Skip to main content

Decentralised and Collaborative Auditing of Workflows

  • Conference paper
  • First Online:
Trust, Privacy and Security in Digital Business (TrustBus 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11711))

Included in the following conference series:

Abstract

Workflows involve actions and decision making at the level of each participant. Trusted generation, collection and storage of evidence is fundamental for these systems to assert accountability in case of disputes. Ensuring the security of audit systems requires reliable protection of evidence in order to cope with its confidentiality, its integrity at generation and storage phases, as well as its availability. Collusion with an audit authority is a threat that can affect all these security aspects, and there is room for improvement in existent approaches that target this problem.

This work presents an approach for workflow auditing which targets security challenges of collusion-related threats, covers different trust and confidentiality requirements, and offers flexible levels of scrutiny for reported events. It relies on participants verifying each other’s reported audit data, and introduces a secure mechanism to share encrypted audit trails with participants while protecting their confidentiality. We discuss the adequacy of our audit approach to produce reliable evidence despite possible collusion to destroy, tamper with, or hide evidence.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://github.com/antonionehme/audit-repository-simulations/tree/master/AuditProject/AuditProject.

References

  1. Accorsi, R.: BBox: a distributed secure log architecture. In: Camenisch, J., Lambrinoudakis, C. (eds.) EuroPKI 2010. LNCS, vol. 6711, pp. 109–124. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22633-5_8

    Chapter  Google Scholar 

  2. Accorsi, R.: A secure log architecture to support remote auditing. Math. Comput. Modell. 57(7), 1578–1591 (2013)

    Article  Google Scholar 

  3. Ahsan, M.M., Wahab, A.W.A., Idris, M.Y.I., Khan, S., Bachura, E., Choo, K.K.R.: Class: cloud log assuring soundness and secrecy scheme for cloud forensics. IEEE Trans. Sustain. Comput. (2018)

    Google Scholar 

  4. Alqahtani, S., Gamble, R.: Embedding a distributed auditing mechanism in the service cloud. In: 2014 IEEE World Congress on Services, pp. 69–76, June 2014

    Google Scholar 

  5. Aravind, A., Sandeep, A.: Workflow signature for business process domain: a new solution using IBMKD. In: 2015 Global Conference on Communication Technologies (GCCT), pp. 619–622. IEEE (2015)

    Google Scholar 

  6. Bates, A., et al.: Transparent web service auditing via network provenance functions. In: Proceedings of the 26th International Conference on World Wide Web, pp. 887–895. International World Wide Web Conferences Steering Committee (2017)

    Google Scholar 

  7. Flores, D.A.: An authentication and auditing architecture for enhancing security on egovernment services. In: 2014 First International Conference on eDemocracy eGovernment (ICEDEG), pp. 73–76 April 2014)

    Google Scholar 

  8. Gajanayake, R., Iannella, R., Sahama, T.: Sharing with care: an information accountability perspective. IEEE Internet Comput. 15(4), 31–38 (2011)

    Article  Google Scholar 

  9. Goseva-Popstojanova, K., Li, F., Wang, X., Sangle, A.: A contribution towards solving the web workload puzzle. In: International Conference on Dependable Systems and Networks (DSN 2006), pp. 505–516. IEEE (2006)

    Google Scholar 

  10. Hale, M.L., Gamble, M.T., Gamble, R.F.: A design and verification framework for service composition in the cloud. In: 2013 IEEE Ninth World Congress on Services, pp. 317–324, June 2013

    Google Scholar 

  11. Kuntze, N., Rudolph, C.: Secure digital chains of evidence. In: 2011 IEEE Sixth International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), pp. 1–8. IEEE (2011)

    Google Scholar 

  12. Lim, H.W., Kerschbaum, F., Wang, H.: Workflow signatures for business process compliance. IEEE Trans. Dependable Secur. Comput. 9(5), 756–769 (2012)

    Google Scholar 

  13. Nami, M.R., Malekpour, A.: Application of self-managing properties in virtual organizations. In: 2008 International Symposium on Computer Science and its Applications, CSA 2008, pp. 13–16. IEEE (2008)

