Reducing the Incidence of Unintended, Human-Caused Information Flows in Enterprise Systems


Atkinson, Colin ; Gerbig, Ralph ; Barth, Florian ; Freiling, Felix ; Schinzel, Sebastian ; Hadasch, Frank ; Maedche, Alexander ; Müller, Benjamin



DOI: https://doi.org/10.1109/EDOCW.2012.12
URL: http://ieeexplore.ieee.org/document/6406247/?reloa...
Additional URL: http://dl.acm.org/citation.cfm?id=2470061
Document Type: Conference or workshop publication
Year of publication: 2012
Book title: Proceedings of the 2012 IEEE 16th International Enterprise Distributed Object Computing Conference Workshops EDOCW 2012
Page range: 11-18
Conference title: 2012 IEEE 16th International Enterprise Distributed Object Computing Conference Workshops (EDOCW)
Location of the conference venue: Beijing, China
Date of the conference: 10-14 September 2012
Author/Publisher of the book
(only the first ones mentioned)
:
Chi, Chi-Hung
Place of publication: Los Alamitos, Calif. [u.a.]
Publishing house: IEEE Computer Soc.
ISBN: 978-1-4673-5005-1 , 978-0-7695-4786-2
Publication language: English
Institution: Außerfakultäre Einrichtungen > Institut für Enterprise Systems (InES)
Business School > Wirtschaftsinformatik IV (Mädche -2015)
Subject: 004 Computer science, internet
Keywords (English): Information security , Security Property , User Behaviour
Abstract: Research in enterprise system security has largely focused on the development of theoretical models capable of demonstrating mathematically that they possess desired security properties. However, recent results confirm that many of these models cannot be applied in practice because of the unpredictability of human participants' behavior in business processes. Moreover, while malicious attacks remain a significant problem, the majority of user-caused information leaks in Enterprise Systems are unintentional (or have many unintentional components) and could potentially be prohibited if explicitly recognized and appropriately modeled. In this paper we argue that approaches for achieving information flow security in enterprises need to combine process and policy understandability with usability of the enforcement mechanisms. We present a modeling approach that allows security policies to be formulated in such a way that (1) they are aligned to the business processes executed in an enterprise, (2) are understandable by all relevant stakeholders, and (3) can be semi-automatically transformed into run-time enforcement mechanisms.

Dieser Eintrag ist Teil der Universitätsbibliographie.




+ Citation Example and Export

Atkinson, Colin ; Gerbig, Ralph ; Barth, Florian ; Freiling, Felix ; Schinzel, Sebastian ; Hadasch, Frank ; Maedche, Alexander ; Müller, Benjamin Reducing the Incidence of Unintended, Human-Caused Information Flows in Enterprise Systems. Chi, Chi-Hung 11-18 In: Proceedings of the 2012 IEEE 16th International Enterprise Distributed Object Computing Conference Workshops EDOCW 2012 (2012) Los Alamitos, Calif. [u.a.] 2012 IEEE 16th International Enterprise Distributed Object Computing Conference Workshops (EDOCW) (Beijing, China) [Conference or workshop publication]


+ Search Authors in

+ Page Views

Hits per month over past year

Detailed information



You have found an error? Please let us know about your desired correction here: E-Mail


Actions (login required)

Show item Show item