Presentation for CISIS 2012
•
0 gefällt mir•593 views
Presentation for CISIS 2012
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (8)
Andere mochten auch
Andere mochten auch (19)
Ähnlich wie Presentation for CISIS 2012
Ähnlich wie Presentation for CISIS 2012 (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Presentation for CISIS 2012
- 1. A Security Pattern-Driven Approach Toward the Automation of Risk Treatment in Business Processes MSc. Ángel Jesús Varela Vaca Higher Technical School of Computer Engineering - Department of Computer Languages and Systems - Quivir Research Group University of Seville contact: ajvarela@us.es
- 2. Outline Context OPBUS: Automatic Risk Assessment in BPs Security Patterns, theory and models Case of study OPBUS: A prototype Ongoing work
- 3. Context Sequence (Work flow) Participants External Activites (Task) Services Messages (Data flow) What about risks? Q Events Artifacts (Data (Work Flow) Store/Annotation) What about security? What about implementation? Main Challenges: • Business goals (time, cost, resources) Business Process Models • Could we ensure that BP models are conformed to specific risk level?? Risk assessment * M. Menzel, I. Thomas, and C. Meinel, “Security requirements specification in service-oriented business process management,” International Conference on Availability, Reliability and Security vol. 0, pp. 41–48, 2009. * C. Wolter, M. Menzel, A. Schaad, P. Miseldine, and C. Meinel, “Model-driven business process security requirement specification,” Journal of Systems Architecture – Embedded Systems Design, vol. 55, no. 4, pp. 211–223, 2009.
- 4. Context BPi Activity Channel of Customers/ Start communication BPMS Users Main challenges: 1. How to “describe” the countermeasures in Security Countermeasure: Secure pipe business processes? Fault Tolerance Access control 2. Countermeasures are very heterogeneous. 3. Countermeasures are described in natural language and informal way. Application Web DataBase Legacy 4. The selection of countermeasures is carried Web Server Server Service System out in manual way without criteria. Business/Logical Confidentiality Integrity Availability Security Goals Domain Regulations/ Standards Security Patterns Secure Protocol Models !!! Technnical / Standards Network Layer Application Layer Transport Layer Application/ Infrastructure Domain IPSec S-HTTP HTTPS (SSL/TLS) Configuration/ Code require OpenSSL Apache (mod_ssl) JSSE GnuTLS
- 5. OPBUS – Automatic Risk Assessment in BPS Main challenges: 1. What is a security risk?! Security risks are related to threats and vulnerabilities • Technical risks (SQL Injections, XSS, DoS, Protocols, …) • No-design failures/changes of business processes (live locks, dead locks, …) 2. How to assess BP models ?! Activities Data WebForms 3. How to figure out where/why fail to conform risk levels?! 4. How to adapt solutions to the assessment carried out ?!
- 6. OPBUS – Automatic Risk Assessment in BPS • Provide a light-extension for generic BP models • Provide a DSL for risk assessment of BPs • New artifact • New properties I: [3,5] C: [5,5] A: [1,6] Frequency: [1,6] Threats: {R1,R3,R6} Consequence: [2,3] Vulnerability: V1 Frequency: [3,6] Consequence: [1,5] Risk= Value * Frequency * Consequence A1 Vulnerability: V2 RiskBP = RiskA1 + RiskA2 G1 G2 Threat Scenario BPi S1 E1 R3 R2 A2 R6 R1 R4 R5 I: [3,5] Threats C: [5,5] A: [1,6] Threats: {R1,R3,R6} T1 T2 Treatments Extension Meta-Model Business Meta-Model Business Process Meta-Model Risk Reduction: [10,20]% Acceptable Risk Reduction: [10,30]% Cost: 10.000 Integrity Risk Cost: 1000 Confidentiality Asset Value 1 Process Model Model Element Property Availability Cost Risk Meta-Model 1 Pre 1..* Objective Message Flow Frenquency 1 Post 1 Pool 1..* Connector Sequence In general, risk assessment methods use: - Asset: Low or 1 SINGLE VALUE 1 Flow Consequence 1..* Vulnerability 1 1..* 1..* Threat 1..* Threat Countermeasure 1..* 1..* Treatment 1..* Scenario 1..* Activity 1..* Events 1..* Gateway 1..* 1..* Artefact 1..* OPBUS approach is more accurate: - Asset: [1,5] RANGE 1 Risk Scenario Reduction
