727 research outputs found
Threats Management Throughout the Software Service Life-Cycle
Software services are inevitably exposed to a fluctuating threat picture.
Unfortunately, not all threats can be handled only with preventive measures
during design and development, but also require adaptive mitigations at
runtime. In this paper we describe an approach where we model composite
services and threats together, which allows us to create preventive measures at
design-time. At runtime, our specification also allows the service runtime
environment (SRE) to receive alerts about active threats that we have not
handled, and react to these automatically through adaptation of the composite
service. A goal-oriented security requirements modelling tool is used to model
business-level threats and analyse how they may impact goals. A process flow
modelling tool, utilising Business Process Model and Notation (BPMN) and
standard error boundary events, allows us to define how threats should be
responded to during service execution on a technical level. Throughout the
software life-cycle, we maintain threats in a centralised threat repository.
Re-use of these threats extends further into monitoring alerts being
distributed through a cloud-based messaging service. To demonstrate our
approach in practice, we have developed a proof-of-concept service for the Air
Traffic Management (ATM) domain. In addition to the design-time activities, we
show how this composite service duly adapts itself when a service component is
exposed to a threat at runtime.Comment: In Proceedings GraMSec 2014, arXiv:1404.163
Reviewing BPMN as a Modeling Notation for CACAO Security Playbooks
As cyber systems become increasingly complex and cybersecurity threats become
more prominent, defenders must prepare, coordinate, automate, document, and
share their response methodologies to the extent possible. The CACAO standard
was developed to satisfy the above requirements, providing a common
machine-readable framework and schema for documenting cybersecurity operations
processes, including defensive tradecraft and tactics, techniques, and
procedures. Although this approach is compelling, a remaining limitation is
that CACAO provides no native modeling notation for graphically representing
playbooks, which is crucial for simplifying their creation, modification, and
understanding. In contrast, the industry is familiar with BPMN, a
standards-based modeling notation for business processes that has also found
its place in representing cybersecurity processes. This research examines BPMN
and CACAO and explores the feasibility of using the BPMN modeling notation to
represent CACAO security playbooks graphically. The results indicate that
mapping CACAO and BPMN is attainable at an abstract level; however, conversion
from one encoding to another introduces a degree of complexity due to the
multiple ways CACAO constructs can be represented in BPMN and the extensions
required in BPMN to support CACAO fully
Towards Automated Attack Simulations of BPMN-based Processes
Process digitization and integration is an increasing need for enterprises,
while cyber-attacks denote a growing threat. Using the Business Process
Management Notation (BPMN) is common to handle the digital and integration
focus within and across organizations. In other parts of the same companies,
threat modeling and attack graphs are used for analyzing the security posture
and resilience.
In this paper, we propose a novel approach to use attack graph simulations on
processes represented in BPMN. Our contributions are the identification of
BPMN's attack surface, a mapping of BPMN elements to concepts in a Meta Attack
Language (MAL)-based Domain-Specific Language (DSL), called coreLang, and a
prototype to demonstrate our approach in a case study using a real-world
invoice integration process. The study shows that non-invasively enriching BPMN
instances with cybersecurity analysis through attack graphs is possible without
much human expert input. The resulting insights into potential vulnerabilities
could be beneficial for the process modelers.Comment: Submitted for review to EDOC 202
An Extension of Business Process Model and Notation for Security Risk Management
Kaasaegsed infosüsteemide arendamise metoodikad hõlmavad erinevaid tehnilisi äriprotsesside modelleerimise meetmeid. Äriprotsesside modelleerimiseks kasutatav keel (BPMN) on tänapäeval muutunud üheks standartseks meetmeks, mis edukalt rakendatakse infosüsteemide loomisel ning edasi arendamisel selleks, et ettevõtete äriprotsesse kirjeldada ja modelleerida.Vaatamata sellele, et BPMN on hea töörist, mille abil on võimalik ettevõtte äriprotsesse mõistma ja esitama, see ei võimalda äriprotsesside modelleerimisel adresseerida süsteemi turvalisuse aspekte. Autor leiab, et see on BPMN nõrk külg, selle pärast, et turvalise infosüsteemi arendamiseks on oluline nii äriprotsesse kui ka süsteemi turvalisust vaadeldada tervikuna. Käesolevas magistritöös autor töötab välja BPMN 2.0 keele jaoks uusi elemente, mis edaspidi peavad võimaldama adresseerima turvalisuse temaatika süsteemi modelleerimisel. Autori pakutud lahendus põhineb BPMN modelleerimiskeele seostamisel turvalisuse riski juhendamise metoodikaga (ISSRM). Antud magistritöös rakendatakse struktureeritud lähenemine BPMN peamiste aspektide analüüsimisel ja turvalisuse riskide juhtimiseks uute elementide väljatöötamisel, selleks ühildades BPMN ning ISSRM-i kontsepte.
