Decentralised and Collaborative Auditing of Workflows

Antonio Nehme, Vitor Jesus, Khaled Mahbub, Ali Abdallah

Research output: Chapter in Book/Published conference outputConference publication

Abstract

Workflows involve actions and decision making at the level of each participant. Trusted generation, collection and storage of evidence is fundamental for these systems to assert accountability in case of disputes. Ensuring the security of audit systems requires reliable protection of evidence in order to cope with its confidentiality, its integrity at generation and storage phases, as well as its availability. Collusion with an audit authority is a threat that can affect all these security aspects, and there is room for improvement in existent approaches that target this problem.

This work presents an approach for workflow auditing which targets security challenges of collusion-related threats, covers different trust and confidentiality requirements, and offers flexible levels of scrutiny for reported events. It relies on participants verifying each other’s reported audit data, and introduces a secure mechanism to share encrypted audit trails with participants while protecting their confidentiality. We discuss the adequacy of our audit approach to produce reliable evidence despite possible collusion to destroy, tamper with, or hide evidence.
Original languageEnglish
Title of host publicationTrust, Privacy and Security in Digital Business
Subtitle of host publicationTrustBus 2019
EditorsS. Gritzalis, E. Weippl, S. Katsikas, G. Anderst-Kotsis, A. Tjoa, I. Khalil
PublisherSpringer
Pages129–144
ISBN (Electronic)9783030278137
ISBN (Print)9783030278120
DOIs
Publication statusPublished - 2 Aug 2019

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume11711

Fingerprint

Dive into the research topics of 'Decentralised and Collaborative Auditing of Workflows'. Together they form a unique fingerprint.

Cite this