Publications

2018

  • C. Schuppler, M. Leitner, and S. Rinderle-Ma, “Privacy-aware data assessment of online social network registration processes,” in Proceedings of the eighth acm conference on data and application security and privacy, New York, NY, USA, 2018, p. 167–169. doi:10.1145/3176258.3176950
    [BibTeX] [Abstract] [URL]

    Privacy and security research has been very active concerning online social networks (OSN) as a vast amount of personal information is used and published (by users) within OSNs. However, most people do not pay attention on what personal information they provide during registration. Depending on what information is provided in (public) OSN profiles, that data might be misused by attackers e.g., for cross-site profile cloning. This paper assesses data provided by the user during the registration of OSNs. Therefore, it is investigated how OSN registration processes are typically modeled, which information is needed to create a profile in OSNs and which attack scenarios can occur based on the provided data. The results contribute to the understanding of OSN registration process design as well as requested data and to replicate and reuse processes for further privacy and security investigations.

    @inproceedings{schuppler_privacy-aware_2018,
    address = {New York, NY, USA},
    series = {{CODASPY} '18},
    title = {Privacy-aware Data Assessment of Online Social Network Registration Processes},
    isbn = {978-1-4503-5632-9},
    url = {http://doi.acm.org/10.1145/3176258.3176950},
    doi = {10.1145/3176258.3176950},
    booktitle = {Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy},
    publisher = {ACM},
    author = {Schuppler, Christine and Leitner, Maria and Rinderle-Ma, Stefanie},
    year = {2018},
    abstract = {Privacy and security research has been very active concerning online social networks (OSN) as a vast amount of personal information is used and published (by users) within OSNs. However, most people do not pay attention on what personal information they provide during registration. Depending on what information is provided in (public) OSN profiles, that data might be misused by attackers e.g., for cross-site profile cloning. This paper assesses data provided by the user during the registration of OSNs. Therefore, it is investigated how OSN registration processes are typically modeled, which information is needed to create a profile in OSNs and which attack scenarios can occur based on the provided data. The results contribute to the understanding of OSN registration process design as well as requested data and to replicate and reuse processes for further privacy and security investigations.},
    note ={Poster},
    pages = {167--169}
    }

2017

  • T. Pahi, M. Leitner, and F. Skopik, “Analysis and assessment of situational awareness models for national cyber security centers,” in Proceedings of the 3rd international conference on information systems security and privacy (icissp), 2017, p. 334–345. doi:10.5220/0006149703340345
    [BibTeX] [Abstract] [URL]

    National cyber security centers (NCSCs) are gaining more and more importance to ensure the security and proper operations of critical infrastructures (CIs). As a prerequisite, NCSCs need to collect, analyze, process, assess and share security-relevant information from infrastructure operators. A vital capability of mentioned NCSCs is to establish Cyber Situational Awareness (CSA) as a precondition for understanding the security situation of critical infrastructures. This is important for proper risk assessment and subsequent reduction of potential attack surfaces at national level. In this paper, we therefore survey theoretical models relevant for Situational Awareness (SA) and present a collaborative CSA model for NCSCs in order to enhance the protection of CIs at national level. Additionally, we provide an application scenario to illustrate a hands-on case of utilizing a CSA model in a NCSC, especially focusing on information sharing. We foresee this illustrative scenario to aid decision makers and practitioners who are involved in establishing NCSCs and cyber security processes on national level to better understand the specific implications regarding the application of the CSA model for NCSCs.

    @inproceedings{pahi_analysis_2017,
    title = {Analysis and Assessment of Situational Awareness Models for National Cyber Security Centers},
    booktitle = {Proceedings of the 3rd International Conference on Information Systems Security and Privacy (ICISSP)},
    publisher = {SCITEPRESS},
    author = {Pahi, Timea and Leitner, Maria and Skopik, Florian},
    year = {2017},
    doi = {10.5220/0006149703340345},
    abstract = {National cyber security centers (NCSCs) are gaining more and more importance to ensure the security and proper operations of critical infrastructures (CIs). As a prerequisite, NCSCs need to collect, analyze, process, assess and share security-relevant information from infrastructure operators. A vital capability of mentioned NCSCs is to establish Cyber Situational Awareness (CSA) as a precondition for understanding the security situation of critical infrastructures. This is important for proper risk assessment and subsequent reduction of potential attack surfaces at national level. In this paper, we therefore survey theoretical models relevant for Situational Awareness (SA) and present a collaborative CSA model for NCSCs in order to enhance the protection of CIs at national level.
    Additionally, we provide an application scenario to illustrate a hands-on case of utilizing a CSA model in a NCSC, especially focusing on information sharing. We foresee this illustrative scenario to aid decision makers and practitioners who are involved in establishing NCSCs and cyber security processes on national level to better understand the specific implications regarding the application of the CSA model for NCSCs.},
    url = {http://www.scitepress.org/DigitalLibrary/Link.aspx?doi=10.5220/0006149703340345},
    pages = {334--345}
    }

  • M. Leitner and M. Sachs, “Digitale bürgerbeteiligung. hintergrund, herausforderungen und lösungsansätze,” Siak journal – zeitschrift für polizeiwissenschaft und polizeiliche praxis, vol. 14, iss. 1, p. 42–50, 2017. doi:10.7396/2017_1_D
    [BibTeX] [Abstract] [URL]

    E-Partizipation wird die Beteiligung von Bürgerinnen und Bürger mittels Informations- und Kommunikationstechnologien (IKT) genannt. Mit E-Partizipation können unter anderem die Organisation von Verwaltungsabläufen bei Bürgerbeteiligungsprozessen optimiert, E-Services für Bürgerinnen und Bürger verbessert und insgesamt die wechselseitige Interaktion auf eine neue Qualitätsstufe gehoben werden. In diesem Artikel werden Ergebnisse aus dem KIRAS-Projekt „ePartizipation – Authentifizierung bei demokratischer Online-Beteiligung“ vorgestellt. Ziel des Projektes „ePartizipation“ ist es ein E-Partizipations-Ökosystem zu ermöglichen, das technische, rechtliche und sozialwissenschaftliche Rahmenbedingungen und Faktoren mit einbezieht. Projektergebnisse sind unter anderem ein Modell zu Empfehlungen zur Authentifizierung von Teilnehmerinnen und Teilnehmern bei Bürgerbeteiligungsverfahren, eine sichere und skalierbare Architektur und ein Prototyp, der diese Architektur flexibel und benutzerfreundlich umsetzt. Der Prototyp unterstützt die Nutzung verschiedenster digitaler Identitäten in Bürgerbeteiligungen und stärkt damit bereits existierende elektronische Identitäten. Im gesamten Projektverlauf wurden die Aspekte Sicherheit, Datenschutz und Privatsphäre von Beginn an sowohl im Design als auch in der Entwicklung beachtet, um eine möglichst sichere und flexible Lösung für Organisatorinnen und Organisatoren zu erstellen.

    @article{leitner_digitale_2017,
    title = {Digitale Bürgerbeteiligung. Hintergrund, Herausforderungen und Lösungsansätze},
    issn = {1813-3495},
    volume = {14},
    number = {1},
    journal = {SIAK Journal - Zeitschrift für Polizeiwissenschaft und Polizeiliche Praxis},
    author = {Leitner, Maria and Sachs, Michael},
    year = {2017},
    month = {Jan},
    doi = {10.7396/2017_1_D},
    note = {Open Access},
    abstract = {E-Partizipation wird die Beteiligung von Bürgerinnen und Bürger mittels Informations- und Kommunikationstechnologien (IKT) genannt. Mit E-Partizipation können unter anderem die Organisation von Verwaltungsabläufen bei Bürgerbeteiligungsprozessen optimiert, E-Services für Bürgerinnen und Bürger verbessert und insgesamt die wechselseitige Interaktion auf eine neue Qualitätsstufe gehoben werden. In diesem Artikel werden Ergebnisse aus dem KIRAS-Projekt „ePartizipation – Authentifizierung bei demokratischer Online-Beteiligung“ vorgestellt. Ziel des Projektes „ePartizipation“ ist es ein E-Partizipations-Ökosystem zu ermöglichen, das technische, rechtliche und sozialwissenschaftliche Rahmenbedingungen und Faktoren mit einbezieht. Projektergebnisse sind unter anderem ein Modell zu Empfehlungen zur Authentifizierung von Teilnehmerinnen und Teilnehmern bei Bürgerbeteiligungsverfahren, eine sichere und skalierbare Architektur und ein Prototyp, der diese Architektur flexibel und benutzerfreundlich umsetzt. Der Prototyp unterstützt die Nutzung verschiedenster digitaler Identitäten in Bürgerbeteiligungen und stärkt damit bereits existierende elektronische Identitäten. Im gesamten Projektverlauf wurden die Aspekte Sicherheit, Datenschutz und Privatsphäre von Beginn an sowohl im Design als auch in der Entwicklung beachtet, um eine möglichst sichere und flexible Lösung für Organisatorinnen und Organisatoren zu erstellen.},
    url={http://www.bmi.gv.at/cms/BMI_SIAK/4/2/1/2017/ausgabe_1/files/Leitner_1_2017.pdf},
    pages = {42--50}
    }

  • T. Pahi, M. Leitner, and F. Skopik, “Data exploitation at large: your way to adequate cyber common operating pictures,” in Proceedings of the 16th european conference on cyber warfare and security, Reading, UK, 2017, p. 307–315.
    [BibTeX] [Abstract] [URL]

    Recent conflicts and political incidents, such as Operation Orchard, have shown that no future conflict is likely to be fought without a cyber element. However, establishing effective defensive measures against cyber attacks is a difficult and resource-consuming task. A common denominator of an effective cyber defence has always been the application of Common Operating Pictures (COP) e.g. in law enforcement or the armed forces. COPs are widely used to represent, display and assess situations. In recent years, Cyber COPs (CCOPs) have become a key factor in the establishment and analysis of situational awareness as well as decision-making processes in the cyber domain. However, the process to establish an adequate CCOP is not trivial. The careful selection of data sources for the core CCOP, which consist of objectively measured events, gathered from both internal and external sources, as well as the subsequent rating of these sources and enrichment with contextual information to facilitate the interpretation of measured events, pose new challenges. This paper will therefore provide an information management process that aims at establishing cyber situational awareness (CSA) for stakeholders based on CCOPs. The process consists of several steps such as selecting data types, identifying core CCOP sources, evaluating the information quality, preparing CCOPs for target groups and gaining CSA based on CCOPs. Furthermore, we provide a qualitative survey of potentially usable information and related sources that are vital for CCOPs. We demonstrate our work by displaying the basic steps and grand picture to create a CCOP in an illustrative scenario. The example is set around a fictive national cyber security center (NCSC) that aims to decrease phishing, ransomware and DDoS attacks within the critical infrastructure. This CCOP example can then be used by numerous stakeholders to achieve situational awareness and thus facilitate decision making processes.

