Middleware support for auditing service process flows

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Middleware support for auditing service process flows

Full text

Pdf (142 KB)

Source

MW4SOC; Vol. 184 archive
Proceedings of the 1st workshop on Middleware for Service Oriented Computing (MW4SOC 2006) table of contents

Melbourne, Australia

Pages: 24 - 29

Year of Publication: 2006

ISBN:1-59593-425-1

Author

Hakan Hacigümüş

IBM Almaden Research Center, San Jose, CA

Sponsor

ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 9, Downloads (12 Months): 51, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1169091.1169095 What is a DOI?

ABSTRACT

The ever increasing security and privacy concerns require organizations to strictly comply with the regulations and the guidelines. Similar to any other part of an organization, it is necessary to conduct audits to determine whether the IT systems are in compliance. We specifically focus on the IT systems that are founded on Service Oriented Computing (SOC) principals. In a service oriented system both the internal and the external services may easily interact with each other, which may make the establishment and the enforcement of the privacy policies and the rules across the systems increasingly challenging. We introduce efficient and flexible methods for auditing such systems by leveraging the middleware platform capabilities. We show how the service process flows that have been executed in the system can be audited both based on their structure and the information that is disclosed by them.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	M. Altunay, D. Brown, G. Byrd, and R. Dean. Trust-Based Secure Workflow Path Construction. In Proc. of Intl. Conf. on Service Oriented Computing (ICSOC), 2005.
	2	W. Cui, V. Paxon, N. C. Weaver, and R. H. Katz. Protocol-Independent Adaptive Replay of Application Dialog. In Proc. of Network and Distributed System Security Symposium, 2006.
	3	DAO. Data Access Objects. http://java.sun.com/blueprints/corej2eepatterns/Patterns/DataAccessObject.html.
	4	Martin Deubler , Johannes Grünbauer , Jan Jürjens , Guido Wimmel, Sound development of secure service-based systems, Proceedings of the 2nd international conference on Service oriented computing, November 15-19, 2004, New York, NY, USA [doi>10.1145/1035167.1035185]
	5	GLB. Gramm-Leach-Bliley Act. http://banking.senate.gov/conf/.
	6	HIPAA. Health Insurance Portability and Accountability Act. http://wwww.hhs.gov/ocr/hipaa.
	7	JDO. Java Data Objects. http://java.sun.com/products/jdo/.
	8	C. Krugel and T. Toth. Distributed Pattern Detection for Intrusion Detection. In Proc. of Network and Distributed System Security Symposium, 2002.
	9	Sarbanes-Oxley Act. Public Company Accounting Reform and Investor Protection Act. Pub. L. No. 107--204, 116 Stat. 745.
	10	SDO. Service Data Objects. http://www-128.ibm.com/developerworks/webservices/library/specification/ws-sdo/.
	11	The European Union Privacy Directive. Directive 95/46/EC of the European Parliament and of the Council. http://www.cdt.org/privacy/eudirective/EU_Directive_html
	12	B. Waters, D. Balfanz, and G. D. D. K. Smetters. Building an Encrypted and Searchable Audit Log. In Proc. of Network and Distributed System Security Symposium, 2004.