Magistritöös on demonstreeritud väljatöötatud lisaelementide kasutus, selgitatud kuidas antud elementidega laiendatud BPMN võimaldab väljendada ettevõtte varasid (assets), nendega seotuid riske (risks) ja riskide käsitlust (risk treatment). See on analüüsitud internetkaupluse varade konfidentsiaalsuse, terviklikkuse ja kättesaadavuse näitel. Autor on veendunud, et BPMN laienemine turvalisuse kontseptide osas ja antud töö raames tehtud konkreetsed ettepanekud aitavad infosüsteemide analüütikutele mõistma kuidas süsteemi turvalisust arendada nii, et läbi äriprotsessi tuvastatud olulisemate ettevõtte varade turvalisus oleks infosüsteemis käsitletud ning tagatud. Autori poolt antud käsitlus on vaadeldud ka laiemas mõttes, nimelt, BPMN keelele pakutud laienemisega avaneb perspektiiv äriprotsesside ja turvalisuse mudeleite koosvõimele ning BPMN-i teiste modelleerimise metoodikatega, nagu ISSRM või Secure Tropos, integreerimisele.Modern Information System (IS) development supports different techniques for business process modelling. Recently Business Process Model and Notation (BPMN) has become a standard that allows modelers to visualize organizational business processes. However, despite the fact that BPMN is a good approach to introduce and understand business processes, there is no opportunity to address security concerns while analysing the business needs. This is a problem, since both business processes and security concerns should be understood in parallel to support a development of the secure systems. In current thesis we introduce the extensions for BPMN 2.0 regarding security aspects. The following proposal is based on alignment of the modelling notation with IS security risk management (ISSRM).We apply a structured approach to understand major aspects of BPMN and propose extensions for security risk management based on the BPMN alignment to the ISSRM concepts. We demonstrate the use of extensions, illustrating how the extended BPMN could express assets, risks and risk treatment on few running examples related to the Internet store assets’ confidentiality, integrity and availability. We believe that our proposal would allow system analysts to understand how to develop security requirements to secure important assets defined through business processes.
We also attempt to observe the following approach in the broader sense and we open a possibility for the business and security model interoperability and the model transformation between BPMN and another modelling approach also aligned to ISSRM, Secure Tropos
Matching Business Process Workflows across Abstraction Levels
In Business Process Modeling, several models are defined
for the same system, supporting the transition from business requirements
to IT implementations. Each of these models targets a different
abstraction level and stakeholder perspective. In order to maintain consistency
among these models, which has become a major challenge not
only in this field, the correspondence between them has to be identified.
A correspondence between process models establishes which activities
in one model correspond to which activities in another model. This paper
presents an algorithm for determining such correspondences. The
algorithm is based on an empirical study of process models at a large
company in the banking sector, which revealed frequent correspondence
patterns between models spanning multiple abstraction levels. The algorithm
has two phases, first establishing correspondences based on similarity
of model element attributes such as types and names and then refining
the result based on the structure of the models. Compared to previous
work, our algorithm can recover complex correspondences relating whole
process fragments rather than just individual activities. We evaluate the
algorithm on 26 pairs of business-technical and technical-IT level models
from four real-world projects, achieving overall precision of 93% and
recall of 70%. Given the substantial recall and the high precision, the algorithm
helps automating significant part of the correspondence recovery
for such models.Ministerio de Ciencia e Innovación TIN2008-03107Ministerio de Economía y Competitividad TIN2011-2379
Configuration and management of security procedures with dedicated ‘spa-lang’ domain language in security engineering
The security policy should contain all the information necessary to make proper security decisions. The rules and needs for specific security measures and methods should be explained in understandable way. None of the existing security mechanisms can guarantee complete protection against threats. In extreme cases, improperly used security mechanisms can lower the level of protection, giving the impression of security that is actually lacking. To enable simple and automated definition of security procedures for IT system of a company or organization, available not only to qualified IT professionals, e.g. system administrators, but also to the company\u27s management staff, it was decided to create an Intelligent System for Automation and Analysis of Security Procedures (iSPA). The paper presents the proposal of use the developed domain language, named \u27spa-lang\u27 for configuration and management of security procedures in security system engineering based on BPMN (Business Process Model and Notation) standard
Investigating the Effects of a Virtual Process Environment on the Comprehension of Business Process Models
Within the scope of Business Process Management and Modeling, gamification is used, inter alia, to promote process model comprehension and for motivational and educational purposes. In the context of gamification in Business Process Management, this master thesis aims to investigate the effects of a virtual process environment on the cognitive load a process reader perceives during the comprehension of a process model. The comprehension of process models is essential for the proper modeling of business processes, and vice versa. In addition to the previous research approaches in terms of gamification regarding the management and modeling of business processes, this master thesis takes into account concepts from cognitive research. A study with 72 participants was conducted online. Thereby, measures of interest were the cognitive load of the
textual process description, the process model and the process model extended with graphics extracted from the virtual process environment. Therefore, a fractorial desgin was established as only the process model was extended with static pictures. The virtual process environment is realized through a video based on a 3D - warehouse scenario game. As a result, no significant difference in the perceived cognitive load of the process reader was found between the three process variants. In summary, after experiencing a virtual process environment, the cognitive load of the process documentations does not differ significantly. Further analysis has shown that the process reader’s confidence in the completeness and adequacy of the shown process documentation is associated with the process document variant. Participants were more confident about the correctness
of the process model extended with graphics
- …