    @inproceedings{pahi_data_2017,
    address = {Reading, UK},
    title = {Data Exploitation at Large: Your Way to Adequate Cyber Common Operating Pictures},
    isbn = {978-1-911218-43-2},
    booktitle = {Proceedings of the 16th European Conference on Cyber Warfare and Security},
    publisher = {Academic Conferences and Publishing International Limited},
    author = {Pahi, Timea and Leitner, Maria and Skopik, Florian},
    month = jun,
    year = {2017},
    abstract = {Recent conflicts and political incidents, such as Operation Orchard, have shown that no future conflict is likely to be fought without a cyber element. However, establishing effective defensive measures against cyber attacks is a difficult and resource-consuming task. A common denominator of an effective cyber defence has always been the application of Common Operating Pictures (COP) e.g. in law enforcement or the armed forces. COPs are widely used to represent, display and assess situations. In recent years, Cyber COPs (CCOPs) have become a key factor in the establishment and analysis of situational awareness as well as decision-making processes in the cyber domain. However, the process to establish an adequate CCOP is not trivial. The careful selection of data sources for the core CCOP, which consist of objectively measured events, gathered from both internal and external sources, as well as the subsequent rating of these sources and enrichment with contextual information to facilitate the interpretation of measured events, pose new challenges. This paper will therefore provide an information management process that aims at establishing cyber situational awareness (CSA) for stakeholders based on CCOPs. The process consists of several steps such as selecting data types, identifying core CCOP sources, evaluating the information quality, preparing CCOPs for target groups and gaining CSA based on CCOPs. Furthermore, we provide a qualitative survey of potentially usable information and related sources that are vital for CCOPs. We demonstrate our work by displaying the basic steps and grand picture to create a CCOP in an illustrative scenario. The example is set around a fictive national cyber security center (NCSC) that aims to decrease phishing, ransomware and DDoS attacks within the critical infrastructure. This CCOP example can then be used by numerous stakeholders to achieve situational awareness and thus facilitate decision making processes.},
    url = {https://books.google.at/books?id=uFA8DwAAQBAJ&lpg=PA307&ots=YSo0jBZqYF&lr&pg=PA307#v=onepage&q&f=false},
    pages = {307--315}
    }

  • M. Frank, M. Leitner, and T. Pahi, “Design considerations for cyber security testbeds: a case study on a cyber security testbed for education,” in 2017 ieee 3rd intl conf cyber science and technology congress, Orlando, Florida, 2017, p. 38–46. doi:10.1109/DASC-PICom-DataCom-CyberSciTec.2017.23
    [BibTeX] [Abstract]

    Educational testbeds have been developed for many years. Within the past ten years, the development of cloud-based storage architectures as well as the facilitation of memory and storage technology allowed for the building of small to medium-sized testbeds at low or medium cost. These developments provide the foundation for the development of educational testbeds that can be used for cyber security training and exercise of various target groups (e.g., students, IT professionals, engineers) in many domains (e.g., cyber security, IoT, Industry 4.0). Testbeds have been well established within the information security community (e.g., malware analysis, cyber security experimentation, etc.). However, these testbeds often require a certain level of maintenance or resources and were therefore not often used in non-expert communities. However, it is essential that testbeds gain a wider audience in order to enable many different groups cyber security skills and competencies. In this paper, we analyze how an educational testbed could be designed by (1) examining established testbeds in research and education and (2) analyzing how typical testbeds are designed. Based on this, we propose a design life cycle, i.e. a methodology to facilitate the development of cyber security testbeds. We demonstrate our findings in a case study. In the study, we designed and implemented a cyber security testbed for educational purposes using open source technology. The results and reviewed literature validate the design life cycle and show dependencies between the underlying technology of the testbed and the designed challenges. These findings contribute to the overall development of testbeds and can be used as basis for future work. We plan to further extend this testbed in order to develop an automated and flexible cyber security testbed.

    @inproceedings{frank_design_2017,
    address = {Orlando, Florida},
    title = {Design Considerations for Cyber Security Testbeds: A Case Study on a Cyber Security Testbed for Education},
    publisher = {IEEE},
    doi = {10.1109/DASC-PICom-DataCom-CyberSciTec.2017.23},
    booktitle = {2017 IEEE 3rd Intl Conf Cyber Science and Technology Congress},
    author = {Frank, Maximilian and Leitner, Maria and Pahi, Timea},
    month = nov,
    year = {2017},
    abstract = {Educational testbeds have been developed for many years. Within the past ten years, the development of cloud-based storage architectures as well as the facilitation of memory and storage technology allowed for the building of small to medium-sized testbeds at low or medium cost. These developments provide the foundation for the development of educational testbeds that can be used for cyber security training and exercise of various target groups (e.g., students, IT professionals, engineers) in many domains (e.g., cyber security, IoT, Industry 4.0). Testbeds have been well established within the information security community (e.g., malware analysis, cyber security experimentation, etc.). However, these testbeds often require a certain level of maintenance or resources and were therefore not often used in non-expert communities. However, it is essential that testbeds gain a wider audience in order to enable many different groups cyber security skills and competencies. In this paper, we analyze how an educational testbed could be designed by (1) examining established testbeds in research and education and (2) analyzing how typical testbeds are designed. Based on this, we propose a design life cycle, i.e. a methodology to facilitate the development of cyber security testbeds. We demonstrate our findings in a case study. In the study, we designed and implemented a cyber security testbed for educational purposes using open source technology. The results and reviewed literature validate the design life cycle and show dependencies between the underlying technology of the testbed and the designed challenges. These findings contribute to the overall development of testbeds and can be used as basis for future work. We plan to further extend this testbed in order to develop an automated and flexible cyber security testbed. },
    pages = {38--46}
    }

  • M. Leitner, T. Pahi, and F. Skopik, “Situational awareness for strategic decision making on a national level,” in Collaborative Cyber Threat Intelligence, F. Skopik, Ed., CRC Press, 2017, p. 225–276.
    [BibTeX] [Abstract] [URL]

    With highly interconnected stakeholders, IT networks, and systems, international cooperation and coordination is becoming essential for the protection of global and local networks and services. Conventional strategies require a global view for the stabilization and protection of IT networks and systems. Much effort and solutions have been proposed to establish situational awareness (SA) within organizations (i.e. their local ICT networks). In general, SA is the perception of the element in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future. Enabling SA in cyber space, further called cyber situational awareness (CSA), is becoming a key factor for governments or public bodies. For example, CSA entails establishing preventive measures, monitoring evolving threats and campaigns in diverse and distributed IT landscapes as well as mitigating threats and sharing the information in certain trust circles to stay up-to-date. Nowadays, most critical infrastructures are operated by private organizations. The evaluation and impact analysis of critical incidents (i.e. that affect national economy or health) can be conducted such as with private-public partnerships. This chapter focuses on how (cyber) situational awareness can be established at national level to enable strategic decision making processes. In this context, national cyber security strategies are examined and it is investigated how they contribute and provide tools to foster SA. Furthermore, cyber security centers and their main tasks and responsibilities are investigated. In addition, SA models for decision making processes at individual, organizational or national level are assessed as well as how information and sources can be used to establish SA on national level.

    @incollection{leitner_situational_2017,
    title = {Situational Awareness for Strategic Decision Making on a National Level},
    isbn = {978-1-138-03182-1},
    booktitle = {Collaborative {Cyber} {Threat} {Intelligence}},
    publisher = {CRC Press},
    author = {Leitner, Maria and Pahi, Timea and Skopik, Florian},
    editor = {Skopik, Florian},
    year = {2017},
    abstract = {With highly interconnected stakeholders, IT networks, and systems, international cooperation and coordination is becoming essential for the protection of global and local networks and services. Conventional strategies require a global view for the stabilization and protection of IT networks and systems. Much effort and solutions have been proposed to establish situational awareness (SA) within organizations (i.e. their local ICT networks). In general, SA is the perception of the element in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future. Enabling SA in cyber space, further called cyber situational awareness (CSA), is becoming a key factor for governments or public bodies. For example, CSA entails establishing preventive measures, monitoring evolving threats and campaigns in diverse and distributed IT landscapes as well as mitigating threats and sharing the information in certain trust circles to stay up-to-date. Nowadays, most critical infrastructures are operated by private organizations. The evaluation and impact analysis of critical incidents (i.e. that affect national economy or health) can be conducted such as with private-public partnerships. This chapter focuses on how (cyber) situational awareness can be established at national level to enable strategic decision making processes. In this context, national cyber security strategies are examined and it is investigated how they contribute and provide tools to foster SA. Furthermore, cyber security centers and their main tasks and responsibilities are investigated. In addition, SA models for decision making processes at individual, organizational or national level are assessed as well as how information and sources can be used to establish SA on national level.},
    url = {https://www.crcpress.com/Collaborative-Cyber-Threat-Intelligence-Detecting-and-Responding-to-Advanced/Skopik/p/book/9781138031821},
    pages = {225--276}
    }

  • T. Pahi, M. Leitner, and F. Skopik, “Preparation, modelling, and visualisation of cyber common operating pictures for national cyber security centres,” Journal of information warfare, vol. 4, iss. 16, 2017.
    [BibTeX] [Abstract] [URL]

    Common Operating Pictures (COPs) have long been a common denominator of effective cyber defence operations (for example, in law enforcement and the military). COPs are widely used to represent, visualise, and assess situations. In recent years, Cyber COPs (CCOPs) have become important in establishing cyber situational awareness. This paper describes the information types and sources required for an efficient information management process supporting CCOPs. Following an initial description of CCOPs, the paper next discusses potential decisions supported by them. Finally, it provides an example of the entire process—from the application of the information management process to national decision-making.

