Search For:

Displaying 1-14 out of 14 total
On Providing One-to-One Marketing with Customers' Privacy in Stationary Retail
Found in: E-Commerce Technology and Enterprise Computing, E-Commerce and E-Services, IEEE Conference and Fifth IEEE Conference
By Jens Strüker, Rafael Accorsi, Günter Müller
Issue Date:July 2008
pp. 44-49
Electronic commerce has provided retailers with effective instruments to deploy one-to-one marketing over the internet. While the increasing use of sensors, RFID tags and other technologies enables the deployment of one-to-one marketing also in stationary ...
 
SWAT: A Security Workflow Analysis Toolkit for Reliably Secure Process-aware Information Systems
Found in: Availability, Reliability and Security, International Conference on
By Rafael Accorsi,Claus Wonnemann,Sebastian Dochow
Issue Date:August 2011
pp. 692-697
This paper reports on ongoing work on SWAT, a new toolkit for security workflow analysis. SWAT provides a platform for the realization and testing of well-founded methods to detect information leaks in workflows, both for the workflow certification and for...
 
Business Process as a Service: Chances for Remote Auditing
Found in: Computer Software and Applications Conference Workshops
By Rafael Accorsi
Issue Date:July 2011
pp. 398-403
The advent of cloud computing allows the provision of several commodities
 
Towards Forensic Data Flow Analysis of Business Process Logs
Found in: IT Security Incident Management and IT Forensics, International Conference on
By Rafael Accorsi, Claus Wonnemann, Thomas Stocker
Issue Date:May 2011
pp. 3-20
This paper presents RecIF, a forensic technique for the analysis of business process logs to detect illegal data flows. RecIF uses propagation graphs to formally capture the data flow within a process execution. Abstracting away from the concrete traces, p...
 
Vulnerability Analysis in SOA-Based Business Processes
Found in: IEEE Transactions on Services Computing
By Lutz Lowis,Rafael Accorsi
Issue Date:July 2011
pp. 230-242
Business processes and services can more flexibly be combined when based upon standards. However, such flexible compositions practically always contain vulnerabilities, which imperil the security and dependability of processes. Vulnerability management too...
 
Safe-Keeping Digital Evidence with Secure Logging Protocols: State of the Art and Challenges
Found in: IT Security Incident Management and IT Forensics, International Conference on
By Rafael Accorsi
Issue Date:September 2009
pp. 94-110
While log data are being increasingly used as digital evidence in court, the extent to which existing secure logging protocols used to collect log data fulfill the legal requirements for admissible evidence remain largely unclear. This paper elucidates a s...
 
On Information Flow Forensics in Business Application Scenarios
Found in: Computer Software and Applications Conference, Annual International
By Claus Wonnemann, Rafael Accorsi, Günter Müller
Issue Date:July 2009
pp. 324-328
To-date, security analysis techniques focus on the explicit access to data, thereby neglecting information flows happening over covert channels. As a result, critical business software applications and their deployment may be labeled secure, whereas in fac...
 
Log Data as Digital Evidence: What Secure Logging Protocols Have to Offer?
Found in: Computer Software and Applications Conference, Annual International
By Rafael Accorsi
Issue Date:July 2009
pp. 398-403
While log data are being increasingly used as digital evidence in judicial disputes, the extent to which existing secure logging protocols used to collect log data fulfill the legal requirements for admissible evidence remain largely unclear. We elucidate ...
 
On a Classification Approach for SOA Vulnerabilities
Found in: Computer Software and Applications Conference, Annual International
By Lutz Lowis, Rafael Accorsi
Issue Date:July 2009
pp. 439-444
Vulnerabilities in operating systems and web applications have been and are being put into various classifications, leading to a better understanding of their causes and effects, and to improved vulnerability management tool support. In a service-oriented ...
 
Automated Privacy Audits Based on Pruning of Log Data
Found in: Enterprise Distributed Object Computing Conference Workshops, IEEE International
By Rafael Accorsi, Thomas Stocker
Issue Date:September 2008
pp. 175-182
This paper presents a novel approach to automated audits based on the pruning of log data represented as trees. Events, recorded as a sequential list of entries, are interpreted as nodes of a tree. The audit consists in removing the nodes that are complian...
 
Preventive Inference Control in Data-centric Business Models
Found in: 2013 IEEE CS Security and Privacy Workshops (SPW2013)
By Rafael Accorsi,Gunter Muller
Issue Date:May 2013
pp. 28-33
Inference control is a modern topic in data usage management, especially in the context of data-centric business models. However, it is generally not well understood how protection mechanisms could be designed to protect the users. The contributions of thi...
   
On the exploitation of process mining for security audits: the process discovery case
Found in: Proceedings of the 28th Annual ACM Symposium on Applied Computing (SAC '13)
By Günter Müller, Rafael Accorsi, Thomas Stocker
Issue Date:March 2013
pp. 1462-1468
This paper reports on the potential of process mining as a basis for security audits of business process and corresponding business process management systems. In particular, it focuses on process discovery as a means to reconstruct process-related structu...
     
Strong non-leak guarantees for workflow models
Found in: Proceedings of the 2011 ACM Symposium on Applied Computing (SAC '11)
By Claus Wonnemann, Rafael Accorsi
Issue Date:March 2011
pp. 308-314
Despite the correct deployment of access control mechanisms, information leaks can persist and undermine the compliance of workflows to regulations and policies. This paper proposes InDico, a framework for the automated detection of information leaks in wo...
     
Personalization in privacy-aware highly dynamic systems
Found in: Communications of the ACM
By Jens Struker, Rafael Accorsi, Stefan Sackmann
Issue Date:September 2006
pp. 32-38
Enabling novel ways to personalize the relationship with customers without sacrificing their privacy.
     
 1