Abstract
Workflows involve actions and decision making at the level of each participant. Trusted generation, collection and storage of evidence is fundamental for these systems to assert accountability in case of disputes. Ensuring the security of audit systems requires reliable protection of evidence in order to cope with its confidentiality, its integrity at generation and storage phases, as well as its availability. Collusion with an audit authority is a threat that can affect all these security aspects, and there is room for improvement in existent approaches that target this problem.
This work presents an approach for workflow auditing which targets security challenges of collusion-related threats, covers different trust and confidentiality requirements, and offers flexible levels of scrutiny for reported events. It relies on participants verifying each other’s reported audit data, and introduces a secure mechanism to share encrypted audit trails with participants while protecting their confidentiality. We discuss the adequacy of our audit approach to produce reliable evidence despite possible collusion to destroy, tamper with, or hide evidence.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Accorsi, R.: BBox: a distributed secure log architecture. In: Camenisch, J., Lambrinoudakis, C. (eds.) EuroPKI 2010. LNCS, vol. 6711, pp. 109–124. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22633-5_8
Accorsi, R.: A secure log architecture to support remote auditing. Math. Comput. Modell. 57(7), 1578–1591 (2013)
Ahsan, M.M., Wahab, A.W.A., Idris, M.Y.I., Khan, S., Bachura, E., Choo, K.K.R.: Class: cloud log assuring soundness and secrecy scheme for cloud forensics. IEEE Trans. Sustain. Comput. (2018)
Alqahtani, S., Gamble, R.: Embedding a distributed auditing mechanism in the service cloud. In: 2014 IEEE World Congress on Services, pp. 69–76, June 2014
Aravind, A., Sandeep, A.: Workflow signature for business process domain: a new solution using IBMKD. In: 2015 Global Conference on Communication Technologies (GCCT), pp. 619–622. IEEE (2015)
Bates, A., et al.: Transparent web service auditing via network provenance functions. In: Proceedings of the 26th International Conference on World Wide Web, pp. 887–895. International World Wide Web Conferences Steering Committee (2017)
Flores, D.A.: An authentication and auditing architecture for enhancing security on egovernment services. In: 2014 First International Conference on eDemocracy eGovernment (ICEDEG), pp. 73–76 April 2014)
Gajanayake, R., Iannella, R., Sahama, T.: Sharing with care: an information accountability perspective. IEEE Internet Comput. 15(4), 31–38 (2011)
Goseva-Popstojanova, K., Li, F., Wang, X., Sangle, A.: A contribution towards solving the web workload puzzle. In: International Conference on Dependable Systems and Networks (DSN 2006), pp. 505–516. IEEE (2006)
Hale, M.L., Gamble, M.T., Gamble, R.F.: A design and verification framework for service composition in the cloud. In: 2013 IEEE Ninth World Congress on Services, pp. 317–324, June 2013
Kuntze, N., Rudolph, C.: Secure digital chains of evidence. In: 2011 IEEE Sixth International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), pp. 1–8. IEEE (2011)
Lim, H.W., Kerschbaum, F., Wang, H.: Workflow signatures for business process compliance. IEEE Trans. Dependable Secur. Comput. 9(5), 756–769 (2012)
Nami, M.R., Malekpour, A.: Application of self-managing properties in virtual organizations. In: 2008 International Symposium on Computer Science and its Applications, CSA 2008, pp. 13–16. IEEE (2008)
Paxson, V.: Empirically-derived analytic models of wide-area TCP connections (1993)
Rajalakshmi, J.R., Rathinraj, M., Braveen, M.: Anonymizing log management process for secure logging in the cloud. In: 2014 International Conference on Circuits, Power and Computing Technologies [ICCPCT-2014], pp. 1559–1564, March 2014
Ray, I., Belyaev, K., Strizhov, M., Mulamba, D., Rajaram, M.: Secure logging as a service-delegating log management to the cloud. IEEE Syst. J. 7(2), 323–334 (2013)
Rudolph, C., Kuntze, N., Velikova, Z.: Secure web service workflow execution. Electron. Notes Theor. Comput. Sci. 236, 33–46 (2009)
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Sundareswaran, S., Squicciarini, A.C., Lin, D.: Ensuring distributed accountability for data sharing in the cloud. IEEE Trans. Dependable Secur. Comput. 9(4), 556–568 (2012)
Tian, F.: A supply chain traceability system for food safety based on HACCP, blockchain & internet of things. In: 2017 International Conference on Service Systems and Service Management (ICSSSM), pp. 1–6. IEEE (2017)
Tian, H., et al.: Enabling public auditability for operation behaviors in cloud storage. Soft. Comput. 21(8), 2175–2187 (2017)
Velikova, Z., Schütte, J., Kuntze, N.: Towards security in decentralized workflows. In: 2009 International Conference on Ultra Modern Telecommunications & Workshops, ICUMT 2009, pp. 1–6. IEEE (2009)
Waters, B.R., Balfanz, D., Durfee, G., Smetters, D.K.: Building an encrypted and searchable audit log. In: NDSS, vol. 4, pp. 5–6 (2004)
Weber, I., Xu, X., Riveret, R., Governatori, G., Ponomarev, A., Mendling, J.: Untrusted business process monitoring and execution using blockchain. In: La Rosa, M., Loos, P., Pastor, O. (eds.) BPM 2016. LNCS, vol. 9850, pp. 329–347. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45348-4_19
Werner, M., Gehrke, N.: Multilevel process mining for financial audits. IEEE Trans. Serv. Comput. 8(6), 820–832 (2015)
Wouters, K., Simoens, K., Lathouwers, D., Preneel, B.: Secure and privacy-friendly logging for egovernment services. In: 2008 Third International Conference on Availability, Reliability and Security, pp. 1091–1096, March 2008
Yao, J., Chen, S., Wang, C., Levy, D., Zic, J.: Accountability as a service for the cloud: from concept to implementation with BPEL. In: 2010 6th World Congress on Services (SERVICES-1), pp. 91–98. IEEE (2010)
Zawoad, S., Dutta, A., Hasan, R.: Towards building forensics enabled cloud through secure logging-as-a-service. IEEE Trans. Dependable Secur. Comput. 13(2), 148–162 (2016)
Zawoad, S., Dutta, A.K., Hasan, R.: SecLaaS: secure logging-as-a-service for cloud forensics. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 219–230. ACM (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Nehme, A., Jesus, V., Mahbub, K., Abdallah, A. (2019). Decentralised and Collaborative Auditing of Workflows. In: Gritzalis, S., Weippl, E., Katsikas, S., Anderst-Kotsis, G., Tjoa, A., Khalil, I. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2019. Lecture Notes in Computer Science(), vol 11711. Springer, Cham. https://doi.org/10.1007/978-3-030-27813-7_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-27813-7_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-27812-0
Online ISBN: 978-3-030-27813-7
eBook Packages: Computer ScienceComputer Science (R0)