    @article{pahi_preparation_2017,
    title = {Preparation, Modelling, and Visualisation of Cyber Common Operating Pictures for National Cyber Security Centres},
    volume = {4},
    url = {https://www.jinfowar.com/journal/volume-16-issue-4/preparation-modelling-visualisation-cyber-common-operating-pictures-national-cyber-security-centres},
    number = {16},
    abstract = {Common Operating Pictures (COPs) have long been a common denominator of effective cyber defence operations (for example, in law enforcement and the military). COPs are widely used to represent, visualise, and assess situations. In recent years, Cyber COPs (CCOPs) have become important in establishing cyber situational awareness. This paper describes the information types and sources required for an efficient information management process supporting CCOPs. Following an initial description of CCOPs, the paper next discusses potential decisions supported by them. Finally, it provides an example of the entire process—from the application of the information management process to national decision-making.},
    journal = {Journal of Information Warfare},
    author = {Pahi, Timea and Leitner, Maria and Skopik, Florian},
    month = dec,
    year = {2017}
    }

2016

  • O. Terbu, W. Hötzendorfer, M. Leitner, A. Bonitz, S. Vogl, and S. Zehetbauer, “Privacy and security by Design im agilen Softwareprozess,” in Netzwerke: Tagungsband des 19. Internationalen Rechtsinformatik Symposions IRIS 2016, Salzburg, 2016, p. 457–464.
    [BibTeX] [URL]
    @inproceedings{terbu_privacy_2016,
    address = {Salzburg},
    title = {Privacy and security by {Design} im agilen {Softwareprozess}},
    booktitle = {Netzwerke: {Tagungsband} des 19. {Internationalen} {Rechtsinformatik} {Symposions} {IRIS} 2016},
    publisher = {Österreichische Computer Gesellschaft (OCG)},
    author = {Terbu, Oliver and Hötzendorfer, Walter and Leitner, Maria and Bonitz, Arndt and Vogl, Stefan and Zehetbauer, Sebastian},
    editor = {Schweighofer, E. and Kummer, F. and Hötzendorfer, Walter and Borges, G.},
    year = {2016},
    url = {http://jusletter-it.weblaw.ch/issues/2016/IRIS.html},
    pages = {457--464}
    }

  • J. Schossböck, M. Sachs, and M. Leitner, “E-Participation Platform Features and Design Principles,” in CeDEM16 Proceedings of the International Conference for E-Democracy and Open Government 2016, Krems, Austria, 2016, p. 69–74.
    [BibTeX] [Abstract] [URL]

    Austria has seen some efforts in e-participation initiatives during the last years, for instance in the area of urban design. However, a single official platform (“one-stop”-principle) comprising many e-participation processes for a broader target group is so far missing. In the KIRAS project “ePartizipation” researchers and practitioners have worked on a demonstrator for a platform that seeks to integrate multiple online identification methods and is able to offer activities on different levels of e-participation. This paper describes the conceptualisation of the platform and the inherent design principles, in particular related to Privacy by Design and e-inclusion.

    @inproceedings{schossbock_e-participation_2016,
    address = {Krems, Austria},
    title = {E-{Participation} {Platform} {Features} and {Design} {Principles}},
    isbn = {978-3-902505-81-1},
    url = {http://www.donau-uni.ac.at/imperia/md/content/department/gpa/zeg/bilder/cedem/cedem16/cedem16_inhalt_160414.pdf},
    abstract = {Austria has seen some efforts in e-participation initiatives during the last years, for instance in the area of urban design. However, a single official platform (“one-stop”-principle) comprising many e-participation processes for a broader target group is so far missing. In the KIRAS project “ePartizipation” researchers and practitioners have worked on a demonstrator for a platform that seeks to integrate multiple online identification methods and is able to offer activities on different levels of e-participation. This paper describes the conceptualisation of the platform and the inherent design principles, in particular related to Privacy by Design and e-inclusion.},
    booktitle = {{CeDEM}16 {Proceedings} of the {International} {Conference} for {E}-{Democracy} and {Open} {Government} 2016},
    publisher = {Edition Donau-Universität Krems},
    author = {Schossböck, Judith and Sachs, Michael and Leitner, Maria},
    editor = {Parycek, Peter and Edelmann, Noella},
    year = {2016},
    pages = {69--74}
    }

  • I. Serov, M. Leitner, and S. Rinderle-Ma, “Current Practice and Challenges of Data Use and Web Analytics in Online Participations,” in Electronic Government and Electronic Participation, Guimarães, Portugal, 2016, p. 80–87. doi:10.3233/978-1-61499-670-5-80
    [BibTeX] [Abstract] [URL]

    Information system design and implementation are key factors for electronic participatory processes and procedures. How information systems are designed does not only affect the procedures but also influences the trust building between organizers, operators and participants. In addition, the implementation often has to adhere to legal standards. In this paper, we aim to investigate current practice of data use in online participations. In particular, a qualitative analysis is conducted and 18 online participations are investigated on their data use, i.e. use of participant information, cookies and web analytics. The results show that most projects require and request data during site visits (e.g., IP address, browser type) and for active participation (e.g., name, email). The real benefit, however, for the use of web analytics is often unclear. Furthermore, often proprietary solutions for web analytics are used, even tough open source solutions (i.e. that store data locally) exist. For future projects, it is recommended to not only define but also keep privacy policies updated (according to the used technology) and to specify the purpose and goals of using web analytics

    @inproceedings{serov_current_2016,
    address = {Guimarães, Portugal},
    series = {Innovation and the {Public} {Sector}},
    title = {Current {Practice} and {Challenges} of {Data} {Use} and {Web} {Analytics} in {Online} {Participations}},
    volume = {23},
    url = {http://ebooks.iospress.nl/volumearticle/45091},
    doi = {10.3233/978-1-61499-670-5-80},
    abstract = {Information system design and implementation are key factors for electronic participatory processes and procedures. How information systems are designed does not only affect the procedures but also influences the trust building between organizers, operators and participants. In addition, the implementation often has to adhere to legal standards. In this paper, we aim to investigate current practice of data use in online participations. In particular, a qualitative analysis is conducted and 18 online participations are investigated on their data use, i.e. use of participant information, cookies and web analytics. The results show that most projects require and request data during site visits (e.g., IP address, browser type) and for active participation (e.g., name, email). The real benefit, however, for the use of web analytics is often unclear. Furthermore, often proprietary solutions for web analytics are used, even tough open source solutions (i.e. that store data locally) exist. For future projects, it is recommended to not only define but also keep privacy policies updated (according to the used technology) and to specify the purpose and goals of using web analytics},
    booktitle = {Electronic {Government} and {Electronic} {Participation}},
    publisher = {IOS Press},
    author = {Serov, Igor and Leitner, Maria and Rinderle-Ma, Stefanie},
    year = {2016},
    note = {Open Access},
    pages = {80--87}
    }

  • J. Schossböck, O. Terbu, M. Sachs, M. Leitner, V. Heussler, G. Wenda, A. Bonitz, W. Hötzendorfer, P. Parycek, S. Vogl, and S. Zehetbauer, “Inclusion and Privacy in E-Participation Platform Design,” in Electronic Government and Electronic Participation, 2016, p. 51–58. doi:10.3233/978-1-61499-670-5-51
    [BibTeX] [Abstract] [URL]

    Austria has seen some efforts in e-participation initiatives during the last years. However, a single platform comprising many e-participation levels and activities for a broader target group is so far missing. In the project ePartizipation researchers and practitioners worked on a platform demonstrator that integrates multiple online identification methods and offers activities on different levels of e-participation. This paper describes the conceptualisation of the platform and the inherent design principles, the first project results, in particular related to strategies aiming at enhancing inclusion and privacy, and the experiences from the project team.

    @inproceedings{schossbock_inclusion_2016,
    series = {Innovation and the {Public} {Sector}},
    title = {Inclusion and {Privacy} in {E}-{Participation} {Platform} {Design}},
    volume = {23},
    url = {http://ebooks.iospress.nl/volumearticle/45087},
    doi = {10.3233/978-1-61499-670-5-51},
    abstract = {Austria has seen some efforts in e-participation initiatives during the last years. However, a single platform comprising many e-participation levels and activities for a broader target group is so far missing. In the project ePartizipation researchers and practitioners worked on a platform demonstrator that integrates multiple online identification methods and offers activities on different levels of e-participation. This paper describes the conceptualisation of the platform and the inherent design principles, the first project results, in particular related to strategies aiming at enhancing inclusion and privacy, and the experiences from the project team.},
    booktitle = {Electronic {Government} and {Electronic} {Participation}},
    publisher = {IOS Press},
    author = {Schossböck, Judith and Terbu, Oliver and Sachs, Michael and Leitner, Maria and Heussler, Vinzenz and Wenda, Gregor and Bonitz, Arndt and Hötzendorfer, Walter and Parycek, Peter and Vogl, Stefan and Zehetbauer, Sebastian},
    year = {2016},
    note = {Open Access},
    pages = {51--58}
    }

  • M. Leitner and A. Bonitz, “Authentication in the context of e-participation: current practice, challenges, and recommendations,” in 3rd International Workshop on Software Assurance (SAW) at ARES, Salzburg, Austria, 2016, pp. 480-485. doi:10.1109/ARES.2016.82
    [BibTeX] [Abstract] [URL]

    Authentication as well as identification are key functions when it comes to online and democratic participatory processes that can be found in the context of e-participation. Until now, research has centered on the development of authentication and identification techniques. Why and how these techniques are currently used and what their benefits are in the context of e-participation is missing so far. In this paper, we aim to address these challenges by reviewing state of the art literature and practice in order to determine how current authentication techniques are used in e-participation. Furthermore, we conduct an expert survey in order to establish a baseline how current techniques are used and perceived. The results show that current practice focuses strongly on the use of the de facto standard user/password in e-participation. However, experts believe that multiple other authentication techniques such as biometrics or electronic signatures will become more important in future applications. Moreover, experts acknowledge the use of various authentication methods suitable for the level of participation, as opposed to current practice that often provides only one way of authentication. These findings will help to further develop and improve future technologies and applications to support participatory processes for citizens’ involvement.

