SlideShare a Scribd company logo

IBIMA 2015 Conference Preesntation

Download as PPTX, PDF
Angel Jesus Varela Vaca
Angel Jesus Varela Vaca

IBIMA 2015 Conference Preesntation

Technology
1 of 20
An Open-Source Proactive Security Infrastructure for Business Process Management Dr. Ángel Jesús Varela Vaca María Teresa Gómez-López, David Jiménez Vargas, Rafael Martínez Gasca, Antonio J. Suárez, Pedro J. Abad IDEA Research Group, ETS. Ingeniería Informática - Department of Computer Languages and Systems University of Seville
Outline • Background • Security Challenges • Infrastructure / Case study • Conclusions and future works
Background 3 Internet BPMS T1 T2 T3 ... ... Customers Execute/ Enact Data Bases T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... SMEs moving on Internet-driven market: • Externalization and automation • Mechanisms for data analysis
Background 4 Internet BPMS T1 T2 T3 ... ... Customers Execute/ Enact Data Bases ‘Malcious’ Customer T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... SECURITY • Regulation & Law compliance • Tech. lack of security awareness • Small budgets
Security challenges 5 Internet BPMS T1 T2 T3 ... ... Customers Execute/ Enact Data Bases ‘Malcious’ Customer T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... Wolter et al. (2011) Menzel et al. (2012) • Mechanisms to represent security requirements at process level Leitner et al. (2015) • Extension to represent security in processes aware systems
Security challenges 6 Internet BPMS T1 T2 T3 ... ... Customers Execute/ Enact Data Bases ‘Malcious’ Customer T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... Weske et al. (2007) • Monitoring: state of the process and log data. • Business Activity Monitoring: analyze logs trails to identify problems. Gonzalez et al. (2011) • Active monitoring: state process execution information at real-time • Passive monitoring: upon request information
Research statements: • How to monitor security requirements? • How monitoring/analyze security requirements externally? • How check compliance of security requirements externally? • How to be security proactive? Security challenges 7 Internet BPMS T1 T2 T3 ... ... Customers Execute/ Enact Data Bases ‘Malcious’ Customer T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ...
Infrastructure – Case Study 8 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2
Infrastructure – Case Study 9 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2
Infrastructure – Case Study 10 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2
Infrastructure – Case Study 11 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2 Groovy Connectors
Infrastructure – Case Study 12 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2
Infrastructure – Case Study 13 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2 Logs Agent Log Colector OSSIM (AlienVault) Continuous Monitoring 3
Logs Agent Log Colector Infrastructure – Case Study 14 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2 OSSIM (AlienVault) Continuous Monitoring 3
Infrastructure 15 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2 Logs Agent Log Colector OSSIM (AlienVault) Continuous Monitoring 3 DecoderMatching Active Response A1 A2 A3 Rol1 if (T1.Rol = Rol1){  Allow } else {  Deny } Log Send Alert Security Admin. DecomposeAnalyseReact 123 Control 3.13.23.3
Infrastructure 16 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2 Logs Agent Log Colector OSSIM (AlienVault) Continuous Monitoring 3 DecoderMatching Active Response A1 A2 A3 Rol1 if (T1.Rol = Rol1){  Allow } else {  Deny } Log Send Alert Security Admin. DecomposeAnalyseReact 123 Control 3.13.23.3
Infrastructure 17 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2 Logs Agent Log Colector OSSIM (AlienVault) Continuous Monitoring 3 DecoderMatching Active Response A1 A2 A3 Rol1 if (T1.Rol = Rol1){  Allow } else {  Deny } Log Send Alert Security Admin. DecomposeAnalyseReact 123 Control 3.13.23.3
Infrastructure 18 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2 Logs Agent Log Colector OSSIM (AlienVault) Continuous Monitoring 3 DecoderMatching Active Response A1 A2 A3 Rol1 if (T1.Rol = Rol1){  Allow } else {  Deny } Log Send Alert Security Admin. DecomposeAnalyseReact 123 Control 3.13.23.3 Send signals Security Alerts (if any) 4 5
Conclusions 19 • How to monitor security requirements? • Using connectors to log information and agent to collect them. • How monitoring/analyze security requirements externally? • AlientVault (SIEM) system. • How check compliance of security requirements externally? • Engine based on rules and correlation rules. • How to be security proactive? • Creation of alarms and sending signals through APIs to the process execution.
Thank for your attention, questions? Dr. Ángel J. Varela Vaca E-mail: ajvarela@us.es

Recommended

Meeting 3 network administrator tools
Meeting 3 network administrator toolsMeeting 3 network administrator tools
Meeting 3 network administrator tools
Syaiful Ahdan
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
ShivamSharma909
 
Making Log Data Useful: SIEM and Log Management Together
Making Log Data Useful: SIEM and Log Management TogetherMaking Log Data Useful: SIEM and Log Management Together
Making Log Data Useful: SIEM and Log Management Together
Anton Chuvakin
 
Eight women among the top 300 richest Indians
Eight women among the top 300 richest IndiansEight women among the top 300 richest Indians
Eight women among the top 300 richest Indians
Kiran Shaw
 
Colombo Courtyard_ Certified CarbonNeutral for 3rd year ___DailyFT - Be Empow...
Colombo Courtyard_ Certified CarbonNeutral for 3rd year ___DailyFT - Be Empow...Colombo Courtyard_ Certified CarbonNeutral for 3rd year ___DailyFT - Be Empow...
Colombo Courtyard_ Certified CarbonNeutral for 3rd year ___DailyFT - Be Empow...
Roshan George
 
Butterfly
ButterflyButterfly
Butterfly
Patricia Spurr
 
Qué es la brecha digital
Qué es la brecha digitalQué es la brecha digital
Qué es la brecha digital
johannamedinaposligua
 
Car shifting services
Car shifting servicesCar shifting services
Car shifting services
varma Ptr
 

Recommended

Meeting 3 network administrator tools
Meeting 3 network administrator toolsMeeting 3 network administrator tools
Meeting 3 network administrator tools
Syaiful Ahdan
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
ShivamSharma909
 
Making Log Data Useful: SIEM and Log Management Together
Making Log Data Useful: SIEM and Log Management TogetherMaking Log Data Useful: SIEM and Log Management Together
Making Log Data Useful: SIEM and Log Management Together
Anton Chuvakin
 
Eight women among the top 300 richest Indians
Eight women among the top 300 richest IndiansEight women among the top 300 richest Indians
Eight women among the top 300 richest Indians
Kiran Shaw
 
Colombo Courtyard_ Certified CarbonNeutral for 3rd year ___DailyFT - Be Empow...
Colombo Courtyard_ Certified CarbonNeutral for 3rd year ___DailyFT - Be Empow...Colombo Courtyard_ Certified CarbonNeutral for 3rd year ___DailyFT - Be Empow...
Colombo Courtyard_ Certified CarbonNeutral for 3rd year ___DailyFT - Be Empow...
Roshan George
 
Butterfly
ButterflyButterfly
Butterfly
Patricia Spurr
 
Qué es la brecha digital
Qué es la brecha digitalQué es la brecha digital
Qué es la brecha digital
johannamedinaposligua
 
Car shifting services
Car shifting servicesCar shifting services
Car shifting services
varma Ptr
 
Bab 4
Bab 4Bab 4
Bab 4
Aji W
 
Tim Harrison, nfpSynergy: Future proofing your marketing
Tim Harrison, nfpSynergy: Future proofing your marketingTim Harrison, nfpSynergy: Future proofing your marketing
Tim Harrison, nfpSynergy: Future proofing your marketing
Edge Global Media Group
 
SAC 2.0 Prefeitura de Curitiba - Prêmio Share
SAC 2.0 Prefeitura de Curitiba - Prêmio ShareSAC 2.0 Prefeitura de Curitiba - Prêmio Share
SAC 2.0 Prefeitura de Curitiba - Prêmio Share
Jana Santos
 
Matéria: Xô, pavio curto!
Matéria: Xô, pavio curto!Matéria: Xô, pavio curto!
Matéria: Xô, pavio curto!
Camila Tremea
 
Solo Taxonomy Enhancing students questioning and thinking_Vietnamese (Dec2015)
Solo Taxonomy Enhancing students questioning and thinking_Vietnamese (Dec2015)Solo Taxonomy Enhancing students questioning and thinking_Vietnamese (Dec2015)
Solo Taxonomy Enhancing students questioning and thinking_Vietnamese (Dec2015)
John Yeo
 
Meiji Restoration
Meiji RestorationMeiji Restoration
Meiji Restoration
ACS (Barker Road) 4Science1
 
Internet of Things Microservices
Internet of Things MicroservicesInternet of Things Microservices
Internet of Things Microservices
Capgemini
 
Real World IoT Architectures and Projects with Eclipse IoT
Real World IoT Architectures and Projects with Eclipse IoTReal World IoT Architectures and Projects with Eclipse IoT
Real World IoT Architectures and Projects with Eclipse IoT
Eurotech
 
Io t data streaming
Io t data streamingIo t data streaming
Io t data streaming
ratthaslip ranokphanuwat
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
Patricia M Watson
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
Splunk
 
Tec118 Teched2015 IOT use case and examples
Tec118 Teched2015 IOT use case and examplesTec118 Teched2015 IOT use case and examples
Tec118 Teched2015 IOT use case and examples
Markus Van Kempen
 
bakalarska_praca
bakalarska_pracabakalarska_praca
bakalarska_praca
Severin Simko
 
5th KuVS Meeting
5th KuVS Meeting5th KuVS Meeting
5th KuVS Meeting
steccami
 
Itech 1005
Itech 1005Itech 1005
Itech 1005
Christina Ramirez
 
How build scalable IoT cloud applications with microservices
How build scalable IoT cloud applications with microservicesHow build scalable IoT cloud applications with microservices
How build scalable IoT cloud applications with microservices
Dave Chen
 
Axiros tr069-smartmicrogrid-devicemanagement
Axiros tr069-smartmicrogrid-devicemanagementAxiros tr069-smartmicrogrid-devicemanagement
Axiros tr069-smartmicrogrid-devicemanagement
Axiros
 
LEFTERIS_PROJECT_FINAL
LEFTERIS_PROJECT_FINALLEFTERIS_PROJECT_FINAL
LEFTERIS_PROJECT_FINAL
Lefteris Iliopoulos
 
Industrial Control System Network Cyber Security Monitoring Solution (SCAB)
Industrial Control System Network Cyber Security Monitoring Solution (SCAB)Industrial Control System Network Cyber Security Monitoring Solution (SCAB)
Industrial Control System Network Cyber Security Monitoring Solution (SCAB)
Enrique Martin
 
Proactive Services Through Insights and IoT by M. Capone
Proactive Services Through Insights and IoT by M. CaponeProactive Services Through Insights and IoT by M. Capone
Proactive Services Through Insights and IoT by M. Capone
Capgemini
 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
Srinivasa Addepalli
 
Encapsulating Complexity in IoT Solutions
Encapsulating Complexity in IoT SolutionsEncapsulating Complexity in IoT Solutions
Encapsulating Complexity in IoT Solutions
Eurotech
 

More Related Content

Viewers also liked

Viewers also liked (6)

Bab 4
Bab 4Bab 4
Bab 4
 
Tim Harrison, nfpSynergy: Future proofing your marketing
Tim Harrison, nfpSynergy: Future proofing your marketingTim Harrison, nfpSynergy: Future proofing your marketing
Tim Harrison, nfpSynergy: Future proofing your marketing
 
SAC 2.0 Prefeitura de Curitiba - Prêmio Share
SAC 2.0 Prefeitura de Curitiba - Prêmio ShareSAC 2.0 Prefeitura de Curitiba - Prêmio Share
SAC 2.0 Prefeitura de Curitiba - Prêmio Share
 
Matéria: Xô, pavio curto!
Matéria: Xô, pavio curto!Matéria: Xô, pavio curto!
Matéria: Xô, pavio curto!
 
Solo Taxonomy Enhancing students questioning and thinking_Vietnamese (Dec2015)
Solo Taxonomy Enhancing students questioning and thinking_Vietnamese (Dec2015)Solo Taxonomy Enhancing students questioning and thinking_Vietnamese (Dec2015)
Solo Taxonomy Enhancing students questioning and thinking_Vietnamese (Dec2015)
 
Meiji Restoration
Meiji RestorationMeiji Restoration
Meiji Restoration
 

Similar to IBIMA 2015 Conference Preesntation

SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
Patricia M Watson
 
5th KuVS Meeting
5th KuVS Meeting5th KuVS Meeting
5th KuVS Meeting
steccami
 
How build scalable IoT cloud applications with microservices
How build scalable IoT cloud applications with microservicesHow build scalable IoT cloud applications with microservices
How build scalable IoT cloud applications with microservices
Dave Chen
 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
Srinivasa Addepalli
 
