“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
IBIMA 2015 Conference Preesntation
1. An Open-Source Proactive Security
Infrastructure for Business Process
Management
Dr. Ángel Jesús Varela Vaca
María Teresa Gómez-López, David Jiménez Vargas, Rafael Martínez Gasca,
Antonio J. Suárez, Pedro J. Abad
IDEA Research Group,
ETS. Ingeniería Informática -
Department of Computer Languages and Systems
University of Seville
5. Security challenges
5
Internet
BPMS
T1
T2
T3
...
...
Customers
Execute/ Enact
Data Bases
‘Malcious’ Customer
T1
T2
T3
...
...
T1
T2
T3
...
...
T1
T2
T3
...
...
T1
T2
T3
...
...
T1
T2
T3
...
...
T1
T2
T3
...
...
T1
T2
T3
...
...
Wolter et al. (2011) Menzel et al. (2012)
• Mechanisms to represent security requirements at process level
Leitner et al. (2015)
• Extension to represent security in processes aware systems
6. Security challenges
6
Internet
BPMS
T1
T2
T3
...
...
Customers
Execute/ Enact
Data Bases
‘Malcious’ Customer
T1
T2
T3
...
...
T1
T2
T3
...
...
T1
T2
T3
...
...
T1
T2
T3
...
...
T1
T2
T3
...
...
T1
T2
T3
...
...
T1
T2
T3
...
...
Weske et al. (2007)
• Monitoring: state of the process and log data.
• Business Activity Monitoring: analyze logs trails to identify problems.
Gonzalez et al. (2011)
• Active monitoring: state process execution information at real-time
• Passive monitoring: upon request information
7. Research statements:
• How to monitor security requirements?
• How monitoring/analyze security requirements externally?
• How check compliance of security requirements externally?
• How to be security proactive?
Security challenges
7
Internet
BPMS
T1
T2
T3
...
...
Customers
Execute/ Enact
Data Bases
‘Malcious’ Customer
T1
T2
T3
...
...
T1
T2
T3
...
...
T1
T2
T3
...
...
T1
T2
T3
...
...
T1
T2
T3
...
...
T1
T2
T3
...
...
T1
T2
T3
...
...
8. Infrastructure – Case Study
8
Network
Bonita BPM
(Apache + Tomcat)
T1
T2
T3
...
...
Events log
Customers
Execute/ Enact
API REST
Generate
1
2
9. Infrastructure – Case Study
9
Network
Bonita BPM
(Apache + Tomcat)
T1
T2
T3
...
...
Events log
Customers
Execute/ Enact
API REST
Generate
1
2
10. Infrastructure – Case Study
10
Network
Bonita BPM
(Apache + Tomcat)
T1
T2
T3
...
...
Events log
Customers
Execute/ Enact
API REST
Generate
1
2
11. Infrastructure – Case Study
11
Network
Bonita BPM
(Apache + Tomcat)
T1
T2
T3
...
...
Events log
Customers
Execute/ Enact
API REST
Generate
1
2
Groovy Connectors
12. Infrastructure – Case Study
12
Network
Bonita BPM
(Apache + Tomcat)
T1
T2
T3
...
...
Events log
Customers
Execute/ Enact
API REST
Generate
1
2
13. Infrastructure – Case Study
13
Network
Bonita BPM
(Apache + Tomcat)
T1
T2
T3
...
...
Events log
Customers
Execute/ Enact
API REST
Generate
1
2
Logs
Agent
Log Colector
OSSIM
(AlienVault)
Continuous
Monitoring
3
14. Logs
Agent
Log Colector
Infrastructure – Case Study
14
Network
Bonita BPM
(Apache + Tomcat)
T1
T2
T3
...
...
Events log
Customers
Execute/ Enact
API REST
Generate
1
2
OSSIM
(AlienVault)
Continuous
Monitoring
3
19. Conclusions
19
• How to monitor security requirements?
• Using connectors to log information and
agent to collect them.
• How monitoring/analyze security requirements
externally?
• AlientVault (SIEM) system.
• How check compliance of security requirements
externally?
• Engine based on rules and correlation rules.
• How to be security proactive?
• Creation of alarms and sending signals
through APIs to the process execution.
20. Thank for your attention, questions?
Dr. Ángel J. Varela Vaca
E-mail: ajvarela@us.es
Editor's Notes
Thank you very much, first of all I'd like to be grateful for this opportunity to present my research for all of you. Although this presentation is titled Automatic Selection of Optimal Configurations and Security Compliance Checking, at the beginning Im going to introduce myself. After that Im going to describe in details my proposal for the selection of configurations. Finally, Im going to show the ongoing works that currently Im working on.