    @inproceedings{leitner_authentication_2016,
    address = {Salzburg, Austria},
    title = {Authentication in the context of e-participation: current practice, challenges, and recommendations},
    booktitle = {3rd {International} {Workshop} on {Software} {Assurance} ({SAW}) at {ARES}},
    publisher = {IEEE Computer Society},
    author = {Leitner, Maria and Bonitz, Arndt},
    year = {2016},
    doi={10.1109/ARES.2016.82},
    pages={480-485},
    abstract = {Authentication as well as identification are key functions when it comes to online and democratic participatory processes that can be found in the context of e-participation. Until now, research has centered on the development of authentication and identification techniques. Why and how these techniques are currently used and what their benefits are in the context of e-participation is missing so far. In this paper, we aim to address these challenges by reviewing state of the art literature and practice in order to determine how current authentication techniques are used in e-participation. Furthermore, we conduct an expert survey in order to establish a baseline how current techniques are used and perceived. The results show that current practice focuses strongly on the use of the de facto standard user/password in e-participation. However, experts believe that multiple other authentication techniques such as biometrics or electronic signatures will become more important in future applications. Moreover, experts acknowledge the use of various authentication methods suitable for the level of participation, as opposed to current practice that often provides only one way of authentication. These findings will help to further develop and improve future technologies and applications to support participatory processes for citizens' involvement.},
    url={https://doi.org/10.1109/ARES.2016.82},
    month={Aug}
    }

  • M. Leitner, A. Bonitz, B. Herzog, W. Hötzendorfer, C. Kenngott, T. Kuhta, O. Terbu, S. Vogl, and S. Zehetbauer, “A versatile, secure and privacy-aware tool for online participation,” in 20th IEEE international enterprise distributed object computing workshop, EDOC workshops 2016, vienna, austria, september 5-9, 2016, Vienna, Austria, 2016. doi:10.1109/EDOCW.2016.7584342
    [BibTeX] [Abstract] [URL]

    Online participations have increased in recent years and various tools emerged to support participatory processes. However, often they support only one level of participation such as information, consultation or co-operation and definite security and privacy considerations seem to be not a priority. What is missing so far is a secure and flexible tool that can be used for multiple purposes and integrates security and privacy considerations from the beginning. In this paper, we propose a tool for online participation that supports multiple levels of participation, provides authentication with different electronic identities (eIDs), incorporates security and privacy by design and ensures interoperability to existing identity solutions. For example, with the use of different eIDs (if adequate to the level of participation), we expect to enable a low threshold for participation. Based on the aforementioned requirements, we expect to increase the trust between operators and participants in online participations in the long run.

    @inproceedings{leitner_versatile_2016,
    address = {Vienna, Austria},
    title = {A versatile, secure and privacy-aware tool for online participation},
    booktitle = {20th {IEEE} International Enterprise Distributed Object Computing Workshop, {EDOC} Workshops 2016, Vienna, Austria, September 5-9, 2016},
    publisher = {IEEE},
    author = {Leitner, Maria and Bonitz, Arndt and Herzog, Bernd and H{\"{o}}tzendorfer, Walter and Kenngott, Christian and Kuhta, Thomas and Terbu, Oliver and Vogl, Stefan and Zehetbauer, Sebastian},
    year = {2016},
    abstract = {Online participations have increased in recent years and various tools emerged to support participatory processes. However, often they support only one level of participation such as information, consultation or co-operation and definite security and privacy considerations seem to be not a priority. What is missing so far is a secure and flexible tool that can be used for multiple purposes and integrates security and privacy considerations from the beginning. In this paper, we propose a tool for online participation that supports multiple levels of participation, provides authentication with different electronic identities (eIDs), incorporates security and privacy by design and ensures interoperability to existing identity solutions. For example, with the use of different eIDs (if adequate to the level of participation), we expect to enable a low threshold for participation. Based on the aforementioned requirements, we expect to increase the trust between operators and participants in online participations in the long run.},
    doi = {10.1109/EDOCW.2016.7584342},
    url = {http://dx.doi.org/10.1109/EDOCW.2016.7584342}
    }

  • I. Serov and M. Leitner, “An experimental approach to reputation in e-participation,” in International conference on software security and assurance (icssa), St. Pölten, Austria, 2016, pp. 37-42. doi:10.1109/ICSSA.2016.14
    [BibTeX] [Abstract] [URL]

    E-participation is about ICT-supported participation of citizens in democratic processes and procedures (e.g., consultation or co-creation). Research has mostly centered on the development of tools to model and deploy ICT-supported democratic processes. So far, the integration and use of reputation has only been rarely considered even tough reputation systems provide ratings that could be adapted well to the context of e-participation e.g., evaluating and rating comments and activities of users. Furthermore, reputation in e-participation can increase the trust between users (e.g., new participants) and their activities e.g., commenting or rating. In this paper, we aim to address reputation in e-participation with an overview of state of the art and an experimental reputation model for e-participation. The model measures not only the quality of comments but also the activity of users. Thereby, a certain level of assurance is enabled by users itself; they can mark unqualified posts that can be removed at a certain level. For future work, we aim to perform user acceptance tests in order to identify potential chances and pitfalls and further enhance the proposed solution.

    @inproceedings{serov_experimental_2016,
    address = {St. Pölten, Austria},
    title = {An Experimental Approach to Reputation in E-participation},
    booktitle = {International Conference on Software Security and Assurance (ICSSA)},
    publisher = {IEEE},
    author = {Serov, Igor and Leitner, Maria},
    year = {2016},
    pages = {37-42},
    abstract = {E-participation is about ICT-supported participation of citizens in democratic processes and procedures (e.g., consultation or co-creation). Research has mostly centered on the development of tools to model and deploy ICT-supported democratic processes. So far, the integration and use of reputation has only been rarely considered even tough reputation systems provide ratings that could be adapted well to the context of e-participation e.g., evaluating and rating comments and activities of users. Furthermore, reputation in e-participation can increase the trust between users (e.g., new participants) and their activities e.g., commenting or rating. In this paper, we aim to address reputation in e-participation with an overview of state of the art and an experimental reputation model for e-participation. The model measures not only the quality of comments but also the activity of users. Thereby, a certain level of assurance is enabled by users itself; they can mark unqualified posts that can be removed at a certain level. For future work, we aim to perform user acceptance tests in order to identify potential chances and pitfalls and further enhance the proposed solution.},
    doi={10.1109/ICSSA.2016.14},
    url = {https://doi.org/10.1109/ICSSA.2016.14},
    month={Aug}
    }

  • F. Skopik, M. Leitner, and T. Pahi, “Cisa: establishing national cyber situational awareness to counter new threats,” Ercim news, iss. 106, p. 52–53, 2016.
    [BibTeX] [Abstract] [URL]

    The final draft of the Network and Information Security (NIS) Directive stipulates that operators of essential services and digital service providers must report certain security incidents to competent authorities or national computer security incident response teams (CSIRTs) in their member state. It is the authorities’ job to collect and process information about security incidents to increase network security in all organisations by issuing early warnings, assisting in mitigation actions, or distributing recommendations and best practices. However, before an appropriate response to a severe cyber situation can be undertaken, it is essential to establish cyber situational awareness – which turns out to be a tricky task.

    @article{skopik_cisa:_2016,
    title = {CISA: Establishing National Cyber Situational Awareness to Counter New Threats},
    url = {http://ercim-news.ercim.eu/en106/special/cisa-establishing-national-cyber-situational-awareness-to-counter-new-threats},
    number = {106},
    journal = {ERCIM News},
    author = {Skopik, Florian and Leitner, Maria and Pahi, Timea},
    month = jul,
    year = {2016},
    note = {Open Access},
    abstract = {The final draft of the Network and Information Security (NIS) Directive stipulates that operators of essential services and digital service providers must report certain security incidents to competent authorities or national computer security incident response teams (CSIRTs) in their member state. It is the authorities’ job to collect and process information about security incidents to increase network security in all organisations by issuing early warnings, assisting in mitigation actions, or distributing recommendations and best practices. However, before an appropriate response to a severe cyber situation can be undertaken, it is essential to establish cyber situational awareness – which turns out to be a tricky task.},
    pages = {52--53}
    }

  • J. Schossböck, M. Sachs, and M. Leitner, “E-Participation Platform Features and Design Principles,” in CeDEM16 Proceedings of the International Conference for E-Democracy and Open Government 2016, Krems, Austria, 2016, p. 69–74.
    [BibTeX] [URL]
    @inproceedings{schossbock_e-participation_2016,
    address = {Krems, Austria},
    title = {E-{Participation} {Platform} {Features} and {Design} {Principles}},
    isbn = {978-3-902505-81-1},
    url = {http://www.donau-uni.ac.at/imperia/md/content/department/gpa/zeg/bilder/cedem/cedem16/cedem16_inhalt_160414.pdf},
    booktitle = {{CeDEM}16 {Proceedings} of the {International} {Conference} for {E}-{Democracy} and {Open} {Government} 2016},
    publisher = {Edition Donau-Universität Krems},
    author = {Schossböck, Judith and Sachs, Michael and Leitner, Maria},
    editor = {Parycek, Peter and Edelmann, Noella},
    year = {2016},
    note = {Open Access},
    note = {Austria has seen some efforts in e-participation initiatives during the last years, for instance in the area of urban design. However, a single official platform (“one-stop”-principle) comprising many e-participation processes for a broader target group is so far missing. In the KIRAS project “ePartizipation” researchers and practitioners have worked on a demonstrator for a platform that seeks to integrate multiple online identification methods and is able to offer activities on different levels of e-participation. This paper describes the conceptualisation of the platform and the inherent design principles, in particular related to Privacy by Design and e-inclusion.},
    pages = {69--74}
    }

  • S. Kriglstein, M. Leitner, S. Kabicher-Fuchs, and S. Rinderle-Ma, “Evaluation Methods in Process-Aware Information Systems Research with a Perspective on Human Orientation,” Business & information systems engineering, vol. 58, iss. 6, p. 397–414, 2016. doi:10.1007/s12599-016-0427-3
    [BibTeX] [Abstract] [URL]

    Research on process-aware information systems (PAIS) has experienced a dramatic growth in recent years. Lately, a particular increase of empirical studies and focus on human oriented research questions could be observed, leading to an expansion of applied evaluation methods in PAIS research. At the same time, it can be observed that evaluation methods are not always applied in a systematic manner and related terminology is at times used in an ambiguous way. Hence, the paper aims at investigating evaluation methods that are typically employed in PAIS research with a special focus on human orientation. The applied methodology includes a literature review, an expert survey, and a focus group. The authors present their findings as a collection of typical evaluation methods and the related PAIS artifacts. They highlight which evaluation methods are currently used and which evaluation methods could be of interest for future PAIS research efforts.

