Securing Distributed Business Process Model Execution

Mads Frederik Madsen

    Publikation: Bog / Antologi / Rapport / Ph.D.-afhandlingPh.d.-afhandling

    Abstract

    This PhD thesis investigates the secure execution of distributed business
    process models. When collaborating actors use distributed process
    model execution to coordinate and execute a process, they put themself
    at risk of foul play; malicious collaborators may give false testimony
    of events in the process, both their own and others, if this is to their
    benefit. Similarly, they may try to extract secret steps taken by their
    co-collaborators. In this thesis, I study security properties for preventing
    and discovering such malicious behaviour.
    I present in this thesis 3 main results from 3 papers I have co-written
    during my PhD project. The papers’ relevance to distributed business
    process execution is demonstrated in the context of the consistency problem.
    In the consistency problem, one must ensure that a process behaves
    as specified even when executed as distributed partitions.
    The first paper shows how to utilise Trusted Execution Environments
    to translate Byzantine faults to omission faults in arbitrary distributed
    algorithms. In the setting of distributed business process execution, this
    translates to a method for preventing malicious collaborators from actively
    lying about which steps they have taken in the process.
    The second paper considers the definitions of equivocation – acting
    maliciously different towards two or more co-collaborators – and redefines
    exactly what it means to prevent equivocation. We define two different
    kinds of non-equivocation, one strong and one weaker, which captures
    properties gained from known non-equivocation subsystems. These nonequivocation
    properties can be used to eliminate active malicious behaviour
    other than lying in distributed business process execution. They
    can also be used to make solutions to agreement problems cheaper, solutions
    which inherently solve the consistency problem, although at the
    cost of local autonomy of collaborators.
    The third and last paper considers passively malicious collaborators,
    i.e. collaborators who attempt to cheat in the process by simply following
    the process and passively listen in an attempt to extract secrets.
    To prevent such behaviour, we define a possibilistic notion of secrecy of
    actions in processes with run-based semantics. The secrecy definition
    captures under which conditions a collaborator can take a step in the
    execution of a distributed business process, safe in the knowledge that
    a specific collaborator cannot know that the action was taken. We then
    show that this definition of secrecy is computationally hard to determine
    in some business process models, specifically Dynamic Condition
    Response graphs, and present a sufficient condition to determine secrecy
    for some actions as an alternative.
    OriginalsprogEngelsk
    UdgivelsesstedCopenhagen
    ForlagIT University of Copenhagen
    Antal sider88
    ISBN (Trykt)978-87-7949-405-3
    StatusUdgivet - 12 okt. 2023
    NavnITU-DS
    Nummer209
    ISSN1602-3536

    Fingeraftryk

    Dyk ned i forskningsemnerne om 'Securing Distributed Business Process Model Execution'. Sammen danner de et unikt fingeraftryk.

    Citationsformater