Controlling Break-the-Glass through Alignment

Modern IT systems have to deal with unpredictable situations and exceptions more and more often. In contrast, security mechanisms are usually very rigid. Functionality like break-the-glass is thus employed to allow users to bypass security mechanisms in case of emergencies. However, break-the-glass introduces a weak point in the system. In this paper, we present a flexible framework for controlling the use of break-the-glass using the notion of alignments. The framework measures to what extent a process execution diverges from the specification (i.e., using optimal alignments) and revokes the exceptional permissions granted to cope with the emergency when the severity of deviations cannot be tolerated. For the quantification of the severity of deviations, we extend alignment-based deviation analysis techniques by supporting the detection of high-level deviations such as activity replacements and swaps, hence providing a more accurate diagnosis of deviations than classical optimal alignments.

[1]  David W. Chadwick,et al.  How to Break Access Control in a Controlled Manner , 2006, 19th IEEE Symposium on Computer-Based Medical Systems (CBMS'06).

[2]  Sushil Jajodia,et al.  Regulating Exceptions in Healthcare Using Policy Spaces , 2008, DBSec.

[3]  Paola Mello,et al.  Declarative specification and verification of service choreographiess , 2010, TWEB.

[4]  Nicola Zannone,et al.  Purpose Control: Did You Process the Data for the Intended Purpose? , 2011, Secure Data Management.

[5]  Alexander L. Wolf,et al.  Software process validation: quantitatively measuring the correspondence of a process to a model , 1999, TSEM.

[6]  Pedro M. Domingos,et al.  Learning to match ontologies on the Semantic Web , 2003, The VLDB Journal.

[7]  Kevin W. Hamlen,et al.  Computability classes for enforcement mechanisms , 2006, TOPL.

[8]  Lujo Bauer,et al.  Run-Time Enforcement of Nonsafety Policies , 2009, TSEC.

[9]  Boudewijn F. van Dongen,et al.  Towards Robust Conformance Checking , 2010, Business Process Management Workshops.

[10]  Charles Safran,et al.  Improving personal health records for patient-centered care , 2010, J. Am. Medical Informatics Assoc..

[11]  Boudewijn F. van Dongen,et al.  Conformance Checking Using Cost-Based Fitness Analysis , 2011, 2011 IEEE 15th International Enterprise Distributed Object Computing Conference.

[12]  Wil M. P. van der Aalst,et al.  Genetic process mining: an experimental evaluation , 2007, Data Mining and Knowledge Discovery.

[13]  S. Dumais Latent Semantic Analysis. , 2005 .

[14]  Emil C. Lupu,et al.  Dynamic Ontology Mapping for Interacting Autonomous Systems , 2007, IWSOS.

[15]  Nicola Zannone,et al.  Measuring Privacy Compliance with Process Specifications , 2011, 2011 Third International Workshop on Security Measurements and Metrics.

[16]  Achim D. Brucker,et al.  Extending access control models with break-glass , 2009, SACMAT '09.

[17]  Wil M. P. van der Aalst,et al.  Workflow mining: discovering process models from event logs , 2004, IEEE Transactions on Knowledge and Data Engineering.

[18]  Adriansyah,et al.  Controlling Break-The-Glass Through Alignment 1 , 2013 .

[19]  Wil M. P. van der Aalst,et al.  Context Aware Trace Clustering: Towards Improving Process Mining Results , 2009, SDM.

[20]  Boudewijn F. van Dongen,et al.  Replaying history on process models for conformance checking and performance analysis , 2012, WIREs Data Mining Knowl. Discov..

[21]  Tadao Murata,et al.  Petri nets: Properties, analysis and applications , 1989, Proc. IEEE.

[22]  Wil M. P. van der Aalst,et al.  Conformance checking of processes based on monitoring real behavior , 2008, Inf. Syst..

[23]  Boudewijn F. van Dongen,et al.  Process Mining and Verification of Properties: An Approach Based on Temporal Logic , 2005, OTM Conferences.

[24]  Nicola Zannone,et al.  Measuring Privacy Compliance Using Fitness Metrics , 2012, BPM.

[25]  Mathias Weske,et al.  Process compliance analysis based on behavioural profiles , 2011, Inf. Syst..

[26]  van der Wmp Wil Aalst,et al.  Memory-efficient alignment of observed and modeled behavior , 2013 .

[27]  Fabio Massacci,et al.  Predictability of Enforcement , 2011, ESSoS.

[28]  Koen Vanhoof,et al.  A Process Deviation Analysis Framework , 2012, Business Process Management Workshops.

[29]  Boudewijn F. van Dongen,et al.  Cost-Based Fitness in Conformance Checking , 2011, 2011 Eleventh International Conference on Application of Concurrency to System Design.