    @article{kriglstein_evaluation_2016,
    title = {Evaluation {Methods} in {Process}-{Aware} {Information} {Systems} {Research} with a {Perspective} on {Human} {Orientation}},
    volume = {58},
    issn = {1867-0202},
    url = {http://dx.doi.org/10.1007/s12599-016-0427-3},
    doi = {10.1007/s12599-016-0427-3},
    abstract = {Research on process-aware information systems (PAIS) has experienced a dramatic growth in recent years. Lately, a particular increase of empirical studies and focus on human oriented research questions could be observed, leading to an expansion of applied evaluation methods in PAIS research. At the same time, it can be observed that evaluation methods are not always applied in a systematic manner and related terminology is at times used in an ambiguous way. Hence, the paper aims at investigating evaluation methods that are typically employed in PAIS research with a special focus on human orientation. The applied methodology includes a literature review, an expert survey, and a focus group. The authors present their findings as a collection of typical evaluation methods and the related PAIS artifacts. They highlight which evaluation methods are currently used and which evaluation methods could be of interest for future PAIS research efforts.},
    number = {6},
    journal = {Business \& Information Systems Engineering},
    author = {Kriglstein, Simone and Leitner, Maria and Kabicher-Fuchs, Sonja and Rinderle-Ma, Stefanie},
    year = {2016},
    note = {Open Access},
    pages = {397--414}
    }

2015

  • M. Leitner, Z. Ma, and S. Rinderle-Ma, “A Cross-Layer Security Analysis for Process-Aware Information Systems,” Arxiv:1507.03415 [cs], 2015.
    [BibTeX] [Abstract] [URL]

    Information security in Process-aware Information System (PAIS) relies on many factors, including security of business process and the underlying system and technologies. Moreover, humans can be the weakest link that creates pathway to vulnerabilities, or the worst enemy that compromises a well-defended system. Since a system is as secure as its weakest link, information security can only be achieved in PAIS if all factors are secure. In this paper, we address two research questions: how to conduct a cross-layer security analysis that couple security concerns at business process layer as well as at the technical layer; and how to include human factor into the security analysis for the identification of human-oriented vulnerabilities and threats. We propose a methodology that supports the tracking of security interdependencies between functional, technical, and human aspects which contribute to establish a holistic approach to information security in PAIS. We demonstrate the applicability with a scenario from the payment card industry.

    @report{leitner_cross-layer_2015,
    title = {A {Cross}-{Layer} {Security} {Analysis} for {Process}-{Aware} {Information} {Systems}},
    url = {http://arxiv.org/abs/1507.03415},
    abstract = {Information security in Process-aware Information System (PAIS) relies on many factors, including security of business process and the underlying system and technologies. Moreover, humans can be the weakest link that creates pathway to vulnerabilities, or the worst enemy that compromises a well-defended system. Since a system is as secure as its weakest link, information security can only be achieved in PAIS if all factors are secure. In this paper, we address two research questions: how to conduct a cross-layer security analysis that couple security concerns at business process layer as well as at the technical layer; and how to include human factor into the security analysis for the identification of human-oriented vulnerabilities and threats. We propose a methodology that supports the tracking of security interdependencies between functional, technical, and human aspects which contribute to establish a holistic approach to information security in PAIS. We demonstrate the applicability with a scenario from the payment card industry.},
    urldate = {2016-06-16},
    journal = {arXiv:1507.03415 [cs]},
    author = {Leitner, Maria and Ma, Zhendong and Rinderle-Ma, Stefanie},
    month = jul,
    year = {2015},
    note = {arXiv: 1507.03415}
    }

2014

  • M. Leitner and S. Rinderle-Ma, “A systematic review on security in process-aware information systems – constitution, challenges, and future directions,” Information and software technology, vol. 56, iss. 3, p. 273–293, 2014. doi:10.1016/j.infsof.2013.12.004
    [BibTeX] [Abstract] [URL]

    Context Security in Process-Aware Information Systems (PAIS) has gained increased attention in current research and practice. However, a common understanding and agreement on security is still missing. In addition, the proliferation of literature makes it cumbersome to overlook and determine state of the art and further to identify research challenges and gaps. In summary, a comprehensive and systematic overview of state of the art in research and practice in the area of security in PAIS is missing. Objective This paper investigates research on security in PAIS and aims at establishing a common understanding of terminology in this context. Further it investigates which security controls are currently applied in PAIS. Method A systematic literature review is conducted in order to classify and define security and security controls in PAIS. From initially 424 papers, we selected in total 275 publications that related to security and PAIS between 1993 and 2012. Furthermore, we analyzed and categorized the papers using a systematic mapping approach which resulted into 5 categories and 12 security controls. Results In literature, security in PAIS often centers on specific (security) aspects such as security policies, security requirements, authorization and access control mechanisms, or inter-organizational scenarios. In addition, we identified 12 security controls in the area of security concepts, authorization and access control, applications, verification, and failure handling in PAIS. Based on the results, open research challenges and gaps are identified and discussed with respect to possible solutions. Conclusion This survey provides a comprehensive review of current security practice in PAIS and shows that security in PAIS is a challenging interdisciplinary research field that assembles research methods and principles from security and PAIS. We show that state of the art provides a rich set of methods such as access control models but still several open research challenges remain.

    @article{leitner_systematic_2014,
    title = {A systematic review on security in Process-Aware Information Systems – Constitution, challenges, and future directions},
    volume = {56},
    issn = {0950-5849},
    url = {http://www.sciencedirect.com/science/article/pii/S0950584913002334},
    doi = {10.1016/j.infsof.2013.12.004},
    number = {3},
    urldate = {2014-01-15},
    journal = {Information and Software Technology},
    author = {Leitner, Maria and Rinderle-Ma, Stefanie},
    month = mar,
    abstract = {Context
    Security in Process-Aware Information Systems (PAIS) has gained increased attention in current research and practice. However, a common understanding and agreement on security is still missing. In addition, the proliferation of literature makes it cumbersome to overlook and determine state of the art and further to identify research challenges and gaps. In summary, a comprehensive and systematic overview of state of the art in research and practice in the area of security in PAIS is missing.
    Objective
    This paper investigates research on security in PAIS and aims at establishing a common understanding of terminology in this context. Further it investigates which security controls are currently applied in PAIS.
    Method
    A systematic literature review is conducted in order to classify and define security and security controls in PAIS. From initially 424 papers, we selected in total 275 publications that related to security and PAIS between 1993 and 2012. Furthermore, we analyzed and categorized the papers using a systematic mapping approach which resulted into 5 categories and 12 security controls.
    Results
    In literature, security in PAIS often centers on specific (security) aspects such as security policies, security requirements, authorization and access control mechanisms, or inter-organizational scenarios. In addition, we identified 12 security controls in the area of security concepts, authorization and access control, applications, verification, and failure handling in PAIS. Based on the results, open research challenges and gaps are identified and discussed with respect to possible solutions.
    Conclusion
    This survey provides a comprehensive review of current security practice in PAIS and shows that security in PAIS is a challenging interdisciplinary research field that assembles research methods and principles from security and PAIS. We show that state of the art provides a rich set of methods such as access control models but still several open research challenges remain.},
    year = {2014},
    note = {Open Access},
    pages = {273--293}
    }

  • M. Leitner and S. Rinderle-Ma, “Anomaly detection and visualization in rbac models,” in Proceedings of the 19th acm symposium on access control models and technologies (sacmat), New York, NY, USA, 2014, pp. 41-52. doi:10.1145/2613087.2613105
    [BibTeX] [Abstract] [URL] [Download PDF]

    With the wide use of Role-based Access Control (RBAC), the need for monitoring, evaluation, and verification of RBAC implementations (e.g., to evaluate ex post which users acting in which roles were authorized to execute permissions) is evident. In this paper, we aim at detecting and identifying anomalies that originate from insiders such as the infringement of rights or irregular activities. To do that, we compare prescriptive (original) RBAC models (i.e. how the RBAC model is expected to work) with generative (current-state) RBAC models (i.e. the actual accesses represented by an RBAC model obtained with mining techniques). For this we present different similarity measures for RBAC models and their entities. We also provide techniques for visualizing anomalies within RBAC models based on difference graphs. This can be used for the alignment of RBAC models such as for policy updates or reconciliation. The effectiveness of the approach is evaluated based on a prototypical implementation and an experiment.