- 7. OPBUS – Automatic Risk Assessment in BPS CSP Solver Info. COMET Solver COMET Model BP+Risk Choco Diagnosis Diagnosis Model Solver worklfows activities/artefacts Choco Model COMET Solver Risk Formula info. Automatic Jsolver Model Risk Assessment Potential F1: {RS,NP,PP,FW} Non- Variables: {IntegrityA1: [1,3], ConfidentialityA1: execution Activity Risk value [1,3], AvailabilityA1: F2: {RS,PN,FW} [1,3], IntegrityA2: [1,5], conformance ConfidentialityA2: [1,5], AvailabilityA2: [1,5], FrequencyR1: [2,4], ConsequenceR1: flow [4,5], FrequencyR2: F3: {RS,SL,NC,BF,FW} [1,3], RSConsequenceR236 : [4,5], C FrequencyR3: {F1,F2, F3} [3,4], ConsequenceR3: [3,5], RiskReductionT1:360, Acceptable NC Bpi: 120, Risk{F2} NP 10 risk A1: [1, 1000], RiskA2: [1,1000], RiskF1: [1,1000], f1: Boolean} SL 84 C { F3} Constraints: { NC 240 NC { F3} F1: {NCE,DW,NS,BW,WE} RiskA1 = (IntegrityA1+ConfidentialityA1+AvailabilityA1) { * ((ConsequenceR1 – BF 360 NC F3} F2: {NCE,DW,BW,WE} ConsequenceR1*RiskReductionT1)* (FrequencyR1 – FrequencyR1*RiskReductionT1) + PP 84 C {F1} F3: {NCE,REI,WE} IntegrityA1+ConfidentialityA1+AvailabilityA1) * (ConsequenceR3 – PN R3*RiskReductionT1)* (FrequencyR3 – FrequencyR3*RiskReductionT1) + Consequence 240 NC {F2 } F4: {NCE,RSH,WE} (ConsequenceR2 FW – 191ConsequenceR2*RiskReductionT1)* NC {F1,F2,(FrequencyR2 F3} – FrequencyR2*RiskReductionT1); NCE 150 C {F3,F4} RiskA2 =REI (IntegrityA1+ConfidentialityA1+AvailabilityA1) * ((ConsequenceR1 – 132 C {F3} F1: {RSW} ConsequenceR1*RiskReductionT1)* (FrequencyR1 – FrequencyR1*RiskReductionT1) + RSW 132 C {F4} (IntegrityA1+ConfidentialityA1+AvailabilityA1) * (ConsequenceR3 – F2: {RH} WE 165 NC {F3,F4} ConsequenceR3*RiskReductionT1)* (FrequencyR3 – FrequencyR3*RiskReductionT1) ; F3: {CE} RSH 27 RiskF1 = (RiskA1 + RiskA2)/2; C {F1} RH 27 C {F2} f1 = (Acceptable riskBPi ≤ RiskF1);} CE 108 NC {F3}
- 8. OPBUS – IDE for BP risk assessment • Eclipse Plug-in • BPMN Modeller with support for the risk extension • Transform. to Const. Prog. • Visual – Diagnosis of BPs
- 9. OPBUS – IDE for BP risk assessment
- 10. OPBUS – Security Patterns, theory and models Christopher Alexander in 1977: “A pattern describes a problem which occurs over and over again our environment, and then describes the core of the solution to that pattern“ • We found an standard/template representation !!! • Still being very textual and natural Let’s model security patterns
- 11. Security Patterns, theory and models Example of an extended security pattern template: Label to describe security intentions to implement Indicates the security goals to fulfill Indicates el type of risk treatment Describes the attributes concerning to the context Describe the constraints that exist in the business process that affect the problem
- 12. Security Patterns, theory and models • Ontological represention of concepts • Extending security pattern info.
- 13. Security Patterns, theory and models Customizable models ISO 27000-series UML QoS and FT Common Weakness Enumeration (CWE)
- 14. Security Patterns, theory and models Extension of risk model for OPBUS
- 15. Case of study Catalogue Security Patterns Example Scenario (BPMS – Web Services – Web Forms)
- 16. Case of study Forces Context AI techniques for optimized searchs Objective function Process of selection based on attributes and constraint of security patterns
- 17. OPBUS – Prototypes Prototype as add-on for specification of security patterns within OPBUS plug-in
- 18. OPBUS – Prototypes Prototype as connector for Bonita BPM
- 19. Ongoing works Generation and selection of the best configuration from security patterns 1. Analyze features of typical BPi Customers/ BPMS Start Activity SSL/TLS countermeasures in order to achieve Users security goals of Confidentiality info. Encryption/Decryption info. confidentiality, availability, integrity Authentication Digital Signatures Information Integrity Message Authentication Code , authorization and authentication (Done) Web Server Application Web DataBase Legacy Server Service System Apache (SSL/TLS) SecurityLevel = {High} Algorithm CipherSuite ClientAuth Port KeyStore Trust Protocol SecurityLevel = {High} Attributes/Extra- true want false Type Pass File File Pass Type SSLv2.0 TLSv1.X SSLv3 func. Cross-Relations Optional SecurityLevel = {Medium} JKS PKCS12 PKCS11 JKS PKCS12 PKCS11 Mandatory Alternative exclude Or-alternative require
- 20. Ongoing works Selection of the best configuration from security patterns: 2. Define a catalogue of security patterns by means of feature models (Done) 3. Apply feature-oriented model analysis in order to obtain configurations based on objectives functions (Done) 4. Integrate the generation of configuration through feature model analysis in OPBUS plugin (In progress) Risk Treatment Catalogue Security Countermeasures Security 1. Security Pattern 3 Problem Config. Context Pattern 1 Security Force Problem Pattern 5 Problem Security Context Context Pattern 2 Force Security Feature Problem Pattern 4 Force Context analyser 2. Problem Problem Force Config. Solution Context Problem Force Force Context Force Feature model Feature Feature Feature model model model
- 21. Thank you MSc. Ángel Jesús Varela Vaca Higher Technical School of Computer Engineering - Department of Computer Languages and Systems - Quivir Research Group University of Seville contact: ajvarela@us.es