Advertisement

A Graphical Audit Facility for Data Processing and Its Evaluation with Users

  • Jens Müller
  • Murat Kavak
  • Klemens Böhm
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7235)

Abstract

Personally-identifiable information (PII) is increasingly processed in a distributed way. This makes it much harder for individuals to oversee how their PII is used. In the legal systems of many countries, processing of PII is subject to restrictions. In particular, companies have to inform an individual on how they use his PII, and which external parties they transfer it to. We hypothesize that naïve approaches like log messages or plain text are not sufficient to this end. We in turn have developed a user-friendly auditing facility based on business processes (BPs). It visualizes data processing in real time, using the graphical process models one would deploy on a BP engine for execution. We also propose an approach to let a BP-management system generate the necessary audit events at runtime. An evaluation of realistic scenarios with users shows that our tool helps them to understand how their PII is used.

Keywords

Business Process Audit Information Audit Event Audit Tool Security Component 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Intalio BPMS Designer, http://www.intalio.com/bpms/designer
  2. 2.
  3. 3.
    European Community: Directive 95/46/EC (Data Protection Directive)Google Scholar
  4. 4.
    Hollingsworth, D.: Workflow Handbook 2004, vol. 10, ch. The Workflow Reference Model 10 Years On (2004)Google Scholar
  5. 5.
    Hollingsworth, D.: The Workflow Reference Model. WfMC Specification TC00-1003, Workflow Management Coalition (1995)Google Scholar
  6. 6.
    Mülle, J., von Stackelberg, S., Böhm, K.: Modelling and Transforming Security Constraints in Privacy-Aware Business Processes. In: Proc. SOCA 2011 (2011)Google Scholar
  7. 7.
    Müller, J., Böhm, K.: The Architecture of a Secure Business-Process-Management System in Service-Oriented Environments. In: ECOWS 2011 (2011)Google Scholar
  8. 8.
    Müller, J., Kavak, M., Böhm, K.: A Graphical Audit Facility for Data Processing and its Evaluation with Users. Tech. Rep. 2012-1, Karlsruhe Reports in InformaticsGoogle Scholar
  9. 9.
    Shapiro, S.S., Wilk, M.B.: An analysis of variance test for normality (complete samples). Biometrika 3(52), 1–22 (1965)MathSciNetGoogle Scholar
  10. 10.
    Workflow Management Coalition: Audit Data Specification (1998)Google Scholar
  11. 11.
    Yao, J., Chen, S., Wang, C., Levy, D., Zic, J.: Accountability as a service for the cloud. In: SCC 2010 (2010)Google Scholar
  12. 12.
    zur Muehlen, M. (ed.): Business Process Analytics Format (BPAF). WfMC Draft Standard WFMC-TC-1015 (February 2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jens Müller
    • 1
  • Murat Kavak
    • 1
  • Klemens Böhm
    • 1
  1. 1.Information Systems Group, Institute for Program Structures and Data Organization, Faculty of InformaticsKarlsruhe Institute of Technology (KIT)Germany

Personalised recommendations