    @INPROCEEDINGS{leitner_anomaly_2014,
    author = {Leitner, Maria and Rinderle-Ma, Stefanie},
    title = {Anomaly Detection and Visualization in RBAC Models},
    booktitle = {Proceedings of the 19th ACM Symposium on Access Control Models and Technologies (SACMAT)},
    address = {New York, NY, USA},
    series = {{SACMAT} '14},
    year = {2014},
    abstract = {With the wide use of Role-based Access Control (RBAC), the need for monitoring, evaluation, and verification of RBAC implementations (e.g., to evaluate ex post which users acting in which roles were authorized to execute permissions) is evident. In this paper, we aim at detecting and identifying anomalies that originate from insiders such as the infringement of rights or irregular activities. To do that, we compare prescriptive (original) RBAC models (i.e. how the RBAC model is expected to work) with generative (current-state) RBAC models (i.e. the actual accesses represented by an RBAC model obtained with mining techniques). For this we present different similarity measures for RBAC models and their entities. We also provide techniques for visualizing anomalies within RBAC models based on difference graphs. This can be used for the alignment of RBAC models such as for policy updates or reconciliation. The effectiveness of the approach is evaluated based on a prototypical implementation and an experiment.},
    pages = {41-52},
    isbn = {978-1-4503-2939-2},
    url = {http://doi.acm.org/10.1145/2613087.2613105},
    pdf = {leitner_anomaly_2014},
    doi = {10.1145/2613087.2613105},
    publisher = {{ACM}}
    }

  • M. Leitner, “Security policy integration and life cycle management in process-aware information systems,” phd PhD Thesis, wien, 2014.
    [BibTeX] [Abstract] [URL]

    Process-aware Information Systems (PAIS) are information systems that manage and execute operational processes involving people, resources, and applications in a process-oriented way. To satisfy business needs, PAIS cover a set of requirements: they manage a multitude of participants, resources, and private and public information, and provide means for intra- and inter-organizational business processes. PAIS implementations range from information systems with process support (e.g., databases or document management systems) to application-specific implementations and generic solutions such as workflow systems. With the different forms and requirements of PAIS, it is imminent that security becomes a central concern. Although research has started to investigate security in PAIS, current state of research and practice is unbalanced. For example, there is a missing agreement on technology and controls. A reason is that PAIS research has centered on the development of core features of PAIS so far and neglected to thrive and foster security techniques. As the design and implementation of security policies is a fundamental key to a successful implementation of secure software systems, this thesis centers on the integration of security policies in PAIS. This thesis aimed at providing an integrated view on security policies in PAIS. Particularly, we investigated the security policy life cycle in combination with the business process life cycle. Together, the integrated view contributes to the implementation of security policies in business processes which further strengthens the IT security and compliance management in organizations. In the thesis, techniques were analyzed and provided on how to design and model, to enact and enforce, and to evaluate security policies in business processes. One main contribution is an Role-based Access Control (RBAC) model that incorporates structural aspects that are typically represented in business processes.

    @phdthesis{leitner_security_2014,
    address = {wien},
    type = {phd},
    title = {Security policy integration and life cycle management in process-aware information systems},
    copyright = {All rights reserved},
    url = {http://othes.univie.ac.at/36146/},
    abstract = {Process-aware Information Systems (PAIS) are information systems that manage and execute operational processes involving people, resources, and applications in a process-oriented way. To satisfy business needs, PAIS cover a set of requirements: they manage a multitude of participants, resources, and private and public information, and provide means for intra- and inter-organizational business processes. PAIS implementations range from information systems with process support (e.g., databases or document management systems) to application-specific implementations and generic solutions such as workflow systems. With the different forms and requirements of PAIS, it is imminent that security becomes a central concern. Although research has started to investigate security in PAIS, current state of research and practice is unbalanced. For example, there is a missing agreement on technology and controls. A reason is that PAIS research has centered on the development of core features of PAIS so far and neglected to thrive and foster security techniques. As the design and implementation of security policies is a fundamental key to a successful implementation of secure software systems, this thesis centers on the integration of security policies in PAIS. This thesis aimed at providing an integrated view on security policies in PAIS. Particularly, we investigated the security policy life cycle in combination with the business process life cycle. Together, the integrated view contributes to the implementation of security policies in business processes which further strengthens the IT security and compliance management in organizations. In the thesis, techniques were analyzed and provided on how to design and model, to enact and enforce, and to evaluate security policies in business processes. One main contribution is an Role-based Access Control (RBAC) model that incorporates structural aspects that are typically represented in business processes.},
    urldate = {2016-06-14},
    school = {University of Vienna},
    author = {Leitner, Maria},
    year = {2014}
    }

2013

  • M. Leitner, A. Baumgrass, S. Schefer-Wenzl, S. Rinderle-Ma, and M. Strembeck, “A case study on the suitability of process mining to produce current-state RBAC models,” in Business process management workshops, 2013, p. 719–724. doi:10.1007/978-3-642-36285-9_72
    [BibTeX] [Abstract] [URL]

    Role-based access control ({RBAC)} is commonly used to implement authorization procedures in Process-aware information systems ({PAIS).} Process mining refers to a bundle of algorithms that typically discover process models from event log data produced during the execution of real-world processes. Beyond pure control flow mining, some techniques focus on the discovery of organizational information from event logs. However, a systematic analysis and comparison of these approaches with respect to their suitability for mining {RBAC} models is still missing. This paper works towards filling this gap and provides a first guidance for applying mining techniques for deriving {RBAC} models.

    @inproceedings{leitner_case_2013,
    series = {LNBIP},
    title = {A Case Study on the Suitability of Process Mining to Produce Current-State {RBAC} Models},
    copyright = {©2013 Springer-Verlag Berlin Heidelberg},
    isbn = {978-3-642-36284-2, 978-3-642-36285-9},
    url = {http://link.springer.com/chapter/10.1007/978-3-642-36285-9_72},
    abstract = {Role-based access control ({RBAC)} is commonly used to implement authorization procedures in Process-aware information systems ({PAIS).} Process mining refers to a bundle of algorithms that typically discover process models from event log data produced during the execution of real-world processes. Beyond pure control flow mining, some techniques focus on the discovery of organizational information from event logs. However, a systematic analysis and comparison of these approaches with respect to their suitability for mining {RBAC} models is still missing. This paper works towards filling this gap and provides a first guidance for applying mining techniques for deriving {RBAC} models.},
    number = {132},
    urldate = {2013-02-08},
    booktitle = {Business Process Management Workshops},
    publisher = {Springer},
    author = {Leitner, Maria and Baumgrass, Anne and Schefer-Wenzl, Sigrid and Rinderle-Ma, Stefanie and Strembeck, Mark},
    month = jan,
    year = {2013},
    doi = {10.1007/978-3-642-36285-9_72},
    pages = {719--724}
    }

  • M. Leitner, M. Miller, and S. Rinderle-Ma, “An analysis and evaluation of security aspects in the business process model and notation,” in Proceedings of the 8th international conference on availability, reliability and security (ares), 2013, pp. 262-267. doi:10.1109/ARES.2013.34
    [BibTeX] [Abstract] [URL]

    Enhancing existing business process modeling languages with security concepts has attracted increased attention in research and several graphical notations and symbols have been proposed. How these extensions can be comprehended by users has not been evaluated yet. However, the comprehensibility of security concepts integrated within business process models is of utmost importance for many purposes such as communication, training, and later automation within a process-aware information system. If users do not understand the security concepts, this might lead to restricted acceptance or even misinterpretation and possible security problems in the sequel. In this paper, we evaluate existing security extensions of Business Process Model and Notation (BPMN) as BPMN constitutes the de facto standard in business modeling languages nowadays. The evaluation is conducted along two lines, i.e., a literature study and a survey. The findings of both evaluations identify shortcomings and open questions of existing approaches. This will yield the basis to convey security-related information within business process models in a comprehensible way and consequently, unleash the full effects of security modeling in business processes.

    @inproceedings{leitner_analysis_2013,
    title = {An Analysis and Evaluation of Security Aspects in the Business Process Model and Notation},
    publisher = {{IEEE}},
    booktitle = {Proceedings of the 8th International Conference on Availability, Reliability and Security (ARES)},
    author = {Leitner, Maria and Miller, Michelle and Rinderle-Ma, Stefanie},
    abstract = {Enhancing existing business process modeling languages with security concepts has attracted increased attention in research and several graphical notations and symbols have been proposed. How these extensions can be comprehended by users has not been evaluated yet. However, the comprehensibility of security concepts integrated within business process models is of utmost importance for many purposes such as communication, training, and later automation within a process-aware information system. If users do not understand the security concepts, this might lead to restricted acceptance or even misinterpretation and possible security problems in the sequel. In this paper, we evaluate existing security extensions of Business Process Model and Notation (BPMN) as BPMN constitutes the de facto standard in business modeling languages nowadays. The evaluation is conducted along two lines, i.e., a literature study and a survey. The findings of both evaluations identify shortcomings and open questions of existing approaches. This will yield the basis to convey security-related information within business process models in a comprehensible way and consequently, unleash the full effects of security modeling in business processes.},
    pages = {262-267},
    doi = {10.1109/ARES.2013.34},
    url = {http://dx.doi.org/10.1109/ARES.2013.34},
    year = {2013}
    }

  • M. Leitner, S. Schefer-Wenzl, S. Rinderle-Ma, and M. Strembeck, “An experimental study on the design and modeling of security concepts in business processes,” in Proceedings of the 6th IFIP WG 8.1 working conference on the practice of enterprice modeling (PoEM), 2013, pp. 236-250. doi:10.1007/978-3-642-41641-5_17
    [BibTeX] [Abstract] [URL]

    In recent years, business process models are used to define security properties for the corresponding business information systems. In this context, a number of approaches emerged that integrate security properties into standard process modeling languages. Often, these security properties are depicted as text annotations or graphical extensions. However, because the symbols of process-related security properties are not standardized, different issues concerning the comprehensibility and maintenance of the respective models arise. In this paper, we present the initial results of an experimental study on the design and modeling of 11 security concepts in a business process context. In particular, we center on the semantic transparency of the visual symbols that are intended to represent the different concepts (i.e. the one-to-one correspondence between the symbol and its meaning). Our evaluation showed that various symbols exist which are well-perceived. However, further studies are necessary to dissolve a number of remaining issues.

