TY - GEN
T1 - Online compliance monitoring of service landscapes
AU - Werf, van der, J.M.E.M.
AU - Verbeek, H.M.W.
PY - 2015
Y1 - 2015
N2 - Today, it is a challenging task to keep a service application running over the internet safe and secure. Based on a collection of security requirements, a so-called golden configuration can be created for such an application. When the application has been configured according to this golden configuration, it is assumed that it satisfies these requirements, that is, that it is safe and secure. This assumption is based on the best practices that were used for creating the golden configuration, and on assumptions like that nothing out-of-the-ordinary occurs. Whether the requirements are actually violated, can be checked on the traces that are left behind by the configured service application. Today’s applications typically log an enormous amount of data to keep track of everything that has happened. As such, such an event log can be regarded as the ground truth for the entire application: A security requirement is violated if and only if it shows in the event log. This paper introduces the ProMSecCo tool, which has been built to check whether the security requirements that have been used to create the golden configuration are violated by the event log as generated by the configured service application.
AB - Today, it is a challenging task to keep a service application running over the internet safe and secure. Based on a collection of security requirements, a so-called golden configuration can be created for such an application. When the application has been configured according to this golden configuration, it is assumed that it satisfies these requirements, that is, that it is safe and secure. This assumption is based on the best practices that were used for creating the golden configuration, and on assumptions like that nothing out-of-the-ordinary occurs. Whether the requirements are actually violated, can be checked on the traces that are left behind by the configured service application. Today’s applications typically log an enormous amount of data to keep track of everything that has happened. As such, such an event log can be regarded as the ground truth for the entire application: A security requirement is violated if and only if it shows in the event log. This paper introduces the ProMSecCo tool, which has been built to check whether the security requirements that have been used to create the golden configuration are violated by the event log as generated by the configured service application.
U2 - 10.1007/978-3-319-15895-2_8
DO - 10.1007/978-3-319-15895-2_8
M3 - Conference contribution
SN - 978-3-319-15894-5
T3 - Lecture Notes in Business Information Processing
SP - 89
EP - 95
BT - Business Process Management Workshops (BPM 2014 International Workshops, Eindhoven, The Netherlands, September 7-8, 2014, Revised Papers)
A2 - Fournier, F.
A2 - Mendling, J.
PB - Springer
CY - Berlin
ER -