Big Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using SplunkBig Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using Splunk
IJERA Editor
 
Get Mainframe Visibility to Enhance SIEM Efforts in Splunk
Get Mainframe Visibility to Enhance SIEM Efforts in SplunkGet Mainframe Visibility to Enhance SIEM Efforts in Splunk
Get Mainframe Visibility to Enhance SIEM Efforts in Splunk
Precisely
 

Similar to IBIMA 2015 Conference Preesntation (20)

Internet of Things Microservices
Internet of Things MicroservicesInternet of Things Microservices
Internet of Things Microservices
 
Real World IoT Architectures and Projects with Eclipse IoT
Real World IoT Architectures and Projects with Eclipse IoTReal World IoT Architectures and Projects with Eclipse IoT
Real World IoT Architectures and Projects with Eclipse IoT
 
Io t data streaming
Io t data streamingIo t data streaming
Io t data streaming
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
 
Tec118 Teched2015 IOT use case and examples
Tec118 Teched2015 IOT use case and examplesTec118 Teched2015 IOT use case and examples
Tec118 Teched2015 IOT use case and examples
 
bakalarska_praca
bakalarska_pracabakalarska_praca
bakalarska_praca
 
5th KuVS Meeting
5th KuVS Meeting5th KuVS Meeting
5th KuVS Meeting
 
Itech 1005
Itech 1005Itech 1005
Itech 1005
 
How build scalable IoT cloud applications with microservices
How build scalable IoT cloud applications with microservicesHow build scalable IoT cloud applications with microservices
How build scalable IoT cloud applications with microservices
 
Axiros tr069-smartmicrogrid-devicemanagement
Axiros tr069-smartmicrogrid-devicemanagementAxiros tr069-smartmicrogrid-devicemanagement
Axiros tr069-smartmicrogrid-devicemanagement
 
LEFTERIS_PROJECT_FINAL
LEFTERIS_PROJECT_FINALLEFTERIS_PROJECT_FINAL
LEFTERIS_PROJECT_FINAL
 
Industrial Control System Network Cyber Security Monitoring Solution (SCAB)
Industrial Control System Network Cyber Security Monitoring Solution (SCAB)Industrial Control System Network Cyber Security Monitoring Solution (SCAB)
Industrial Control System Network Cyber Security Monitoring Solution (SCAB)
 
Proactive Services Through Insights and IoT by M. Capone
Proactive Services Through Insights and IoT by M. CaponeProactive Services Through Insights and IoT by M. Capone
Proactive Services Through Insights and IoT by M. Capone
 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
 
Encapsulating Complexity in IoT Solutions
Encapsulating Complexity in IoT SolutionsEncapsulating Complexity in IoT Solutions
Encapsulating Complexity in IoT Solutions
 
Modern real-time streaming architectures
Modern real-time streaming architecturesModern real-time streaming architectures
Modern real-time streaming architectures
 
Big Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using SplunkBig Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using Splunk
 
Elastic Meetup 24-05-2023 - Network Observability at T-Mobile .pdf
Elastic Meetup 24-05-2023 - Network Observability at T-Mobile .pdfElastic Meetup 24-05-2023 - Network Observability at T-Mobile .pdf
Elastic Meetup 24-05-2023 - Network Observability at T-Mobile .pdf
 
Get Mainframe Visibility to Enhance SIEM Efforts in Splunk
Get Mainframe Visibility to Enhance SIEM Efforts in SplunkGet Mainframe Visibility to Enhance SIEM Efforts in Splunk
Get Mainframe Visibility to Enhance SIEM Efforts in Splunk
 

Recently uploaded

Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
panagenda
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
DianaGray10
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 

Recently uploaded (20)

Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 

IBIMA 2015 Conference Preesntation

  • 1. An Open-Source Proactive Security Infrastructure for Business Process Management Dr. Ángel Jesús Varela Vaca María Teresa Gómez-López, David Jiménez Vargas, Rafael Martínez Gasca, Antonio J. Suárez, Pedro J. Abad IDEA Research Group, ETS. Ingeniería Informática - Department of Computer Languages and Systems University of Seville
  • 2. Outline • Background • Security Challenges • Infrastructure / Case study • Conclusions and future works
  • 4. Background 4 Internet BPMS T1 T2 T3 ... ... Customers Execute/ Enact Data Bases ‘Malcious’ Customer T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... SECURITY • Regulation & Law compliance • Tech. lack of security awareness • Small budgets
  • 5. Security challenges 5 Internet BPMS T1 T2 T3 ... ... Customers Execute/ Enact Data Bases ‘Malcious’ Customer T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... Wolter et al. (2011) Menzel et al. (2012) • Mechanisms to represent security requirements at process level Leitner et al. (2015) • Extension to represent security in processes aware systems
  • 6. Security challenges 6 Internet BPMS T1 T2 T3 ... ... Customers Execute/ Enact Data Bases ‘Malcious’ Customer T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... Weske et al. (2007) • Monitoring: state of the process and log data. • Business Activity Monitoring: analyze logs trails to identify problems. Gonzalez et al. (2011) • Active monitoring: state process execution information at real-time • Passive monitoring: upon request information
  • 7. Research statements: • How to monitor security requirements? • How monitoring/analyze security requirements externally? • How check compliance of security requirements externally? • How to be security proactive? Security challenges 7 Internet BPMS T1 T2 T3 ... ... Customers Execute/ Enact Data Bases ‘Malcious’ Customer T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ... T1 T2 T3 ... ...
  • 8. Infrastructure – Case Study 8 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2
  • 9. Infrastructure – Case Study 9 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2
  • 10. Infrastructure – Case Study 10 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2
  • 11. Infrastructure – Case Study 11 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2 Groovy Connectors
  • 12. Infrastructure – Case Study 12 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2
  • 13. Infrastructure – Case Study 13 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2 Logs Agent Log Colector OSSIM (AlienVault) Continuous Monitoring 3
  • 14. Logs Agent Log Colector Infrastructure – Case Study 14 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2 OSSIM (AlienVault) Continuous Monitoring 3
  • 15. Infrastructure 15 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2 Logs Agent Log Colector OSSIM (AlienVault) Continuous Monitoring 3 DecoderMatching Active Response A1 A2 A3 Rol1 if (T1.Rol = Rol1){  Allow } else {  Deny } Log Send Alert Security Admin. DecomposeAnalyseReact 123 Control 3.13.23.3
  • 16. Infrastructure 16 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2 Logs Agent Log Colector OSSIM (AlienVault) Continuous Monitoring 3 DecoderMatching Active Response A1 A2 A3 Rol1 if (T1.Rol = Rol1){  Allow } else {  Deny } Log Send Alert Security Admin. DecomposeAnalyseReact 123 Control 3.13.23.3
  • 17. Infrastructure 17 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2 Logs Agent Log Colector OSSIM (AlienVault) Continuous Monitoring 3 DecoderMatching Active Response A1 A2 A3 Rol1 if (T1.Rol = Rol1){  Allow } else {  Deny } Log Send Alert Security Admin. DecomposeAnalyseReact 123 Control 3.13.23.3
  • 18. Infrastructure 18 Network Bonita BPM (Apache + Tomcat) T1 T2 T3 ... ... Events log Customers Execute/ Enact API REST Generate 1 2 Logs Agent Log Colector OSSIM (AlienVault) Continuous Monitoring 3 DecoderMatching Active Response A1 A2 A3 Rol1 if (T1.Rol = Rol1){  Allow } else {  Deny } Log Send Alert Security Admin. DecomposeAnalyseReact 123 Control 3.13.23.3 Send signals Security Alerts (if any) 4 5
  • 19. Conclusions 19 • How to monitor security requirements? • Using connectors to log information and agent to collect them. • How monitoring/analyze security requirements externally? • AlientVault (SIEM) system. • How check compliance of security requirements externally? • Engine based on rules and correlation rules. • How to be security proactive? • Creation of alarms and sending signals through APIs to the process execution.
  • 20. Thank for your attention, questions? Dr. Ángel J. Varela Vaca E-mail: ajvarela@us.es

Editor's Notes

  1. Thank you very much, first of all I'd like to be grateful for this opportunity to present my research for all of you. Although this presentation is titled Automatic Selection of Optimal Configurations and Security Compliance Checking, at the beginning Im going to introduce myself. After that Im going to describe in details my proposal for the selection of configurations. Finally, Im going to show the ongoing works that currently Im working on.
  2. 2
  3. Muchas gracias ….