    @inproceedings{leitner_experimental_2013,
    title = {An Experimental Study on the Design and Modeling of Security Concepts in Business Processes},
    series = {Lecture {Notes} in {Business} {Information} {Processing}},
    booktitle = {Proceedings of the 6th {IFIP} {WG} 8.1 Working Conference on the Practice of Enterprice Modeling ({PoEM)}},
    editor = {Grabis, Janis and Kirikova, Marite and Zdravkovic, Jelena and Stirna, Janis},
    publisher = {Springer},
    author = {Leitner, Maria and Schefer-Wenzl, Sigrid and Rinderle-Ma, Stefanie and Strembeck, Mark},
    isbn = {978-3-642-41640-8 978-3-642-41641-5},
    url = {http://link.springer.com/chapter/10.1007/978-3-642-41641-5_17},
    doi = {10.1007/978-3-642-41641-5\_17},
    abstract = {In recent years, business process models are used to define security properties for the corresponding business information systems. In this context, a number of approaches emerged that integrate security properties into standard process modeling languages. Often, these security properties are depicted as text annotations or graphical extensions. However, because the symbols of process-related security properties are not standardized, different issues concerning the comprehensibility and maintenance of the respective models arise. In this paper, we present the initial results of an experimental study on the design and modeling of 11 security concepts in a business process context. In particular, we center on the semantic transparency of the visual symbols that are intended to represent the different concepts (i.e. the one-to-one correspondence between the symbol and its meaning). Our evaluation showed that various symbols exist which are well-perceived. However, further studies are necessary to dissolve a number of remaining issues.},
    pages = {236-250},
    year = {2013}
    }

  • M. Leitner, “Delta analysis of role-based access control models,” in Proceedings of the 14th international conference on computer aided systems theory (EUROCAST 2013), 2013, p. 507–514. doi:10.1007/978-3-642-53856-8_64
    [BibTeX] [Abstract] [URL]

    Role-based Access Control (RBAC) is de facto standard for access control in Process-aware Information Systems (PAIS); it grants authorization to users based on roles (i.e. sets of permissions). So far, research has centered on the design and run time aspects of RBAC. An evaluation and verification of a RBAC system (e.g., to evaluate ex post which users acting in which roles were authorized to execute permissions) is still missing. In this paper, we propose delta analysis of RBAC models which compares a prescriptive RBAC model (i.e. how users are expected to work) with a RBAC model (i.e. how users have actually worked) derived from event logs. To do that, we transform RBAC models to graphs and analyze them for structural similarities and differences. Differences can indicate security violations such as unauthorized access. For future work, we plan to investigate semantic differences between RBAC models.

    @inproceedings{leitner_delta_2013,
    series = {{LNCS}},
    title = {Delta Analysis of Role-based Access Control Models},
    volume = {8111},
    doi = {10.1007/978-3-642-53856-8_64},
    booktitle = {Proceedings of the 14th International Conference on Computer Aided Systems Theory ({EUROCAST} 2013)},
    publisher = {Springer},
    author = {Leitner, Maria},
    year = {2013},
    abstract = {Role-based Access Control (RBAC) is de facto standard for access control in Process-aware Information Systems (PAIS); it grants authorization to users based on roles (i.e. sets of permissions). So far, research has centered on the design and run time aspects of RBAC. An evaluation and verification of a RBAC system (e.g., to evaluate ex post which users acting in which roles were authorized to execute permissions) is still missing. In this paper, we propose delta analysis of RBAC models which compares a prescriptive RBAC model (i.e. how users are expected to work) with a RBAC model (i.e. how users have actually worked) derived from event logs. To do that, we transform RBAC models to graphs and analyze them for structural similarities and differences. Differences can indicate security violations such as unauthorized access. For future work, we plan to investigate semantic differences between RBAC models.},
    url = {http://dx.doi.org/10.1007/978-3-642-53856-8_64},
    pages = {507--514}
    }

2012

  • M. Leitner, J. Mangler, and S. Rinderle-Ma, “Definition and enactment of instance-spanning process constraints,” in Web information systems engineering – WISE 2012, 2012, p. 652–658. doi:10.1007/978-3-642-35063-4_49
    [BibTeX] [Abstract] [URL]

    Currently, many approaches address the enforcement and monitoring of constraints over business processes. However, main focus has been put on constraint verification for intra-instance process constraints so far, i.e., constraints that affect single instances. Existing approaches addressing instance-spanning constraints only consider certain scenarios. In other words, a holistic approach considering intra-instance, inter-instance, and inter-process constraints is still missing. This paper aims at closing this gap. First of all, we show how the Identification and Unification of Process Constraints ({IUPC)} compliance framework enables the definition of instance-spanning process constraints in a flexible and generic way. Their enactment and enforcement is demonstrated within a prototypical implementation based on a service-oriented architecture.

    @inproceedings{leitner_definition_2012,
    series = {LNCS},
    title = {Definition and Enactment of Instance-Spanning Process Constraints},
    copyright = {©2012 Springer-Verlag Berlin Heidelberg},
    isbn = {978-3-642-35062-7, 978-3-642-35063-4},
    url = {http://link.springer.com/chapter/10.1007/978-3-642-35063-4_49},
    abstract = {Currently, many approaches address the enforcement and monitoring of constraints over business processes. However, main focus has been put on constraint verification for intra-instance process constraints so far, i.e., constraints that affect single instances. Existing approaches addressing instance-spanning constraints only consider certain scenarios. In other words, a holistic approach considering intra-instance, inter-instance, and inter-process constraints is still missing. This paper aims at closing this gap. First of all, we show how the Identification and Unification of Process Constraints ({IUPC)} compliance framework enables the definition of instance-spanning process constraints in a flexible and generic way. Their enactment and enforcement is demonstrated within a prototypical implementation based on a service-oriented architecture.},
    number = {7651},
    urldate = {2013-04-02},
    booktitle = {Web Information Systems Engineering - {WISE} 2012},
    publisher = {Springer},
    author = {Leitner, Maria and Mangler, Juergen and Rinderle-Ma, Stefanie},
    month = jan,
    year = {2012},
    doi = {10.1007/978-3-642-35063-4_49},
    pages = {652--658}
    }

  • P. P. Beran, E. Vinek, E. Schikuta, and M. Leitner, “An adaptive heuristic approach to service selection problems in dynamic distributed systems,” in Proceedings of the IEEE/ACM international workshop on grid computing, 2012, p. 66–75. doi:10.1109/Grid.2012.26
    [BibTeX] [Abstract] [URL]

    Quality-of-Service (QoS) aware service selectionproblems are a crucial issue in both Grids and distributed, service-oriented systems. When several implementations perservice exist, one has to be selected for each workflow step. Several heuristics have been proposed, including blackboardand genetic algorithms. Their applicability and performancehas already been assessed for static systems. In order to coverreal-world scenarios, the approaches are required to deal withdynamics of distributed systems. In this paper, we proposea representation of these dynamic aspects and enhance ouralgorithms to efficiently capture them. The algorithms areevaluated in terms of scalability and runtime performance, taking into account their adaptability to system changes. Bycombining both algorithms, we envision a global approach toQoS-aware service selection applicable to static and dynamicsystems. We prove our hypothesis by deploying the algorithmsin a Cloud environment (Google App Engine) that allows tosimulate and evaluate different system configurations.

    @inproceedings{beran_adaptive_2012,
    title = {An Adaptive Heuristic Approach to Service Selection Problems in Dynamic Distributed Systems},
    issn = {1550-5510},
    doi = {10.1109/Grid.2012.26},
    booktitle = {Proceedings of the {IEEE/ACM} International Workshop on Grid Computing},
    author = {Beran, Peter Paul and Vinek, Elisabeth and Schikuta, Erich and Leitner, Maria},
    year = {2012},
    publisher = {{IEEE} Computer Society},
    url = {http://doi.ieeecomputersociety.org/10.1109/Grid.2012.26},
    abstract = {Quality-of-Service (QoS) aware service selectionproblems are a crucial issue in both Grids and distributed, service-oriented systems. When several implementations perservice exist, one has to be selected for each workflow step. Several heuristics have been proposed, including blackboardand genetic algorithms. Their applicability and performancehas already been assessed for static systems. In order to coverreal-world scenarios, the approaches are required to deal withdynamics of distributed systems. In this paper, we proposea representation of these dynamic aspects and enhance ouralgorithms to efficiently capture them. The algorithms areevaluated in terms of scalability and runtime performance, taking into account their adaptability to system changes. Bycombining both algorithms, we envision a global approach toQoS-aware service selection applicable to static and dynamicsystems. We prove our hypothesis by deploying the algorithmsin a Cloud environment (Google App Engine) that allows tosimulate and evaluate different system configurations.},
    pages = {66--75}
    }

2011

  • M. Leitner, “Security policies in adaptive process-aware information systems: existing approaches and challenges,” in 2011 sixth international conference on availability, reliability and security (ARES), 2011, p. 686–691. doi:10.1109/ARES.2011.107
    [BibTeX] [Abstract] [URL]

    Enabling security is one of the key challenges in adaptive Process-Aware Information Systems ({PAIS).} Since automating business processes involves many participants, uses private and public data, and communicates with external services security becomes inevitable. In current systems, security is enforced by an access control model and supplementary constraints imposed on workflow activities. However, existing systems provide individual implementations for security policies (e.g. separation of duties) and leave out other constraints (e.g. inter-process constraints). What is missing is a systematic analysis of security policies in {PAIS.} Hence, in this paper, we display state of the art and provide a taxonomy of security policies in {PAIS.} Furthermore, a detailed analysis of research challenges and issues is presented. We will show that there are still shortcomings and identify important requirements for security in {PAIS.} We will also point out open questions related to specifying, modeling, and changing security policies which will provide a road map for future research.

    @inproceedings{leitner_security_2011,
    title = {Security Policies in Adaptive Process-Aware Information Systems: Existing Approaches and Challenges},
    isbn = {978-1-4577-0979-1},
    shorttitle = {Security Policies in Adaptive Process-Aware Information Systems},
    doi = {10.1109/ARES.2011.107},
    abstract = {Enabling security is one of the key challenges in adaptive Process-Aware Information Systems ({PAIS).} Since automating business processes involves many participants, uses private and public data, and communicates with external services security becomes inevitable. In current systems, security is enforced by an access control model and supplementary constraints imposed on workflow activities. However, existing systems provide individual implementations for security policies (e.g. separation of duties) and leave out other constraints (e.g. inter-process constraints). What is missing is a systematic analysis of security policies in {PAIS.} Hence, in this paper, we display state of the art and provide a taxonomy of security policies in {PAIS.} Furthermore, a detailed analysis of research challenges and issues is presented. We will show that there are still shortcomings and identify important requirements for security in {PAIS.} We will also point out open questions related to specifying, modeling, and changing security policies which will provide a road map for future research.},
    booktitle = {2011 Sixth International Conference on Availability, Reliability and Security ({ARES)}},
    publisher = {{IEEE}},
    author = {Leitner, Maria},
    month = aug,
    year = {2011},
    pages = {686--691},
    url = {http://dx.doi.org/10.1109/ARES.2011.107}
    }

  • M. Leitner, S. Rinderle-Ma, and J. Mangler, “AW-RBAC: access control in adaptive workflow systems,” in 2011 sixth international conference on availability, reliability and security (ARES), 2011, p. 27–34. doi:10.1109/ARES.2011.15
    [BibTeX] [Abstract] [URL]

    Flexibility is one of the key challenges for Workflow Systems nowadays. Typically, a workflow covers the following four aspects which might all be subject to change: control flow, data flow, organizational structures, and application components (services). Existing work in research and practice shows that changes must be applied in a controlled manner in order to avoid security problems. In this context, attempts have been made to manage administrative or operative changes using role-based access control ({RBAC)} models. However, most approaches focus on either administrative changes such as role updating and administration or operative changes, for example, inserting a new activity into a running workflow instance. The distinct handling of certain changes is cumbersome and hence should be reduced by introducing a {RBAC} model that pays attention to all kinds of possible workflow changes. Hence, in this paper, we present an extended {RBAC} model for adaptive workflow systems ({AW-RBAC)} that includes change operations and a variety of objects that are subject to change within workflow systems. Under such a model supervised administrative and operative changes can be enforced on a set of objects in workflow systems. Doing so, the {AW-RBAC} model improves security during workflow changes and reduces administration costs. The {AW-RBAC} model is evaluated by means of practical examples and a proof-of-concept implementation.

