http://www.posecco.eu/.

  2. 2.

    The event log and other files used can be downloaded from http://www.promtools.org/prom6/PoSecCo.

  3. 3.

    ProMSecCo can be downloaded from http://www.promtools.org/prom6/PoSecCo/.

References

  1. van der Aalst, W.M.P.: Process Mining: Discovery Conformance and Enhancement of Business Processes. Springer, Berlin (2011)

    Book  Google Scholar 

  2. van der Aalst, W.M.P., van Hee, K.M., van der Werf, J.M.E.M., Verdonk, M.: Auditing 2.0: Using Process Mining to Support Tomorrow’s Auditor. IEEE Comput. 43(3), 102–105 (2010)

    Article  Google Scholar 

  3. van der Aalst, W.M.P., van Hee, K.M., van der Werf, J.M.E.M., Kumar, A., Verdonk, M.C.: Conceptual model for on line auditing. Decis. Support Syst. 50(3), 636–647 (2011)

    Article  Google Scholar 

  4. Arsac, W., Laube, A., Plate, H.: Policy chain for securing service oriented architectures. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds.) DPM 2012 and SETOP 2012. LNCS, vol. 7731, pp. 303–317. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  5. Bezzi, M., Damiani, E., Paraboschi, S., Plate, H.: Integrating advanced security certification and policy management. In: Felici, M. (ed.) CSP EU FORUM 2013. CCIS, vol. 182, pp. 55–66. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  6. Casalino, M.M., Mangili, M., Plate, H., Ponta, S.E.: Detection of configuration vulnerabilities in distributed (web) environments. In: Keromytis, A.D., Di Pietro, R. (eds.) SecureComm 2012. LNICST, vol. 106, pp. 131–148. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  7. Haworth, D.A., Pietron, L.R.: Sarbanes-Oxley: Achieving compliance by starting with ISO 17799. Inf. Syst. Manage. 23(1), 73–87 (2006)

    Article  Google Scholar 

  8. Jans, M., Lybaert, N., Vanhoof, K., van der Werf, J.M.E.M.: Business process mining for internal fraud risk reduction: results of a case study. In: 9th International Research Symposium on Accounting Information Systems, Paris (2008)

    Google Scholar 

  9. Jans, M., van der Werf, J.M.E.M., Lybaert, N., Vanhoof, K.: A business process mining application for internal transaction fraud mitigation. Expert Syst. Appl. 38(10), 13351–13359 (2011)

    Article  Google Scholar 

  10. van Loon, J.H.W.: Design of a monitor for on-the-fly checking of business rules. Master’s thesis, Technische Universiteit Eindhoven (2011)

    Google Scholar 

  11. Neri, M.A., Guarnieri, M., Magri, E., Mutti, S., Paraboschi, S.: A model-driven approach for securing software architectures. In: SECRYPT 2013, pp. 595–602. SciTePress (2013)

    Google Scholar 

  12. PoSecCo. D4.3 - Tailoring Semantic Process Mining Methods to Behavioral Landscape Models (2011)

    Google Scholar 

  13. Verbeek, H.M.W., Buijs, J.C.A.M., van Dongen, B.F., van der Aalst, W.M.P.: XES, XESame, and ProM 6. In: Soffer, P., Proper, E. (eds.) CAiSE Forum 2010. LNBIP, vol. 72, pp. 60–75. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  14. van der Werf, J.M.E.M., Verbeek, H.M.W., van der Aalst, W.M.P.: Context-aware compliance checking. In: Barros, A., Gal, A., Kindler, E. (eds.) BPM 2012. LNCS, vol. 7481, pp. 98–113. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information and Computing Science, University of Utrecht, Utrecht, The Netherlands

    J. M. E. M. van der Werf

  2. Department of Mathematics and Computer Science, Eindhoven University of Technology, Eindhoven, The Netherlands

    H. M. W. Verbeek

Authors
  1. J. M. E. M. van der Werf
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. H. M. W. Verbeek
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to J. M. E. M. van der Werf .

Editor information

Editors and Affiliations

  1. IBM Research – Haifa, Haifa, Israel

    Fabiana Fournier

  2. Vienna University of Economics and Business, Vienna, Austria

    Jan Mendling

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

van der Werf, J.M.E.M., Verbeek, H.M.W. (2015). Online Compliance Monitoring of Service Landscapes. In: Fournier, F., Mendling, J. (eds) Business Process Management Workshops. BPM 2014. Lecture Notes in Business Information Processing, vol 202. Springer, Cham. https://doi.org/10.1007/978-3-319-15895-2_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-15895-2_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-15894-5

  • Online ISBN: 978-3-319-15895-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation