乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T01:19:05Z","timestamp":1725758345971},"publisher-location":"Berlin, Heidelberg","reference-count":56,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642420009"},{"type":"electronic","value":"9783642420016"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-42001-6_17","type":"book-chapter","created":{"date-parts":[[2013,11,21]],"date-time":"2013-11-21T04:25:02Z","timestamp":1385007902000},"page":"240-254","source":"Crossref","is-referenced-by-count":8,"title":["Why Are Business Processes Not Secure?"],"prefix":"10.1007","author":[{"given":"G\u00fcnter","family":"M\u00fcller","sequence":"first","affiliation":[]},{"given":"Rafael","family":"Accorsi","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"unstructured":"Wolf, C., Harmon, P.: The state of business process management. BPTrends Report (2010), http:\/\/www.bptrends.com\/","key":"17_CR1"},{"unstructured":"Website, http:\/\/finance.fortune.cnn.com\/2011\/09\/27\/the-fine-line-between-bad-luck-and-rogue-trades\/","key":"17_CR2"},{"issue":"3","key":"17_CR3","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/MSP.2008.71","volume":"6","author":"J. Epstein","year":"2008","unstructured":"Epstein, J.: Security Lessons Learned from Soci\u00e9t\u00e9 G\u00e9n\u00e9rale. IEEE Security & Privacy\u00a06(3), 80\u201382 (2008)","journal-title":"IEEE Security & Privacy"},{"issue":"6","key":"17_CR4","doi-asserted-by":"publisher","first-page":"790","DOI":"10.1016\/j.future.2010.10.005","volume":"27","author":"Y. Simmhan","year":"2011","unstructured":"Simmhan, Y., Barga, R.S.: Analysis of approaches for supporting the Open Provenance Model: A case study of the Trident workflow workbench. Future Generation Comp. Syst.\u00a027(6), 790\u2013796 (2011)","journal-title":"Future Generation Comp. Syst."},{"unstructured":"Website, http:\/\/www.google.com\/patents\/US6009410","key":"17_CR5"},{"unstructured":"Website, http:\/\/www.google.com\/patents\/WO2012166878A2?cl=en","key":"17_CR6"},{"doi-asserted-by":"crossref","unstructured":"Saat, J., Franke, U., Lagerstr\u00f6m, R., Ekstedt, M.: Enterprise Architecture Meta Models for IT\/Business Alignment Situations. In: EDOC 2010, pp. 14\u201323. IEEE (2010)","key":"17_CR7","DOI":"10.1109\/EDOC.2010.17"},{"issue":"1","key":"17_CR8","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1145\/234313.234412","volume":"28","author":"R.S. Sandhu","year":"1996","unstructured":"Sandhu, R.S., Samarati, P.: Authetication, Access Control, and Audit. ACM Comput. Surv.\u00a028(1), 241\u2013243 (1996)","journal-title":"ACM Comput. Surv."},{"key":"17_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/978-3-540-45215-7_2","volume-title":"Computer Network Security","author":"R.S. Sandhu","year":"2003","unstructured":"Sandhu, R.S., Park, J.: Usage Control: A Vision for Next Generation Access Control. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol.\u00a02776, pp. 17\u201331. Springer, Heidelberg (2003)"},{"issue":"3","key":"17_CR10","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1007\/s12599-011-0155-7","volume":"3","author":"R. Accorsi","year":"2011","unstructured":"Accorsi, R., Lowis, L., Sato, Y.: Automated Certification for Compliant Cloud-based Business Processes. Business & Information Systems Engineering\u00a03(3), 145\u2013154 (2011)","journal-title":"Business & Information Systems Engineering"},{"key":"17_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1007\/978-3-642-32885-5_21","volume-title":"Business Process Management","author":"E. Ramezani","year":"2012","unstructured":"Ramezani, E., Fahland, D., van der Aalst, W.M.P.: Where Did I Misbehave? Diagnostic Information in Compliance Checking. In: Barros, A., Gal, A., Kindler, E. (eds.) BPM 2012. LNCS, vol.