Abstract
This PhD thesis investigates the secure execution of distributed business process models. When collaborating actors use distributed process model execution to coordinate and execute a process, they put themself at risk of foul play; malicious collaborators may give false testimony of events in the process, both their own and others, if this is to their benefit. Similarly, they may try to extract secret steps taken by their co-collaborators. In this thesis, I study security properties for preventing and discovering such malicious behaviour.
I present in this thesis 3 main results from 3 papers I have co-written during my PhD project. The papers' relevance to distributed business process execution is demonstrated in the context of the consistency problem. In the consistency problem, one must ensure that a process behaves as specified even when executed as distributed partitions.
The first paper shows how to utilise Trusted Execution Environments to translate Byzantine faults to omission faults in arbitrary distributed algorithms. In the setting of distributed business process execution, this translates to a method for preventing malicious collaborators from actively lying about which steps they have taken in the process.
The second paper considers the definitions of equivocation – acting maliciously different towards two or more co-collaborators – and redefines exactly what it means to prevent equivocation. We define two different kinds of non-equivocation, one strong and one weaker, which captures properties gained from known non-equivocation subsystems. These non-equivocation properties can be used to eliminate active malicious behaviour other than lying in distributed business process execution. They can also be used to make solutions to agreement problems cheaper, solutions which inherently solve the consistency problem, although at the cost of local autonomy of collaborators.
The third and last paper considers passively malicious collaborators, i.e. collaborators who attempt to cheat in the process by simply following the process and passively listen in an attempt to extract secrets. To prevent such behaviour, we define a possibilistic notion of secrecy of actions in processes with run-based semantics. The secrecy definition captures under which conditions a collaborator can take a step in the execution of a distributed business process, safe in the knowledge that a specific collaborator cannot know that the action was taken. We then show that this definition of secrecy is computationally hard to determine in some business process models, specifically Dynamic Condition Response graphs, and present a sufficient condition to determine secrecy for some actions as an alternative.
I present in this thesis 3 main results from 3 papers I have co-written during my PhD project. The papers' relevance to distributed business process execution is demonstrated in the context of the consistency problem. In the consistency problem, one must ensure that a process behaves as specified even when executed as distributed partitions.
The first paper shows how to utilise Trusted Execution Environments to translate Byzantine faults to omission faults in arbitrary distributed algorithms. In the setting of distributed business process execution, this translates to a method for preventing malicious collaborators from actively lying about which steps they have taken in the process.
The second paper considers the definitions of equivocation – acting maliciously different towards two or more co-collaborators – and redefines exactly what it means to prevent equivocation. We define two different kinds of non-equivocation, one strong and one weaker, which captures properties gained from known non-equivocation subsystems. These non-equivocation properties can be used to eliminate active malicious behaviour other than lying in distributed business process execution. They can also be used to make solutions to agreement problems cheaper, solutions which inherently solve the consistency problem, although at the cost of local autonomy of collaborators.
The third and last paper considers passively malicious collaborators, i.e. collaborators who attempt to cheat in the process by simply following the process and passively listen in an attempt to extract secrets. To prevent such behaviour, we define a possibilistic notion of secrecy of actions in processes with run-based semantics. The secrecy definition captures under which conditions a collaborator can take a step in the execution of a distributed business process, safe in the knowledge that a specific collaborator cannot know that the action was taken. We then show that this definition of secrecy is computationally hard to determine in some business process models, specifically Dynamic Condition Response graphs, and present a sufficient condition to determine secrecy for some actions as an alternative.
Original language | English |
---|
Place of Publication | Copenhagen |
---|---|
Publisher | IT University of Copenhagen |
Number of pages | 88 |
ISBN (Print) | 978-87-7949-405-3 |
Publication status | Published - 12 Oct 2023 |
Series | ITU-DS |
---|---|
Number | 209 |
ISSN | 1602-3536 |