Abstract
This PhD thesis investigates the secure execution of distributed business
process models. When collaborating actors use distributed process
model execution to coordinate and execute a process, they put themself
at risk of foul play; malicious collaborators may give false testimony
of events in the process, both their own and others, if this is to their
benefit. Similarly, they may try to extract secret steps taken by their
co-collaborators. In this thesis, I study security properties for preventing
and discovering such malicious behaviour.
I present in this thesis 3 main results from 3 papers I have co-written
during my PhD project. The papers’ relevance to distributed business
process execution is demonstrated in the context of the consistency problem.
In the consistency problem, one must ensure that a process behaves
as specified even when executed as distributed partitions.
The first paper shows how to utilise Trusted Execution Environments
to translate Byzantine faults to omission faults in arbitrary distributed
algorithms. In the setting of distributed business process execution, this
translates to a method for preventing malicious collaborators from actively
lying about which steps they have taken in the process.
The second paper considers the definitions of equivocation – acting
maliciously different towards two or more co-collaborators – and redefines
exactly what it means to prevent equivocation. We define two different
kinds of non-equivocation, one strong and one weaker, which captures
properties gained from known non-equivocation subsystems. These nonequivocation
properties can be used to eliminate active malicious behaviour
other than lying in distributed business process execution. They
can also be used to make solutions to agreement problems cheaper, solutions
which inherently solve the consistency problem, although at the
cost of local autonomy of collaborators.
The third and last paper considers passively malicious collaborators,
i.e. collaborators who attempt to cheat in the process by simply following
the process and passively listen in an attempt to extract secrets.
To prevent such behaviour, we define a possibilistic notion of secrecy of
actions in processes with run-based semantics. The secrecy definition
captures under which conditions a collaborator can take a step in the
execution of a distributed business process, safe in the knowledge that
a specific collaborator cannot know that the action was taken. We then
show that this definition of secrecy is computationally hard to determine
in some business process models, specifically Dynamic Condition
Response graphs, and present a sufficient condition to determine secrecy
for some actions as an alternative.
process models. When collaborating actors use distributed process
model execution to coordinate and execute a process, they put themself
at risk of foul play; malicious collaborators may give false testimony
of events in the process, both their own and others, if this is to their
benefit. Similarly, they may try to extract secret steps taken by their
co-collaborators. In this thesis, I study security properties for preventing
and discovering such malicious behaviour.
I present in this thesis 3 main results from 3 papers I have co-written
during my PhD project. The papers’ relevance to distributed business
process execution is demonstrated in the context of the consistency problem.
In the consistency problem, one must ensure that a process behaves
as specified even when executed as distributed partitions.
The first paper shows how to utilise Trusted Execution Environments
to translate Byzantine faults to omission faults in arbitrary distributed
algorithms. In the setting of distributed business process execution, this
translates to a method for preventing malicious collaborators from actively
lying about which steps they have taken in the process.
The second paper considers the definitions of equivocation – acting
maliciously different towards two or more co-collaborators – and redefines
exactly what it means to prevent equivocation. We define two different
kinds of non-equivocation, one strong and one weaker, which captures
properties gained from known non-equivocation subsystems. These nonequivocation
properties can be used to eliminate active malicious behaviour
other than lying in distributed business process execution. They
can also be used to make solutions to agreement problems cheaper, solutions
which inherently solve the consistency problem, although at the
cost of local autonomy of collaborators.
The third and last paper considers passively malicious collaborators,
i.e. collaborators who attempt to cheat in the process by simply following
the process and passively listen in an attempt to extract secrets.
To prevent such behaviour, we define a possibilistic notion of secrecy of
actions in processes with run-based semantics. The secrecy definition
captures under which conditions a collaborator can take a step in the
execution of a distributed business process, safe in the knowledge that
a specific collaborator cannot know that the action was taken. We then
show that this definition of secrecy is computationally hard to determine
in some business process models, specifically Dynamic Condition
Response graphs, and present a sufficient condition to determine secrecy
for some actions as an alternative.
Originalsprog | Engelsk |
---|
Udgivelsessted | Copenhagen |
---|---|
Forlag | IT University of Copenhagen |
Antal sider | 88 |
ISBN (Trykt) | 978-87-7949-405-3 |
Status | Udgivet - 12 okt. 2023 |
Navn | ITU-DS |
---|---|
Nummer | 209 |
ISSN | 1602-3536 |