|
Reducing the Incidence of Unintended, Human-Caused Information Flows in Enterprise Systems
Atkinson, Colin
;
Gerbig, Ralph
;
Barth, Florian
;
Freiling, Felix
;
Schinzel, Sebastian
;
Hadasch, Frank
;
Maedche, Alexander
;
Müller, Benjamin
|
DOI:
|
https://doi.org/10.1109/EDOCW.2012.12
|
|
URL:
|
http://ieeexplore.ieee.org/document/6406247/?reloa...
|
|
Weitere URL:
|
http://dl.acm.org/citation.cfm?id=2470061
|
|
Dokumenttyp:
|
Konferenzveröffentlichung
|
|
Erscheinungsjahr:
|
2012
|
|
Buchtitel:
|
Proceedings of the 2012 IEEE 16th International Enterprise Distributed Object Computing Conference Workshops EDOCW 2012
|
|
Titel einer Zeitschrift oder einer Reihe:
|
2012 IEEE 16th International Enterprise Distributed Object Computing Conference Workshops (EDOCW)
|
|
Seitenbereich:
|
11-18
|
|
Veranstaltungstitel:
|
2012 IEEE 16th International Enterprise Distributed Object Computing Conference Workshops (EDOCW)
|
|
Veranstaltungsort:
|
Beijing, China
|
|
Veranstaltungsdatum:
|
10-14 September 2012
|
|
Herausgeber:
|
Chi, Chi-Hung
|
|
Ort der Veröffentlichung:
|
Los Alamitos, Calif. [u.a.]
|
|
Verlag:
|
IEEE Computer Soc.
|
|
ISBN:
|
978-1-4673-5005-1 , 978-0-7695-4786-2
|
|
Sprache der Veröffentlichung:
|
Englisch
|
|
Einrichtung:
|
Außerfakultäre Einrichtungen > Institut für Enterprise Systems (InES)
Fakultät für Betriebswirtschaftslehre > Wirtschaftsinformatik IV (Mädche 2009-2015)
|
|
Fachgebiet:
|
004 Informatik
|
|
Freie Schlagwörter (Englisch):
|
Information security , Security Property , User Behaviour
|
|
Abstract:
|
Research in enterprise system security has largely focused on the development of theoretical models capable of demonstrating mathematically that they possess desired security properties. However, recent results confirm that many of these models cannot be applied in practice because of the unpredictability of human participants' behavior in business processes. Moreover, while malicious attacks remain a significant problem, the majority of user-caused information leaks in Enterprise Systems are unintentional (or have many unintentional components) and could potentially be prohibited if explicitly recognized and appropriately modeled. In this paper we argue that approaches for achieving information flow security in enterprises need to combine process and policy understandability with usability of the enforcement mechanisms. We present a modeling approach that allows security policies to be formulated in such a way that (1) they are aligned to the business processes executed in an enterprise, (2) are understandable by all relevant stakeholders, and (3) can be semi-automatically transformed into run-time enforcement mechanisms.
|
 | Dieser Eintrag ist Teil der Universitätsbibliographie. |
 Suche Autoren in
BASE:
Atkinson, Colin
;
Gerbig, Ralph
;
Barth, Florian
;
Freiling, Felix
;
Schinzel, Sebastian
;
Hadasch, Frank
;
Maedche, Alexander
;
Müller, Benjamin
Google Scholar:
Atkinson, Colin
;
Gerbig, Ralph
;
Barth, Florian
;
Freiling, Felix
;
Schinzel, Sebastian
;
Hadasch, Frank
;
Maedche, Alexander
;
Müller, Benjamin
Sie haben einen Fehler gefunden? Teilen Sie uns Ihren Korrekturwunsch bitte hier mit: E-Mail
Actions (login required)
 |
Eintrag anzeigen |
|
|