    Google Scholar 

  14. Paxson, V.: Empirically-derived analytic models of wide-area TCP connections (1993)

    Google Scholar 

  15. Rajalakshmi, J.R., Rathinraj, M., Braveen, M.: Anonymizing log management process for secure logging in the cloud. In: 2014 International Conference on Circuits, Power and Computing Technologies [ICCPCT-2014], pp. 1559–1564, March 2014

    Google Scholar 

  16. Ray, I., Belyaev, K., Strizhov, M., Mulamba, D., Rajaram, M.: Secure logging as a service-delegating log management to the cloud. IEEE Syst. J. 7(2), 323–334 (2013)

    Article  Google Scholar 

  17. Rudolph, C., Kuntze, N., Velikova, Z.: Secure web service workflow execution. Electron. Notes Theor. Comput. Sci. 236, 33–46 (2009)

    Article  Google Scholar 

  18. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  Google Scholar 

  19. Sundareswaran, S., Squicciarini, A.C., Lin, D.: Ensuring distributed accountability for data sharing in the cloud. IEEE Trans. Dependable Secur. Comput. 9(4), 556–568 (2012)

    Article  Google Scholar 

  20. Tian, F.: A supply chain traceability system for food safety based on HACCP, blockchain & internet of things. In: 2017 International Conference on Service Systems and Service Management (ICSSSM), pp. 1–6. IEEE (2017)

    Google Scholar 

  21. Tian, H., et al.: Enabling public auditability for operation behaviors in cloud storage. Soft. Comput. 21(8), 2175–2187 (2017)

    Article  Google Scholar 

  22. Velikova, Z., Schütte, J., Kuntze, N.: Towards security in decentralized workflows. In: 2009 International Conference on Ultra Modern Telecommunications & Workshops, ICUMT 2009, pp. 1–6. IEEE (2009)

    Google Scholar 

  23. Waters, B.R., Balfanz, D., Durfee, G., Smetters, D.K.: Building an encrypted and searchable audit log. In: NDSS, vol. 4, pp. 5–6 (2004)

    Google Scholar 

  24. Weber, I., Xu, X., Riveret, R., Governatori, G., Ponomarev, A., Mendling, J.: Untrusted business process monitoring and execution using blockchain. In: La Rosa, M., Loos, P., Pastor, O. (eds.) BPM 2016. LNCS, vol. 9850, pp. 329–347. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45348-4_19

    Chapter  Google Scholar 

  25. Werner, M., Gehrke, N.: Multilevel process mining for financial audits. IEEE Trans. Serv. Comput. 8(6), 820–832 (2015)

    Article  Google Scholar 

  26. Wouters, K., Simoens, K., Lathouwers, D., Preneel, B.: Secure and privacy-friendly logging for egovernment services. In: 2008 Third International Conference on Availability, Reliability and Security, pp. 1091–1096, March 2008

    Google Scholar 

  27. Yao, J., Chen, S., Wang, C., Levy, D., Zic, J.: Accountability as a service for the cloud: from concept to implementation with BPEL. In: 2010 6th World Congress on Services (SERVICES-1), pp. 91–98. IEEE (2010)

    Google Scholar 

  28. Zawoad, S., Dutta, A., Hasan, R.: Towards building forensics enabled cloud through secure logging-as-a-service. IEEE Trans. Dependable Secur. Comput. 13(2), 148–162 (2016)

    Article  Google Scholar 

  29. Zawoad, S., Dutta, A.K., Hasan, R.: SecLaaS: secure logging-as-a-service for cloud forensics. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 219–230. ACM (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Antonio Nehme .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nehme, A., Jesus, V., Mahbub, K., Abdallah, A. (2019). Decentralised and Collaborative Auditing of Workflows. In: Gritzalis, S., Weippl, E., Katsikas, S., Anderst-Kotsis, G., Tjoa, A., Khalil, I. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2019. Lecture Notes in Computer Science(), vol 11711. Springer, Cham. https://doi.org/10.1007/978-3-030-27813-7_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-27813-7_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-27812-0

  • Online ISBN: 978-3-030-27813-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics