Auflistung nach Autor:in "Wonnemann, Claus"
1 - 5 von 5
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragDetective information flow analysis for business processes(Business process, services – computing and intelligent service management, 2009) Accorsi, Rafael; Wonnemann, ClausWe report on ongoing work towards a posteriori detection of illegal information flows for business processes, focusing on the challenges involved in doing so. Resembling a forensic investigation, our approach aims at analyzing the audit trails resultant from the execution of the business processes, locating informations flows that violate the (non-functional) requirements stipulated by security policies. The goal is to obtain fine-grained evidence of policy compliance with respect to information flows.
- ZeitschriftenartikelDurchsetzung von Cybersecurity in IoT-Lieferketten(Wirtschaftsinformatik & Management: Vol. 15, No. 5, 2023) Wonnemann, Claus
- ZeitschriftenartikelRFID – ist Sicherheit in offenen Anwendungen erreichbar?(Wirtschaftsinformatik: Vol. 50, No. 5, 2008) Wonnemann, ClausRFID-Technologie wird bereits seit vielen Jahren erfolgreich für die Steuerung industrieller Prozesse eingesetzt. Nur ein kleiner Teil dieser Anwendungen benutzt RFID allerdings in offenen Kreisläufen, in denen auch unternehmensfremde Personen mit Transpondern interagieren. Dies sind genau die Fälle, in denen der Einsatz von RFID zur Verletzung von Datensicherheit und informationeller Selbstbestimmung Einzelner führen kann.Der Beitrag untersucht die spezifischen Bedrohungen, die in derartigen Szenarien von RFID ausgehen können und stellt aktuelle Forschungsergebnisse vor, mit denen diesen Bedrohungen begegnet werden kann. Dabei werden neben Möglichkeiten zur Zugriffkontrolle auf Transponderebene auch regulatorische Maßnahmen und Mechanismen zur Kontrolle nachfolgender Datenverarbeitung untersucht.AbstractRFID technology has been successfully deployed in industry for many years. Only a small fraction of these deployments uses RFID in applications that allow external parties to get in touch with transponders. These are exactly those cases in which violations of data protection goals or an individual’s personal privacy might happen due to RFID usage.The article examines the specific threats that might evolve from the application of RFID technology in suchlike scenarios and presents current research tackling those threats. Along with access control techniques, approaches striving to rule out misuse through regulations and mechanisms for backend usage control are discussed.
- KonferenzbeitragStatic information fow analysis of workflow models(INFORMATIK 2010 – Business Process and Service Science – Proceedings of ISSS and BPSC, 2010) Accorsi, Rafael; Wonnemann, ClausThis paper proposes a framework for the detection of information leaks in workflow descriptions based on static information flow analysis. Despite the correct deployment of access control mechanisms, certain information leaks can persist, thereby undermining the compliance of workflows to policies. The framework put forward in this paper identifies leaks induced by the structure of the workflow. It consists of an adequate meta-model for workflow representation based on Petri nets and corresponding components for the transformation and analysis. A case study illustrates the application of the framework on a concrete workflow in BPEL notation.
- KonferenzbeitragTowards information flow auditing in workflows(Software Engineering 2010 – Workshopband (inkl. Doktorandensymposium), 2010) Wonnemann, ClausThe paper proposes an approach for compliance audits in workflow environments based on the tracking of information flow. Requirements are formalized as a binary relation on the workflow principals. The workflows' execution logs are transferred into graph-based representations of the explicit information flows (dataflows) and adherence to compliance requirements is checked while traversing these graphs. The scope and limits are discussed and the major milestones for further work are outlined.