Decentralised and Collaborative Auditing of Workflows

Workflows involve actions and decision making at the level of each participant. Trusted generation, collection and storage of evidence is fundamental for these systems to assert accountability in case of disputes. Ensuring the security of audit systems requires reliable protection of evidence in order to cope with its confidentiality, its integrity at generation and storage phases, as well as its availability. Collusion with an audit authority is a threat that can affect all these security aspects, and there is room for improvement in existent approaches that target this problem.

[1]  Anu Aravind,et al.  Workflow signature for business process domain: A new solution using IBMKD , 2015, 2015 Global Conference on Communication Technologies (GCCT).

[2]  John Zic,et al.  Accountability as a Service for the Cloud: From Concept to Implementation with BPEL , 2010, 2010 6th World Congress on Services.

[3]  Bart Preneel,et al.  Secure and Privacy-Friendly Logging for eGovernment Services , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[4]  Vern Paxson,et al.  Empirically derived analytic models of wide-area TCP connections , 1994, TNET.

[5]  Julian Schütte,et al.  Towards security in decentralized workflows , 2009, 2009 International Conference on Ultra Modern Telecommunications & Workshops.

[6]  Tony R. Sahama,et al.  Sharing with Care: An Information Accountability Perspective , 2011, IEEE Internet Computing.

[7]  J. Ramya Rajalakshmi,et al.  Anonymizing log management process for secure logging in the cloud , 2014, 2014 International Conference on Circuits, Power and Computing Technologies [ICCPCT-2014].

[8]  Xuan Wang,et al.  A Contribution Towards Solving the Web Workload Puzzle , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[9]  Thomas Moyer,et al.  Transparent Web Service Auditing via Network Provenance Functions , 2017, WWW.

[10]  Rafael Accorsi,et al.  A secure log architecture to support remote auditing , 2013, Math. Comput. Model..

[11]  Ragib Hasan,et al.  Towards Building Forensics Enabled Cloud Through Secure Logging-as-a-Service , 2016, IEEE Transactions on Dependable and Secure Computing.

[12]  Carsten Rudolph,et al.  Secure Web Service Workflow Execution , 2009, Electron. Notes Theor. Comput. Sci..

[13]  Rose F. Gamble,et al.  A Design and Verification Framework for Service Composition in the Cloud , 2013, 2013 IEEE Ninth World Congress on Services.

[14]  Carsten Rudolph,et al.  Secure Digital Chains of Evidence , 2011, 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[15]  Jan Mendling,et al.  Untrusted Business Process Monitoring and Execution Using Blockchain , 2016, BPM.

[16]  Florian Kerschbaum,et al.  Workflow Signatures for Business Process Compliance , 2012, IEEE Transactions on Dependable and Secure Computing.

[17]  Brent Waters,et al.  Building an Encrypted and Searchable Audit Log , 2004, NDSS.

[18]  Dan Lin,et al.  Ensuring Distributed Accountability for Data Sharing in the Cloud , 2012, IEEE Transactions on Dependable and Secure Computing.

[19]  Denys A. Flores An authentication and auditing architecture for enhancing security on egovernment services , 2014, 2014 First International Conference on eDemocracy & eGovernment (ICEDEG).

[20]  M.R. Nami,et al.  Application of Self-Managing Properties in Virtual Organizations , 2008, International Symposium on Computer Science and its Applications.

[21]  Ragib Hasan,et al.  SecLaaS: secure logging-as-a-service for cloud forensics , 2013, ASIA CCS '13.

[22]  Chin-Chen Chang,et al.  Enabling public auditability for operation behaviors in cloud storage , 2016, Soft Computing.

[23]  Feng Tian,et al.  A supply chain traceability system for food safety based on HACCP, blockchain & Internet of things , 2017, 2017 International Conference on Service Systems and Service Management.

[24]  Michael Werner,et al.  Multilevel Process Mining for Financial Audits , 2015, IEEE Transactions on Services Computing.

[25]  Rose F. Gamble,et al.  Embedding a Distributed Auditing Mechanism in the Service Cloud , 2014, 2014 IEEE World Congress on Services.

[26]  Indrajit Ray,et al.  Secure Logging as a Service—Delegating Log Management to the Cloud , 2013, IEEE Systems Journal.

[27]  Rafael Accorsi,et al.  BBox: A Distributed Secure Log Architecture , 2010, EuroPKI.

[28]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[29]  Ainuddin Wahid Abdul Wahab,et al.  CLASS: Cloud Log Assuring Soundness and Secrecy Scheme for Cloud Forensics , 2018, IEEE Transactions on Sustainable Computing.