66 research outputs found
Formalization of security patterns as a means to infer security controls in business processes
The growing trend towards the automation and externalization of business processes by means of Technology Infrastructure
(TI), such as Business Process Management Systems, has increased the security risks in the organizations. In the majority
of cases, the issue of security is overlooked by default in these systems. Therefore, the early selection and implementation
of security controls that mitigate risks is a real and crucial need. Nevertheless, there exists an enormous range of IT security
controls and their configuration is a human, manual, time-consuming and error-prone task. In addition, security controls
are implemented out separately from the organization perspective and involve many stakeholders. This separation makes
difficult to ensure the effectiveness of these controls with regard to organizational requirements. In this article, we propose a
formalization of security controls based on security pattern templates and feature models. This formalization allows applying
feature domain-oriented analysis and constraint programming techniques for the automatic inference, selection and generation
of optimal security controls with regard to single and multiple business objectivesJunta de Andalucía P08-TIC-04095Ministerio de Educación y Ciencia TIN2009-1371
Smart Contract Languages: A Multivocal Mapping Study
Blockchain is a disruptive technology that has attracted the attention of the scientific community and compa nies, as proven by the exponential growth of publications on this topic in recent years. This growing interest
is mainly due to the promise that the use of blockchain enables it to be verified, without including any trusted
intermediaries, that the information received from the network is authentic and up-to-date. In this respect,
blockchain is a distributed database that can be seen as a ledger that records all transactions that have ever
been executed. In this context, smart contracts are pieces of software used to facilitate, verify, and enforce
the negotiation of a transaction on a blockchain platform. These pieces of software are implemented by using
programming languages, which are sometimes provided by the blockchain platforms themselves. This study
aims to (1) identify and categorise the state-of-the-art related to smart contract languages, in terms of the
existing languages and their main features, and (2) identify new research opportunities. The review has been
conducted as a multivocal mapping study that followsthe guidelines proposed by Garousi et al. for conducting
multivocal literature reviews, as well as the guidelines proposed by Kitchenham and Charters for conducting
mapping studies. As a result of the implementation of the review protocol, 4,119 papers were gathered, and
109 of them were selected for extraction. The contributions of this article are twofold: (1) 101 different smart
contract languages have been identified and classified according to a variety of criteria; (2) a discussion on
the findings and their implications for future research have been outlined. As a conclusion, it could be stated
that a rigorous and replicable overview of the state-of-the-art of smart contract languages has been provided
that can benefit not only researchers but also practitioners in the field, thanks to its multivocal nature.Ministerio de Ciencia y Tecnología RTI2018-094283-B-C33 (ECLIPSE)Junta de Andalucía COPERNICA (P20-01224)Junta de Andalucía METAMORFOSIS (US-1381375
OPBUS: Risk-aware framework for the conformance of security-quality requirements in business processes
Several reports indicate that one of the most important business priorities is the improvement of business
and IT management. Nowadays, business processes and in general service-based ones use other external
services which are not under their jurisdiction. Organizations do not usually consider their exposition to
security risks when business processes cross organizational boundaries. In this paper, we propose a risk aware framework for security-quality requirements in business processes management. This framework is
focused on the inclusion of security issues from design to execution. The framework provides innovative
mechanisms based on model-based diagnosis and constraint programming in order to carry out the risk
assessment of business processes and the automatic check of the conformance of security requirements.Junta de Andalucía P08-TIC-04095Ministerio de Ciencia y Tecnología TIN2009-1371
AFPL2, An Abstract Language for Firewall ACLs with NAT support
The design and management of firewall ACLs is a
very hard and error-prone task. Part of this complexity comes
from the fact that each firewall platform has its own low-level
language with a different functionality, syntax, and development
environment. Although high-level languages have been proposed
to model firewall ACLs, none of them has been widely adopted by
the industry due to a combination of factors: high complexity, no
support of important features of firewalls, etc. In this paper the
most important access control policy languages are reviewed,
with special focus on the development of firewall ACLs. Based on
this analysis, a new domain specific language for firewall ACLs
(AFPL2) is proposed, supporting more features that other
languages do not cover (e.g. NAT). As the result of our design
methodology, AFPL2 is very lightweight and easy to use. AFPL2
can be translated to existing low-level firewall languages, or be
directly interpreted by firewall platforms, and is an extension to a
previously developed language.Ministerio de Eduación y Ciencia DPI2006-15476-C02-0
Contract-based test generation for data flow of business processes using constraint programming
The verification of the properties of a business
process (BP) has become a significant research topic in
recent years. In the early stages of development, the BP
model (e.g. BPMN, EPC), the BP contract (task contract,
regulations and laws, business rules), and the test
objectives (requirements) are the only elements available.
In order to support the modellers, automatic tools must be
provided in order to check whether their business
processes are in line with the BP contract.
This paper proposes a new business process called the
automatic test-case generator to automate the generation
of test cases and verify that a BP has the intended
functionality (semantic conformance). This generator is
analysed, designed and implemented by taking into
account the following tasks: Annotation of the BP model
with the business process contract, calculation of the
various data flow paths, transformation of these data flow
paths into SSA form, and a modelling of a constraint
satisfaction problem (constraint programming) of the BP
contract for all data flow paths. The execution of this
business process generates the test cases automatically.Junta de Andalucía P08-TIC-04095Ministerio de Ciencia e Innovación TIN2009-1371
A Model-Driven Engineering approach with Diagnosis of Non-Conformance of Security Objectives in Business Process Models
Several reports indicate that the highest business
priorities include: business improvement, security, and IT management.