    @inproceedings{leitner_aw-rbac:_2011,
    title = {{AW-RBAC:} Access Control in Adaptive Workflow Systems},
    isbn = {978-1-4577-0979-1},
    shorttitle = {{AW-RBAC}},
    abstract = {Flexibility is one of the key challenges for Workflow Systems nowadays. Typically, a workflow covers the following four aspects which might all be subject to change: control flow, data flow, organizational structures, and application components (services). Existing work in research and practice shows that changes must be applied in a controlled manner in order to avoid security problems. In this context, attempts have been made to manage administrative or operative changes using role-based access control ({RBAC)} models. However, most approaches focus on either administrative changes such as role updating and administration or operative changes, for example, inserting a new activity into a running workflow instance. The distinct handling of certain changes is cumbersome and hence should be reduced by introducing a {RBAC} model that pays attention to all kinds of possible workflow changes. Hence, in this paper, we present an extended {RBAC} model for adaptive workflow systems ({AW-RBAC)} that includes change operations and a variety of objects that are subject to change within workflow systems. Under such a model supervised administrative and operative changes can be enforced on a set of objects in workflow systems. Doing so, the {AW-RBAC} model improves security during workflow changes and reduces administration costs. The {AW-RBAC} model is evaluated by means of practical examples and a proof-of-concept implementation.},
    language = {English},
    booktitle = {2011 Sixth International Conference on Availability, Reliability and Security ({ARES)}},
    publisher = {{IEEE}},
    author = {Leitner, Maria and Rinderle-Ma, Stefanie and Mangler, Jurgen},
    month = aug,
    year = {2011},
    pages = {27--34},
    url = {http://dx.doi.org/10.1109/ARES.2011.15},
    doi = {10.1109/ARES.2011.15}
    }

  • M. Leitner, J. Mangler, and S. Rinderle-Ma, “SPRINT-Responsibilities: design and development of security policies in process-aware information systems,” Journal of wireless mobile networks, ubiquitous computing, and dependable applications (JoWUA), vol. 2, iss. 4, p. 4–26, 2011.
    [BibTeX] [URL]
    @article{leitner_sprint-responsibilities:_2011,
    title = {{SPRINT-Responsibilities:} Design and Development of Security Policies in Process-aware Information Systems},
    volume = {2},
    number = {4},
    journal = {Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications ({JoWUA)}},
    author = {Leitner, Maria and Mangler, Juergen and Rinderle-Ma, Stefanie},
    year = {2011},
    url = {http://isyou.info/jowua/papers/jowua-v2n4-1.pdf},
    note = {Open Access},
    note = {Process-Aware Information Systems (PAIS) enable the definition, execution, and management of business processes. Typically, processes are specified by control flow, data flow, and users or services, authorized to execute process tasks. During process execution, it is often necessary to access sensitive data such as patient or customer information. To secure this confidential data, the use of security policies becomes an essential factor for the application of PAIS in practice. In general, PAIS security policies are specified based on access rules and authorization constraints. On top of these rules, context policies referring to data, location, or time might pose restrictions. Over the years, several approaches for modeling and enforcing security policies in PAIS have appeared. Many of them restrict security policy specification to access rules and authorization constraints, but neglect additional properties such as context information. As a further limitation, security policies are often defined in a heterogeneous way: whereas access rules are mostly defined at process task level leading to a merge of process logic and security aspects, additional policies such as authorization constraints are defined separately from the process logic. Consequently, security policies are not stored and managed centrally, but are rather distributed over different PAIS components, for example, the process model repository or the organizational model manager. In this paper, we introduce the formal concepts behind our SPRINT approach that aims at the consequent separation of security policies and process logic. Specifically, the SPRINT security policy data model and design methodology based on the concepts of responsibilities, permissions, and constraints will be provided. The concepts are evaluated based on a comparison with existing PAIS and a demonstration of the SPRINT prototype. The goal is to unify diverse security policies in different PAIS subsystems, to make security policies independent of these subsystems in order to restrain complexity from process modeling and evolution, and to allow for comprehensive security policy development and maintenance.},
    pages = {4--26}
    }

  • M. Leitner, S. Rinderle-Ma, and J. Mangler, “Responsibility-driven design and development of process-aware security policies,” in 2011 sixth international conference on availability, reliability and security (ARES), 2011, p. 334–341. doi:10.1109/ARES.2011.56
    [BibTeX] [Abstract] [URL]

    Process-Aware Information Systems (PAIS) enable the automated support of business processes that are executed by a combination of human actors and systems. As processes typically require access to sensitive data, security policies are of high importance. Typically security policies in PAIS range from access rules and authorization constraints to context policies (location, time) and are scattered over the multitude of heterogeneous PAIS components, i.e. process models, repositories, organizational structures, etc. Currently, different approaches for modeling and enforcing security policies exist that assume a set of explicitly defined security policies. Because of aforementioned heterogeneity, these approaches are suboptimal for PAIS. In order to improve upon existing approaches we present a security policy data model and design methodology, based on the concept of responsibilities, permissions and constraints. The goal is to not only unify diverse security policies in different PAIS subsystems, but also to make security policies independent of these subsystems to restrain complexity from process modeling and evolution, and to allow for comprehensive security policy development and maintenance.

    @inproceedings{leitner_responsibility-driven_2011,
    title = {Responsibility-driven Design and Development of Process-aware Security Policies},
    booktitle = {2011 Sixth International Conference on Availability, Reliability and Security ({ARES)}},
    publisher = {{IEEE}},
    author = {Leitner, Maria and Rinderle-Ma, Stefanie and Mangler, Juergen},
    year = {2011},
    abstract = {Process-Aware Information Systems (PAIS) enable the automated support of business processes that are executed by a combination of human actors and systems. As processes typically require access to sensitive data, security policies are of high importance. Typically security policies in PAIS range from access rules and authorization constraints to context policies (location, time) and are scattered over the multitude of heterogeneous PAIS components, i.e. process models, repositories, organizational structures, etc. Currently, different approaches for modeling and enforcing security policies exist that assume a set of explicitly defined security policies. Because of aforementioned heterogeneity, these approaches are suboptimal for PAIS. In order to improve upon existing approaches we present a security policy data model and design methodology, based on the concept of responsibilities, permissions and constraints. The goal is to not only unify diverse security policies in different PAIS subsystems, but also to make security policies independent of these subsystems to restrain complexity from process modeling and evolution, and to allow for comprehensive security policy development and maintenance.},
    url = {http://dx.doi.org/10.1109/ARES.2011.56},
    pages = {334--341},
    doi = {10.1109/ARES.2011.56}
    }

2010

  • S. Rinderle-Ma and M. Leitner, “On evolving organizational models without losing control on authorization constraints in web service orchestrations,” in Proceedings of the 12th IEEE conference on commerce and enterprise computing (CEC), 2010, p. 128–135. doi:10.1109/CEC.2010.17
    [BibTeX] [Abstract] [URL]

    Providing adequate access control is crucial for the proper execution of any Web Service ({WS)} orchestration. Typically, access rules and authorization constraints are defined for a {WS} orchestration and are resolved over an organizational model at runtime in order to find authorized users to perform orchestration tasks. As known from many practical studies, organizational models are frequently subject to change (e.g., outsourcing or restructuring). Although the effects of organizational changes on access rules have been investigated so far, their effects on authorization constraints remain still completely unclear, albeit violating authorization constraints might lead to severe problems such as security holes. In this paper, we systematically investigate the effects of organizational changes on authorization constraints and propose different strategies to cope with possible violations. We evaluate our results along the most common types of authorization constraints and discuss the impact of the selected implementation choice.

    @inproceedings{rinderle-ma_evolving_2010,
    title = {On Evolving Organizational Models without Losing Control on Authorization Constraints in Web Service Orchestrations},
    isbn = {978-1-4244-8433-1},
    doi = {10.1109/CEC.2010.17},
    abstract = {Providing adequate access control is crucial for the proper execution of any Web Service ({WS)} orchestration. Typically, access rules and authorization constraints are defined for a {WS} orchestration and are resolved over an organizational model at runtime in order to find authorized users to perform orchestration tasks. As known from many practical studies, organizational models are frequently subject to change (e.g., outsourcing or restructuring). Although the effects of organizational changes on access rules have been investigated so far, their effects on authorization constraints remain still completely unclear, albeit violating authorization constraints might lead to severe problems such as security holes. In this paper, we systematically investigate the effects of organizational changes on authorization constraints and propose different strategies to cope with possible violations. We evaluate our results along the most common types of authorization constraints and discuss the impact of the selected implementation choice.},
    language = {English},
    booktitle = {Proceedings of the 12th {IEEE} Conference on Commerce and Enterprise Computing ({CEC)}},
    publisher = {{IEEE}},
    url = {http://dx.doi.org/10.1109/CEC.2010.17},
    author = {Rinderle-Ma, Stefanie and Leitner, Maria},
    month = nov,
    year = {2010},
    pages = {128--135}
    }