\u00a07481, pp. 262\u2013278. Springer, Heidelberg (2012)"},{"unstructured":"Brewer, D.F.C., Nash, M.J.: The Chinese Wall Security Policy. In: IEEE Symposium on Security and Privacy, pp. 206\u2013214. IEEE (1989)","key":"17_CR12"},{"issue":"3","key":"17_CR13","doi-asserted-by":"publisher","first-page":"666","DOI":"10.1147\/sj.403.0666","volume":"40","author":"R.A. Botha","year":"2001","unstructured":"Botha, R.A., Eloff, J.H.P.: Separation of duties for access control enforcement in workflow environments. IBM Systems Journal\u00a040(3), 666\u2013682 (2001)","journal-title":"IBM Systems Journal"},{"doi-asserted-by":"crossref","unstructured":"Accorsi, R., Wonnemann, C.: Strong non-leak guarantees for workflow models. In: ACM Symp. Applied Computing, pp. 308\u2013314 (2011)","key":"17_CR14","DOI":"10.1145\/1982185.1982254"},{"unstructured":"Roscoe, A.W.: Intensional specifications of security protocols. In: Computer Security Foundations Workshop, pp. 28\u201338. IEEE (1996)","key":"17_CR15"},{"doi-asserted-by":"crossref","unstructured":"Weske, M.: Business Process Management - Concepts, Languages, Architectures. Springer (2012)","key":"17_CR16","DOI":"10.1007\/978-3-642-28616-2"},{"doi-asserted-by":"crossref","unstructured":"Basin, D., Burri, S., Karjoth, G.: Optimal workflow-aware authorizations. In: ACM Symp. Access Control Models and Technologies, pp. 93\u2013102 (2012)","key":"17_CR17","DOI":"10.1145\/2295136.2295154"},{"issue":"4","key":"17_CR18","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1145\/1880022.1880034","volume":"13","author":"Q. Wang","year":"2010","unstructured":"Wang, Q., Li, N.: Satisfiability and Resiliency in Workflow Authorization Systems. ACM Trans. Inf. Syst. Secur.\u00a013(4), 40 (2010)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"issue":"3","key":"17_CR19","doi-asserted-by":"publisher","first-page":"230","DOI":"10.1109\/TSC.2010.37","volume":"4","author":"L. Lowis","year":"2011","unstructured":"Lowis, L., Accorsi, R.: Vulnerability Analysis in SOA-Based Business Processes. IEEE T. Services Computing\u00a04(3), 230\u2013242 (2011)","journal-title":"IEEE T. Services Computing"},{"doi-asserted-by":"crossref","unstructured":"Lowis, L., Accorsi, R.: On a Classification Approach for SOA Vulnerabilities. In: IEEE Computer Software and Applications Conf., pp. 439\u2013444 (2009)","key":"17_CR20","DOI":"10.1109\/COMPSAC.2009.173"},{"key":"17_CR21","doi-asserted-by":"publisher","first-page":"46","DOI":"10.1007\/978-3-642-00899-3_3","volume":"2","author":"N. Lohmann","year":"2009","unstructured":"Lohmann, N., Verbeek, E., Dijkman, R.M.: Petri Net Transformations for Business Processes - A Survey. T. Petri Nets and Other Models of Concurrency\u00a02, 46\u201363 (2009)","journal-title":"T. Petri Nets and Other Models of Concurrency"},{"key":"17_CR22","series-title":"LNBIP","doi-asserted-by":"publisher","first-page":"675","DOI":"10.1007\/978-3-642-36285-9_67","volume-title":"Business Process Management Workshops","author":"A. Lehmann","year":"2013","unstructured":"Lehmann, A., Lohmann, N.: Modeling Wizard for Confidential Business Processes. In: La Rosa, M., Soffer, P. (eds.) BPM Workshops 2012. LNBIP, vol.\u00a0132, pp. 675\u2013688. Springer, Heidelberg (2013)"},{"doi-asserted-by":"crossref","unstructured":"Accorsi, R., Wonnemann, C., Dochow, S.: SWAT: A Security Workflow Analysis Toolkit for Reliably Secure Process-aware Information Systems. In: Conference on Availability, Reliability and Security, pp. 692\u2013697 (2011)","key":"17_CR23","DOI":"10.1109\/ARES.2011.108"},{"unstructured":"Accorsi, R., H\u00f6hn, S.: Towards a Framework for Process Rewriting. In: IFIP Symposium on Data-Driven Process Discovery and Analysis (to appear, 2013)","key":"17_CR24"},{"doi-asserted-by":"crossref","unstructured":"Fdhila, W., Rinderle-Ma, S., Reichert, M.: Change propagation in collaborative processes scenarios. In: CollaborateCom 2012, pp. 452\u2013461. IEEE (2012)","key":"17_CR25","DOI":"10.4108\/icst.collaboratecom.2012.250408"},{"issue":"5","key":"17_CR26","doi-asserted-by":"publisher","first-page":"375","DOI":"10.1007\/s11576-008-0079-0","volume":"50","author":"R. Accorsi","year":"2008","unstructured":"Accorsi, R., Sato, Y., Kai, S.: Compliance monitor for early warning risk determination. Wirtschaftsinformatik\u00a050(5), 375\u2013382 (2008)","journal-title":"Wirtschaftsinformatik"},{"doi-asserted-by":"crossref","unstructured":"Ni, Q., Bertino, E., Lobo, J.: Risk-based access control systems built on fuzzy inferences. In: ACM ASIACCS, pp. 250\u2013260. ACM (2010)","key":"17_CR27","DOI":"10.1145\/1755688.1755719"},{"doi-asserted-by":"crossref","unstructured":"Brucker, A.D., Petritsch, H.: Extending access control