Online Compliance Monitoring of Service Landscapes

J.M.E.M. van der Werf, H.M.W. (Erik) Verbeek

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    Abstract

    Today, it is a challenging task to keep a service application running over the internet safe and secure. Based on a collection of security requirements, a so-called golden configuration can be created for such an application. When the application has been configured according to this golden configuration, it is assumed that it satisfies these requirements, that is, that it is safe and secure. This assumption is based on the best practices that were used for creating the golden configuration, and on assumptions like that nothing out-of-the-ordinary occurs. Whether the requirements are actually violated, can be checked on the traces that are left behind by the configured service application. Today’s applications typically log an enormous amount of data to keep track of everything that has happened. As such, such an event log can be regarded as the ground truth for the entire application: A security requirement is violated if and only if it shows in the event log. This paper introduces the ProMSecCo tool, which has been built to check whether the security requirements that have been used to create the golden configuration are violated by the event log as generated by the configured service application.
    Original languageEnglish
    Title of host publicationBusiness Process Management Workshops
    Pages89
    Number of pages95
    Volume202
    ISBN (Electronic)978-3-319-15895-2
    DOIs
    Publication statusPublished - 2014

    Publication series

    NameLecture Notes in Business Information Processing
    PublisherSpringer
    Volume202

    Fingerprint

    Dive into the research topics of 'Online Compliance Monitoring of Service Landscapes'. Together they form a unique fingerprint.

    Cite this