Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

Presentation for CISIS 2012

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Wird geladen in …3
×

Hier ansehen

1 von 21 Anzeige
Anzeige

Weitere Verwandte Inhalte

Andere mochten auch (19)

Anzeige

Ähnlich wie Presentation for CISIS 2012 (20)

Aktuellste (20)

Anzeige

Presentation for CISIS 2012

  1. 1. A Security Pattern-Driven Approach Toward the Automation of Risk Treatment in Business Processes MSc. Ángel Jesús Varela Vaca Higher Technical School of Computer Engineering - Department of Computer Languages and Systems - Quivir Research Group University of Seville contact: ajvarela@us.es
  2. 2. Outline  Context  OPBUS: Automatic Risk Assessment in BPs  Security Patterns, theory and models  Case of study  OPBUS: A prototype  Ongoing work
  3. 3. Context Sequence (Work flow) Participants External Activites (Task) Services Messages (Data flow) What about risks? Q Events Artifacts (Data (Work Flow) Store/Annotation) What about security? What about implementation? Main Challenges: • Business goals (time, cost, resources)  Business Process Models • Could we ensure that BP models are conformed to specific risk level??  Risk assessment * M. Menzel, I. Thomas, and C. Meinel, “Security requirements specification in service-oriented business process management,” International Conference on Availability, Reliability and Security vol. 0, pp. 41–48, 2009. * C. Wolter, M. Menzel, A. Schaad, P. Miseldine, and C. Meinel, “Model-driven business process security requirement specification,” Journal of Systems Architecture – Embedded Systems Design, vol. 55, no. 4, pp. 211–223, 2009.
  4. 4. Context BPi Activity Channel of Customers/ Start communication BPMS Users Main challenges: 1. How to “describe” the countermeasures in Security Countermeasure: Secure pipe business processes? Fault Tolerance Access control 2. Countermeasures are very heterogeneous. 3. Countermeasures are described in natural language and informal way. Application Web DataBase Legacy 4. The selection of countermeasures is carried Web Server Server Service System out in manual way without criteria. Business/Logical Confidentiality Integrity Availability Security Goals Domain Regulations/ Standards Security Patterns Secure Protocol Models !!! Technnical / Standards Network Layer Application Layer Transport Layer Application/ Infrastructure Domain IPSec S-HTTP HTTPS (SSL/TLS) Configuration/ Code require OpenSSL Apache (mod_ssl) JSSE GnuTLS
  5. 5. OPBUS – Automatic Risk Assessment in BPS Main challenges: 1. What is a security risk?! Security risks are related to threats and vulnerabilities • Technical risks (SQL Injections, XSS, DoS, Protocols, …) • No-design failures/changes of business processes (live locks, dead locks, …) 2. How to assess BP models ?! Activities  Data  WebForms 3. How to figure out where/why fail to conform risk levels?! 4. How to adapt solutions to the assessment carried out ?!
  6. 6. OPBUS – Automatic Risk Assessment in BPS • Provide a light-extension for generic BP models • Provide a DSL for risk assessment of BPs • New artifact • New properties I: [3,5] C: [5,5] A: [1,6] Frequency: [1,6] Threats: {R1,R3,R6} Consequence: [2,3] Vulnerability: V1 Frequency: [3,6] Consequence: [1,5] Risk= Value * Frequency * Consequence A1 Vulnerability: V2 RiskBP = RiskA1 + RiskA2 G1 G2 Threat Scenario BPi S1 E1 R3 R2 A2 R6 R1 R4 R5 I: [3,5] Threats C: [5,5] A: [1,6] Threats: {R1,R3,R6} T1 T2 Treatments Extension Meta-Model Business Meta-Model Business Process Meta-Model Risk Reduction: [10,20]% Acceptable Risk Reduction: [10,30]% Cost: 10.000 Integrity Risk Cost: 1000 Confidentiality Asset Value 1 Process Model Model Element Property Availability Cost Risk Meta-Model 1 Pre 1..* Objective Message Flow Frenquency 1 Post 1 Pool 1..* Connector Sequence In general, risk assessment methods use: - Asset: Low or 1  SINGLE VALUE 1 Flow Consequence 1..* Vulnerability 1 1..* 1..* Threat 1..* Threat Countermeasure 1..* 1..* Treatment 1..* Scenario 1..* Activity 1..* Events 1..* Gateway 1..* 1..* Artefact 1..* OPBUS approach is more accurate: - Asset: [1,5]  RANGE 1 Risk Scenario Reduction