The importance of security and risk management is
gaining that even government statements in some cases have
imposed the inclusion of security and risk management within
business management. Risk assessment has become an essential
mechanism for business security analysts, since it allows the
identification and evaluation of any threats, vulnerabilities, and
risks to which organizations maybe be exposed. In this work, a
framework based on the concepts of Model-Driven Development
has been proposed. The framework provides different stages
which range from a high abstraction level to an executable level.
The main contribution lie in the presentation of an extension of
a business process meta-model which includes risk information
based on standard approaches. The meta-model provides necessary
characteristics for the risk assessment of business process
models at an abstract level of the approach. The framework has
been equipped with specific stages for the automatic validation of
business processes using model-based diagnosis which permits the
detection of the non-conformance of security objectives specified.
The validation stages ensure that business processes are correct
with regard to the objectives specified by the customer before
they are transformed into executable processes.Junta de Andalucía P08-TIC-04095Ministerio de Ciencia e Innovación TIN2009-1371
A Quadratic, Complete, and Minimal Consistency Diagnosis Process for Firewall ACLs
Developing and managing firewall Access Control
Lists (ACLs) are hard, time-consuming, and error-prone tasks
for a variety of reasons. Complexity of networks is constantly
increasing, as it is the size of firewall ACLs. Networks have
different access control requirements which must be translated
by a network administrator into firewall ACLs. During this task,
inconsistent rules can be introduced in the ACL. Furthermore,
each time a rule is modified (e.g. updated, corrected when a fault
is found, etc.) a new inconsistency with other rules can be
introduced. An inconsistent firewall ACL implies, in general, a
design or development fault, and indicates that the firewall is
accepting traffic that should be denied or vice versa. In this paper
we propose a complete and minimal consistency diagnosis process
which has worst-case quadratic time complexity with the number
of rules in a set of inconsistent rules. There are other proposals of
consistency diagnosis algorithms. However they have different
problems which can prevent their use with big, real-life, ACLs:
on the one hand, the minimal ones have exponential worst-case
time complexity; on the other hand, the polynomial ones are not
minimal.Ministerio de Eduación y Ciencia TIN2009-1371
Business Process Configuration According to Data Dependency Specification
Configuration techniques have been used in several fields, such as the design of business
process models. Sometimes these models depend on the data dependencies, being easier to describe
what has to be done instead of how. Configuration models enable to use a declarative representation
of business processes, deciding the most appropriate work-flow in each case. Unfortunately,
data dependencies among the activities and how they can affect the correct execution of the process,
has been overlooked in the declarative specifications and configurable systems found in the literature.
In order to find the best process configuration for optimizing the execution time of processes according
to data dependencies, we propose the use of Constraint Programming paradigm with the aim of
obtaining an adaptable imperative model in function of the data dependencies of the activities
described declarative.Ministerio de Ciencia y Tecnología TIN2015-63502-C3-2-RFondo Europeo de Desarrollo Regiona
FABIOLA: Defining the Components for Constraint Optimization Problems in Big Data Environment
The optimization problems can be found in several examples within companies, such as the minimization of the production costs, the faults produced, or the maximization of customer loyalty. The resolution of them is a challenge that entails an extra effort. In addition, many of today’s enterprises are encountering the Big Data problems added to these optimization problems. Unfortunately, to tackle this challenge by medium and small companies is extremely difficult or even impossible. In this paper, we propose a framework that isolates companies from how the optimization problems are solved. More specifically, we solve optimization problems where the data is heterogeneous, distributed and of a huge volume. FABIOLA (FAst BIg cOstraint LAb) framework enables to describe the distributed and structured data used in optimization problems that can be parallelized (the variables are not shared between the various optimization problems), and obtains a solution using Constraint Programming Techniques
Efficient algorithms and abstract data types for local inconsistency isolation in firewall ACLS
Writing and managing firewall ACLs are hard, tedious, time-consuming and error-prone tasks for a wide
range of reasons. During these tasks, inconsistent rules can be introduced. An inconsistent firewall ACL
implies in general a design fault, and indicates that the firewall is accepting traffic that should be denied or
vice versa. This can result in severe problems such as unwanted accesses to services, denial of service,
overflows, etc. However, the administrator is who ultimately decides if an inconsistent rule is a fault or not.
Although many algorithms to detect and manage inconsistencies in firewall ACLs have been proposed, they
have different drawbacks regarding different aspects of the consistency diagnosis problem, which can
prevent their use in a wide range of real-life situations. In this paper, we review these algorithms along with
their drawbacks, and propose a new divide and conquer based algorithm, which uses specialized abstract
data types. The proposed algorithm returns consistency results over the original ACL. Its computational
complexity is better than the current best algorithm for inconsistency isolation, as experimental results will
also show.Ministerio de Educación y Ciencia DIP2006-15476-C02-0
- …