On the prevention of fraud and privacy exposure in process information flow

INFORMS Journal on Computing

Volumn 24, Issue 3, 2012, Pages 416-432

  Bai, Xue ^a   Gopal, Ram ^a   Nunez, Manuel ^a   Zhdanov, Dmitry ^a  

^a UNIVERSITY OF CONNECTICUT   (United States)

Author keywords

Data privacy; Information security; Open Jackson networks; Queueing theory; Workflow optimization

Indexed keywords

COMPLEX WORKFLOWS; CONFIDENTIAL DATA; DATA EXPOSURE; DATA INTERCHANGE; DIGITAL TRANSFORMATION; ELECTRONIC PAYMENT SYSTEMS; EMPLOYEE SKILLS; IMPLEMENTATION ANALYSIS; IN-PROCESS; INTERNAL SECURITY; JACKSON; JACKSON NETWORKS; NETWORK MODELING; ON-LINE BANKING; OPERATIONAL COSTS; OPTIMAL STAFFING; PRIVATE INFORMATION; ROLE-BASED ACCESS CONTROL; SECURITY CONSIDERATIONS; SECURITY REQUIREMENTS; SECURITY VULNERABILITIES; WORK-FLOWS; WORKFLOW OPTIMIZATION;

DATA PRIVACY; DISTRIBUTED COMPUTER SYSTEMS; HEALTH CARE; ONLINE SYSTEMS; OPTIMIZATION; QUEUEING THEORY; SECURITY OF DATA;

METADATA;

EID: 84867511196     PISSN: 10919856     EISSN: 15265528     Source Type: Journal    
DOI: 10.1287/ijoc.1110.0461     Document Type: Article

References (46)