  7. 7. OPBUS – Automatic Risk Assessment in BPS CSP Solver Info. COMET Solver COMET Model BP+Risk Choco Diagnosis Diagnosis Model Solver worklfows activities/artefacts Choco Model COMET Solver Risk Formula info. Automatic Jsolver Model Risk Assessment Potential F1: {RS,NP,PP,FW} Non- Variables: {IntegrityA1: [1,3], ConfidentialityA1: execution Activity Risk value [1,3], AvailabilityA1: F2: {RS,PN,FW} [1,3], IntegrityA2: [1,5], conformance ConfidentialityA2: [1,5], AvailabilityA2: [1,5], FrequencyR1: [2,4], ConsequenceR1: flow [4,5], FrequencyR2: F3: {RS,SL,NC,BF,FW} [1,3], RSConsequenceR236 : [4,5], C FrequencyR3: {F1,F2, F3} [3,4], ConsequenceR3: [3,5], RiskReductionT1:360, Acceptable NC Bpi: 120, Risk{F2} NP 10 risk A1: [1, 1000], RiskA2: [1,1000], RiskF1: [1,1000], f1: Boolean} SL 84 C { F3} Constraints: { NC 240 NC { F3} F1: {NCE,DW,NS,BW,WE} RiskA1 = (IntegrityA1+ConfidentialityA1+AvailabilityA1) { * ((ConsequenceR1 – BF 360 NC F3} F2: {NCE,DW,BW,WE} ConsequenceR1*RiskReductionT1)* (FrequencyR1 – FrequencyR1*RiskReductionT1) + PP 84 C {F1} F3: {NCE,REI,WE} IntegrityA1+ConfidentialityA1+AvailabilityA1) * (ConsequenceR3 – PN R3*RiskReductionT1)* (FrequencyR3 – FrequencyR3*RiskReductionT1) + Consequence 240 NC {F2 } F4: {NCE,RSH,WE} (ConsequenceR2 FW – 191ConsequenceR2*RiskReductionT1)* NC {F1,F2,(FrequencyR2 F3} – FrequencyR2*RiskReductionT1); NCE 150 C {F3,F4} RiskA2 =REI (IntegrityA1+ConfidentialityA1+AvailabilityA1) * ((ConsequenceR1 – 132 C {F3} F1: {RSW} ConsequenceR1*RiskReductionT1)* (FrequencyR1 – FrequencyR1*RiskReductionT1) + RSW 132 C {F4} (IntegrityA1+ConfidentialityA1+AvailabilityA1) * (ConsequenceR3 – F2: {RH} WE 165 NC {F3,F4} ConsequenceR3*RiskReductionT1)* (FrequencyR3 – FrequencyR3*RiskReductionT1) ; F3: {CE} RSH 27 RiskF1 = (RiskA1 + RiskA2)/2; C {F1} RH 27 C {F2} f1 = (Acceptable riskBPi ≤ RiskF1);} CE 108 NC {F3}
  8. 8. OPBUS – IDE for BP risk assessment • Eclipse Plug-in • BPMN Modeller with support for the risk extension • Transform. to Const. Prog. • Visual – Diagnosis of BPs
  9. 9. OPBUS – IDE for BP risk assessment
  10. 10. OPBUS – Security Patterns, theory and models Christopher Alexander in 1977: “A pattern describes a problem which occurs over and over again our environment, and then describes the core of the solution to that pattern“ • We found an standard/template representation !!! • Still being very textual and natural  Let’s model security patterns
  11. 11. Security Patterns, theory and models Example of an extended security pattern template: Label to describe security intentions to implement Indicates the security goals to fulfill Indicates el type of risk treatment Describes the attributes concerning to the context Describe the constraints that exist in the business process that affect the problem
  12. 12. Security Patterns, theory and models • Ontological represention of concepts • Extending security pattern info.
  13. 13. Security Patterns, theory and models Customizable models ISO 27000-series UML QoS and FT Common Weakness Enumeration (CWE)
  14. 14. Security Patterns, theory and models Extension of risk model for OPBUS
  15. 15. Case of study Catalogue Security Patterns Example Scenario (BPMS – Web Services – Web Forms)
  16. 16. Case of study Forces Context AI techniques for optimized searchs Objective function Process of selection based on attributes and constraint of security patterns
  17. 17. OPBUS – Prototypes Prototype as add-on for specification of security patterns within OPBUS plug-in
  18. 18. OPBUS – Prototypes Prototype as connector for Bonita BPM
  19. 19. Ongoing works Generation and selection of the best configuration from security patterns 1. Analyze features of typical BPi Customers/ BPMS Start Activity SSL/TLS countermeasures in order to achieve Users security goals of Confidentiality info. Encryption/Decryption info. confidentiality, availability, integrity Authentication Digital Signatures Information Integrity Message Authentication Code , authorization and authentication (Done) Web Server Application Web DataBase Legacy Server Service System Apache (SSL/TLS) SecurityLevel = {High} Algorithm CipherSuite ClientAuth Port KeyStore Trust Protocol SecurityLevel = {High} Attributes/Extra- true want false Type Pass File File Pass Type SSLv2.0 TLSv1.X SSLv3 func. Cross-Relations Optional SecurityLevel = {Medium} JKS PKCS12 PKCS11 JKS PKCS12 PKCS11 Mandatory Alternative exclude Or-alternative require
  20. 20. Ongoing works Selection of the best configuration from security patterns: 2. Define a catalogue of security patterns by means of feature models (Done) 3. Apply feature-oriented model analysis in order to obtain configurations based on objectives functions (Done) 4. Integrate the generation of configuration through feature model analysis in OPBUS plugin (In progress) Risk Treatment Catalogue Security Countermeasures Security 1. Security Pattern 3 Problem Config. Context Pattern 1 Security Force Problem Pattern 5 Problem Security Context Context Pattern 2 Force Security Feature Problem Pattern 4 Force Context analyser 2. Problem Problem Force Config. Solution Context Problem Force Force Context Force Feature model Feature Feature Feature model model model
  21. 21. Thank you  MSc. Ángel Jesús Varela Vaca Higher Technical School of Computer Engineering - Department of Computer Languages and Systems - Quivir Research Group University of Seville contact: ajvarela@us.es

×