models with break-glass. In: ACM Symp. Access Control Models and Technologies, pp. 197\u2013206. ACM (2009)","key":"17_CR28","DOI":"10.1145\/1542207.1542239"},{"issue":"5","key":"17_CR29","doi-asserted-by":"publisher","first-page":"354","DOI":"10.1007\/s00287-012-0641-4","volume":"35","author":"R. Accorsi","year":"2012","unstructured":"Accorsi, R., Ullrich, M., Van der Aalst, W.M.P.: Process Mining. Informatik Spektrum\u00a035(5), 354\u2013359 (2012)","journal-title":"Informatik Spektrum"},{"doi-asserted-by":"crossref","unstructured":"Van der Aalst, W.M.P.: Process Mining - Discovery, Conformance and Enhancement of Business Processes. Springer (2011)","key":"17_CR30","DOI":"10.1007\/978-3-642-19345-3"},{"doi-asserted-by":"crossref","unstructured":"Accorsi, R., Stocker, T., M\u00fcller, G.: On the exploitation of process mining for security audits: the process discovery case. In: ACM Symp. Applied Computing, pp. 1462\u20131468 (2013)","key":"17_CR31","DOI":"10.1145\/2480362.2480634"},{"key":"17_CR32","series-title":"LNBIP","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1007\/978-3-642-34044-4_9","volume-title":"Data-Driven Process Discovery and Analysis","author":"R. Accorsi","year":"2012","unstructured":"Accorsi, R., Stocker, T.: Discovering Workflow Changes with Time-Based Trace Clustering. In: Aberer, K., Damiani, E., Dillon, T. (eds.) SIMPDA 2011. LNBIP, vol.\u00a0116, pp. 154\u2013168. Springer, Heidelberg (2012)"},{"key":"17_CR33","series-title":"LNBIP","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/978-3-642-12814-1_18","volume-title":"Business Information Systems","author":"R. Accorsi","year":"2010","unstructured":"Accorsi, R., Wonnemann, C.: Auditing Workflow Executions against Dataflow Policies. In: Abramowicz, W., Tolksdorf, R. (eds.) BIS 2010. LNBIP, vol.\u00a047, pp. 207\u2013217. Springer, Heidelberg (2010)"},{"unstructured":"Accorsi, R., Wonnemann, C.: Detective Information Flow Analysis for Business Processes. In: Business Process and Services Computing, pp. 223\u2013224. GI (2009)","key":"17_CR34"},{"doi-asserted-by":"crossref","unstructured":"Accorsi, R., Stocker, T.: On the exploitation of process mining for security audits: the conformance checking case. In: ACM Symp. Applied Computing, pp. 1709\u20131716. ACM (2012)","key":"17_CR35","DOI":"10.1145\/2245276.2232051"},{"unstructured":"Accorsi, R.: Automated Privacy Audits to Complement the Notion of Control for Identity Management. In: Conference on Identity Management, pp. 39\u201348 (2007)","key":"17_CR36"},{"doi-asserted-by":"crossref","unstructured":"Accorsi, R., Stocker, T.: Automated Privacy Audits Based on Pruning of Log Data. In: Enterprise Distributed Object Computing Conference, pp. 175\u2013182 (2008)","key":"17_CR37","DOI":"10.1109\/EDOCW.2008.18"},{"unstructured":"DoD, Trusted computer security evaluation criteria (1983), Website: http:\/\/csrc.nist.gov\/publications\/histroy\/dod85.pdf","key":"17_CR38"},{"unstructured":"ISO\/IEC, ISO\/IEC Information Security Management System 27001 (2005), Website: http:\/\/www.27000.org\/iso-27001.htm","key":"17_CR39"},{"unstructured":"Gallegos, F., Senft, S.: Information Technology Control and Audit. Auerbach Publications (2004)","key":"17_CR40"},{"doi-asserted-by":"crossref","unstructured":"Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In: ACM Conference on Computer and Communications Security, pp. 199\u2013212. ACM (2009)","key":"17_CR41","DOI":"10.1145\/1653662.1653687"},{"doi-asserted-by":"crossref","unstructured":"Pearce, M., Zeadally, S., Hunt, R.: Virtualization: Issues, security threats, and solutions. ACM Comput. Surv.