1. Adam, N. R., V. Alturi, W.-K. Huang. 1998. Modeling and analysis of workflows using Petri nets. J. Intelligent Inform. Systems 10(2) 131-158.
2. Association of Certified Fraud Examiners. 2010. Report to the nations on occupational fraud and abuse. Report, ACFE, Austin, TX. http://butest.acfe.com/ rttn/rttn-2010.pdf.
3. Atluri, V., S. A. Chun, P. Mazzoleni. 2004. Chinese wall security for decentralized workflow management systems. J. Comput. Security 12(6) 799-840.
4. Berman, O., R. C. Larson, E. Pinker. 1997. Scheduling workforce and workflow in a high volume factory. Management Sci. 43(2) 158-172.
5. Bertino, E., P. A. Bonatti, E. Ferrari. 2001. TRBAC: A temporal rolebased access control model. ACM Trans. Inform. System. Security 4(3) 191-233.
6. Bertino, E., E. Ferrari, V. Atluri. 1999. The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inform. System Security 2(1) 65-104.
7. Bhat, U. N. 2008. An Introduction to Queueing Theory: Modeling and Analysis in Applications. Birhäuser Boston, Boston.
8. Biennier, F., J. Favrel. 2005. Collaborative business and data privacy: Toward a cyber-control? Comput. Indust. 56(4) 361-370.
9. Bolch, S. Greiner, G., H. de Meer, K. S. Trivedi. 1998. Queueing Networks and Markov Chains: Modeling and Performance Evaluation with Computer Science Applications. John Wiley & Sons, New York.
10. Botha, R. A., J. H. P. Eloff. 2001. Separation of duties for access control enforcement in workflow environments. IBM Systems J. 40(3) 666-682.
11. Brandic, I., S. Pllana, S. Benkner. 2008. Specification, planning, and execution of QoS-aware grid workflows within the Amadeus environment. Concurrency Comput.: Practice Experience 20(4) 331-345.
12. Bussler, C. J. 1994. Policy resolution in workflow management systems. Digital Tech. J. 6(4) 26-49.
13. Casati, F., S. Castano, M. Fugini. 2001. Managing workflow authorization constraints through active database technology. Inform. Systems Frontiers 3(3) 319-338.
14. Chen, H., D. D. Yao. 2001. Fundamentals of Queueing Networks: Performance, Asymptotics, and Optimization. Springer, New York.
15. Chen, W. N., J. Zhang. 2009. An ant colony optimization approach to a grid workflow scheduling problem with various QoS requirements. IEEE Trans. Systems, Man, Cybernetics 39(1) 29-43.
16. Computer Security Institute. 2009. The 14th annual CSI computer crime and security survey. Report, CSI, New York. http://www.pathmaker.biz/whitepapers/ CSISurvey2009.pdf.
17. Coombes, A. 2008. IRS employee sentenced for snooping. Market-Watch (August 20), http://www.marketwatch.com/story/irsworker-snooped-on-tax-records- of-almost-200-celebrities.
18. Culnan, M. J., P. K. Armstrong. 1999. Information privacy concerns, procedural fairness and impersonal trust: An empirical investigation. Organ. Sci. 10(1) 104-115.
19. Dewan, R., A. Seidmann, Z. Walter. 1998. Workflow optimization through task redesign in business information processes. Proc. 31st Annual Hawaii Internat. Conf. System Sci., Vol. 1. IEEE Computer Society, Washington, DC, 240-252.
20. Domingos, D., A. Rito-Silva, P. Veiga. 2003. Authorization and access control in adaptive workflows. E. Snekkenes, D. Gollmann, eds. Comput. Security-ESORICS 2003. Lecture Notes Computer Science, Vol. 2808. Springer, Berlin, 23-38.
21. Eder, J., M. Ninaus, H. Pichler. 2003. Personal schedules for workflow systems. A. ter Hofstede, M. Weske, eds. Proc. Internat. Conf. Bus. Process Management. Lecture Notes Computer Science, Vol. 2678, Springer, Berlin, 216-231.
22. Fischer, L., ed. 2007. BPM and Workflow Handbook. Future Strategies Inc., Lighthouse Point, FL.
23. Garey, M. R., D. S. Johnson. 2002. Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman and Company, New York.
24. Garfinkel, R., R. D. Gopal, P. Goes. 2002. Privacy protection of binary confidential data against deterministic, stochastic, and insider threat. Management Sci. 48(6) 749-764.
25. Garfinkel, R., R. D. Gopal, M. A. Nunez, D. O. Rice. 2006. Secure electronic markets for private information. IEEE Trans. Systems, Man Cybernetics 36(3) 461-471.
26. Gong, L., X. Qian. 1996. Computational issues in secure interoperation. IEEE Trans. Software Engrg. 22(1) 43-52.
27. Gross, D., J. F. Shortle, J. M. Thompson, C. M. Harris. 2008. Fundamentals of Queueing Theory, 4th ed. John Wiley & Sons, New York.
28. GVU Center. 1997. GVU's seventh WWW user survey. Georgia Institute of Technology, Atlanta. http://www.cc.gatech.edu/gvu/user-surveys/survey-1997-04.
29. Hong, J. I., J. D. Ng, S. Lederer, J. A. Landay. 2004. Privacy risk models for designing privacy-sensitive ubiquitous computing systems. DIS '04: Proc. 5th Conf. Designing Interactive Systems, ACM, New York, 91-100.
30. Hung, P. C. K., K. Karlapalem. 2003. A secure workflow model. Proc. Australasian Inform. Security Workshop, Vol. 21. Australian Computer Society, Darlinghurst, Australia, 33-41.
31. Kang, M. H., J. S. Park, J. N. Froscher. 2001. Access control mechanisms for inter-organizational workflow. Proc. 6th ACM Sympos. Access Control Models Tech. SACMAT, New York, USA, 66-74.
32. Menon, S., S. Sarkar. 2007. Minimizing information loss and preserving privacy. Management Sci. 53(1) 101-116.
33. Mohajer, S. T. 2008. Former UCLA hospital worker admits selling records. Associated Press. (December 1), http://www.breitbart.com/article.php?id= D94Q8LJ80&show-article=1.
34. Olivero, N., P. Lunt. 2004. Privacy versus willingness to disclose in e-commerce exchanges: The effect of risk awareness on the relative role of trust and control. J. Econom. Psych. 25(2) 243-262.
35. Povey, D. 2000. Optimistic security: A new access control paradigm. Proc. 1999 Workshop on New Security Paradigms, ACM, New York, 40-45.
36. Serfozo, R. 1999. Introduction to Stochastic Networks. Springer, New York.
37. Sharp, A., P. McDermott. 2009. Workflow Modeling: Tools for Process Improvement and Applications Development, 2nd ed. Artech House, Norwood, MA.
38. Shen, M., G.-H. Tzeng, D.-R. Liu. 2003. Multi-criteria task assignment in workflow management systems. 36th Annual Hawaii Internat. Conf. System Sci., Big Island, HI, 6-9.
39. Thomas, R. K. 1997. Team-based access control (TMAC): A primitive for applying role-based access controls in collaborative environments. Proc. 2nd ACM Workshop Role-Based Access Control, ACM, New York, 13-19.
40. Tolone, W., G.-J. Ahn, T. Pai, S.-P. Hong. 2005. Access control in collaborative systems. ACM Comput. Surveys 37(1) 29-41.
41. van der Aalst, W., K. van Hee. 2004. Workflow Management: Models, Methods, and Systems. MIT Press, Cambridge, MA.
42. Verjee, Z., J. Yellin, T. Frieden, T. Barrett. 2008. Obama urges inquiry into passport snooping. CNN (March 21), http://www.cnn.com/2008/POLITICS/03/21/ obama.passport/index.html.
43. Wainer, J., A. Kumar, P. Barthelmess. 2007. DW-RBAC: A formal security model of delegation and revocation in workflow systems. Inform. Syststems 3(3) 365-384.
44. Wu, S., A. Sheth, J. Miller, Z. Luo. 2002. Authorization and access control of application data in workflow systems. J. Intelliegent Inform. Systems. 18(1) 71-94.
45. Yu, J., R. Buyya. 2005. A taxonomy of workflow management systems for grid computing. J. Grid Comput. 3(3-4) 171-200.
46. Yu, J., R. Buyya. 2006. Scheduling scientific workflow applications with deadline and budget constraints using genetic algorithms. Sci. Programming J. 14(3-4) 217-230.