TY - null TI - Insider Attack Identification and Prevention in Collection-Oriented Dataflow-Based Processes T2 - IEEE Systems Journal SP - 1 EP - 12 AU - A. Sarkar AU - S. Köhler AU - B. Ludäscher AU - M. Bishop PY - 2015 KW - Data models KW - Electronic mail KW - Nominations and elections KW - Object oriented modeling KW - Privacy KW - Robustness KW - Semantics KW - Data privacy KW - graphical models KW - human factors KW - logic programming DO - 10.1109/JSYST.2015.2477472 JO - IEEE Systems Journal IS - 99 SN - 1932-8184 VO - PP VL - PP JA - IEEE Systems Journal Y1 - AB - We introduce an approach of automatically identifying attacks by insider agents on dataflow-based processes having a collection-oriented data model and then improving the processes to prevent the attacks against them. Some process data, if used by some agents via steps at certain points of timeline, will lead to a privacy attack. A manual identification of these vulnerable data and rogue agents is quite tedious; thus, our approach automatically performs these identifications. We model a process and an attack based on a directed acyclic graph, with steps, reading and writing data, and controlled by agents. Then, we perform a declarative implementation to find out if this attack model can be mapped onto the process model based on some similarity criteria. If these criteria are met, we conclude that the attack model is “similar enough” to the process model to be successfully realized through it. Each possible way of mapping shows an avenue of attack on the process. Agent collusion scenarios are also identified. Finally, our approach automatically identifies process improvement opportunities and iteratively exploits them, thereby eliminating attack avenues. ER -