\u00a045(2), 17:1\u201317:39 (2013)","key":"17_CR42","DOI":"10.1145\/2431211.2431216"},{"doi-asserted-by":"crossref","unstructured":"Chen, S., Wang, R., Wang, X., Zhang, K.: Side-channel leaks in web applications: A reality today, a challenge tomorrow. In: IEEE Symposium on Security and Privacy, pp. 191\u2013206. IEEE (2010)","key":"17_CR43","DOI":"10.1109\/SP.2010.20"},{"issue":"1","key":"17_CR44","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.jnca.2010.07.006","volume":"34","author":"S. Subashini","year":"2011","unstructured":"Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Network and Computer Applications\u00a034(1), 1\u201311 (2011)","journal-title":"J. Network and Computer Applications"},{"doi-asserted-by":"crossref","unstructured":"Shabtai, A., Elovici, Y., Rokach, L.: A survey of data leakage detection and prevention solutions. Springer (2012)","key":"17_CR45","DOI":"10.1007\/978-1-4614-2053-8"},{"issue":"6","key":"17_CR46","doi-asserted-by":"publisher","first-page":"1065","DOI":"10.1017\/S0960129509990120","volume":"19","author":"N. Busi","year":"2009","unstructured":"Busi, N., Gorrieri, R.: Structural non-interference in elementary and trace nets. Mathematical Structures in Computer Science\u00a019(6), 1065\u20131090 (2009)","journal-title":"Mathematical Structures in Computer Science"},{"key":"17_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"172","DOI":"10.1007\/978-3-642-32885-5_13","volume-title":"Business Process Management","author":"R. Accorsi","year":"2012","unstructured":"Accorsi, R., Lehmann, A.: Automatic Information Flow Analysis of Business Process Models. In: Barros, A., Gal, A., Kindler, E. (eds.) BPM 2012. LNCS, vol.\u00a07481, pp. 172\u2013187. Springer, Heidelberg (2012)"},{"key":"17_CR48","series-title":"IFIP AICT","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/978-3-642-24212-0_8","volume-title":"Advances in Digital Forensics VII","author":"R. Accorsi","year":"2011","unstructured":"Accorsi, R., Wonnemann, C.: Forensic Leak Detection for Business Process Models. In: Peterson, G., Shenoi, S. (eds.) Advances in Digital Forensics VII. IFIP AICT, vol.\u00a0361, pp. 101\u2013103. Springer, Heidelberg (2011)"},{"doi-asserted-by":"crossref","unstructured":"Accorsi, R., Wonnemann, C.: Static Information Flow Analysis of Workflow Models. ISSS\/BPSC 2010: 194-205 (2010)","key":"17_CR49","DOI":"10.1007\/978-3-642-22444-7_13"},{"doi-asserted-by":"crossref","unstructured":"Accorsi, R., Wonnemann, C.: InDico: Information Flow Analysis of Business Processes for Confidentiality Requirements. In: ERCIM Workshop on Security and Trust Management, pp. 194\u2013209 (2010)","key":"17_CR50","DOI":"10.1007\/978-3-642-22444-7_13"},{"issue":"6","key":"17_CR51","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1007\/s12599-011-0181-5","volume":"3","author":"C. Houy","year":"2011","unstructured":"Houy, C., Fettke, P., Loos, P., Van der Aalst, W.M.P., Krogstie, J.: Business Process Management in the Large. Business & Information Systems Engineering\u00a03(6), 385\u2013388 (2011)","journal-title":"Business & Information Systems Engineering"},{"issue":"2","key":"17_CR52","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1145\/2240276.2240281","volume":"15","author":"R. Khoury","year":"2012","unstructured":"Khoury, R., Tawbi, N.: Corrective Enforcement: A New Paradigm of Security Policy Enforcement by Monitors. ACM Trans. Inf. Syst. Secur.\u00a015(2), 10 (2012)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"doi-asserted-by":"crossref","unstructured":"Accorsi, R.: Business Process as a Service: Chances for Remote Auditing. In: IEEE International Computer Software and Applications Conference, pp. 398\u2013403 (2011)","key":"17_CR53","DOI":"10.1109\/COMPSACW.2011.73"},{"unstructured":"Stocker, T., Accorsi, R.: Security-aware Synthesis of Process Event logs. In: Workshop on Enterprise Modelling and Information Systems Architectures (to appear, 2013)","key":"17_CR54"},{"unstructured":"Koslowski, T.G., Zimmermann, C.: A Detective Approach to Process-centered Information Infrastructure Resilience. In: ERCIM Workshop on Security and Trust Management (to appear, 2013)","key":"17_CR55"},{"unstructured":"Accorsi, R.: Sicherheit im Prozessmanagement. Zeitschrift f\u00fcr Datenrecht und Informationssicherheit (to appear)","key":"17_CR56"}],"container-title":["Lecture Notes in Computer Science","\u2018"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-42001-6_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,3,16]],"date-time":"2022-03-16T21:46:24Z","timestamp":1647467184000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-42001-6_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642420009","9783642420016"],"references-count":56,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-42001-6_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}