Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Presentation for CISIS 2012
1. A Security Pattern-Driven Approach Toward the
Automation of Risk Treatment in Business
Processes
MSc. Ángel Jesús Varela Vaca
Higher Technical School of Computer Engineering -
Department of Computer Languages and Systems - Quivir Research Group
University of Seville
contact: ajvarela@us.es
2. Outline
Context
OPBUS: Automatic Risk Assessment in BPs
Security Patterns, theory and models
Case of study
OPBUS: A prototype
Ongoing work
3. Context Sequence
(Work flow)
Participants
External
Activites (Task) Services
Messages
(Data flow)
What about risks?
Q
Events Artifacts (Data
(Work Flow) Store/Annotation) What about security?
What about implementation?
Main Challenges:
• Business goals (time, cost, resources) Business Process Models
• Could we ensure that BP models are conformed to specific risk
level?? Risk assessment
* M. Menzel, I. Thomas, and C. Meinel, “Security requirements specification in service-oriented business process
management,” International Conference on Availability, Reliability and Security vol. 0, pp. 41–48, 2009.
* C. Wolter, M. Menzel, A. Schaad, P. Miseldine, and C. Meinel, “Model-driven business process security requirement
specification,” Journal of Systems Architecture – Embedded Systems Design, vol. 55, no. 4, pp. 211–223, 2009.
4. Context
BPi
Activity Channel of
Customers/ Start communication
BPMS
Users
Main challenges:
1. How to “describe” the countermeasures in Security Countermeasure:
Secure pipe
business processes? Fault Tolerance
Access control
2. Countermeasures are very heterogeneous.
3. Countermeasures are described in natural
language and informal way.
Application Web DataBase Legacy
4. The selection of countermeasures is carried Web Server
Server Service System
out in manual way without criteria.
Business/Logical
Confidentiality Integrity Availability
Security Goals
Domain
Regulations/
Standards Security Patterns
Secure Protocol
Models !!!
Technnical /
Standards
Network Layer Application Layer Transport Layer
Application/ Infrastructure
Domain
IPSec
S-HTTP HTTPS (SSL/TLS)
Configuration/
Code
require
OpenSSL Apache (mod_ssl) JSSE GnuTLS
5. OPBUS – Automatic Risk Assessment in BPS
Main challenges:
1. What is a security risk?! Security risks are related to threats and
vulnerabilities
• Technical risks (SQL Injections, XSS, DoS, Protocols, …)
• No-design failures/changes of business processes (live locks, dead
locks, …)
2. How to assess BP models ?! Activities Data WebForms
3. How to figure out where/why fail to conform risk levels?!
4. How to adapt solutions to the assessment carried out ?!
6. OPBUS – Automatic Risk Assessment in BPS
• Provide a light-extension for generic BP models
• Provide a DSL for risk assessment of BPs
• New artifact
• New properties
I: [3,5]
C: [5,5]
A: [1,6] Frequency: [1,6]
Threats: {R1,R3,R6} Consequence: [2,3]
Vulnerability: V1 Frequency: [3,6]
Consequence: [1,5]
Risk= Value * Frequency * Consequence A1
Vulnerability: V2
RiskBP = RiskA1 + RiskA2 G1 G2 Threat Scenario
BPi
S1 E1
R3 R2
A2 R6
R1 R4 R5
I: [3,5] Threats
C: [5,5]
A: [1,6]
Threats: {R1,R3,R6} T1 T2
Treatments
Extension Meta-Model Business Meta-Model Business Process Meta-Model
Risk Reduction: [10,20]%
Acceptable Risk Reduction: [10,30]% Cost: 10.000
Integrity Risk Cost: 1000
Confidentiality Asset Value
1 Process Model Model Element Property
Availability Cost
Risk Meta-Model
1
Pre 1..*
Objective Message Flow
Frenquency
1
Post 1
Pool
1..*
Connector
Sequence
In general, risk assessment methods use:
- Asset: Low or 1 SINGLE VALUE
1 Flow
Consequence
1..* Vulnerability 1
1..*
1..*
Threat
1..* Threat
Countermeasure
1..*
1..*
Treatment
1..* Scenario 1..*
Activity
1..*
Events
1..*
Gateway
1..* 1..*
Artefact
1..*
OPBUS approach is more accurate:
- Asset: [1,5] RANGE
1
Risk Scenario
Reduction
8. OPBUS – IDE for BP risk assessment
• Eclipse Plug-in
• BPMN Modeller with support
for the risk extension
• Transform. to Const. Prog.
• Visual – Diagnosis of BPs
10. OPBUS – Security Patterns, theory and models
Christopher Alexander in 1977: “A pattern describes a problem which
occurs over and over again our environment, and then describes the core
of the solution to that pattern“
• We found an standard/template representation !!!
• Still being very textual and natural Let’s model security patterns
11. Security Patterns, theory and models
Example of an extended security pattern template:
Label to describe security
intentions to implement
Indicates the security goals
to fulfill
Indicates el type of risk
treatment
Describes the attributes
concerning to the context
Describe the constraints
that exist in the business
process that affect the
problem
12. Security Patterns, theory and models
• Ontological represention of concepts
• Extending security pattern info.
13. Security Patterns, theory and models
Customizable models
ISO 27000-series
UML QoS
and FT
Common
Weakness
Enumeration
(CWE)
15. Case of study Catalogue Security Patterns
Example Scenario (BPMS –
Web Services – Web Forms)
16. Case of study
Forces
Context
AI techniques
for optimized
searchs
Objective
function
Process of selection based
on attributes and constraint
of security patterns
19. Ongoing works
Generation and selection of the best configuration from security patterns
1. Analyze features of typical
BPi
Customers/ BPMS
Start
Activity
SSL/TLS
countermeasures in order to achieve
Users
security goals of
Confidentiality info. Encryption/Decryption info. confidentiality, availability, integrity
Authentication Digital Signatures
Information Integrity Message Authentication Code
, authorization and authentication
(Done)
Web Server Application Web DataBase Legacy
Server Service System
Apache (SSL/TLS)
SecurityLevel = {High}
Algorithm CipherSuite ClientAuth Port KeyStore Trust Protocol
SecurityLevel = {High}
Attributes/Extra-
true want false Type Pass File File Pass Type SSLv2.0 TLSv1.X SSLv3
func.
Cross-Relations
Optional
SecurityLevel = {Medium}
JKS PKCS12 PKCS11 JKS PKCS12 PKCS11
Mandatory
Alternative exclude
Or-alternative require
20. Ongoing works
Selection of the best configuration from security patterns:
2. Define a catalogue of security patterns by means of feature models (Done)
3. Apply feature-oriented model analysis in order to obtain configurations based on
objectives functions (Done)
4. Integrate the generation of configuration through feature model analysis in
OPBUS plugin (In progress)
Risk Treatment Catalogue
Security
Countermeasures
Security 1.
Security Pattern 3 Problem
Config.
Context
Pattern 1 Security Force
Problem Pattern 5
Problem Security Context
Context Pattern 2 Force Security Feature
Problem
Pattern 4
Force
Context
analyser 2. Problem
Problem Force Config.
Solution Context
Problem
Force Force
Context
Force
Feature
model
Feature
Feature Feature
model
model model
21. Thank you
MSc. Ángel Jesús Varela Vaca
Higher Technical School of Computer Engineering -
Department of Computer Languages and Systems - Quivir Research Group
University of Seville
contact: ajvarela@us.es