IEEE-CSR-DS4CS-Reviewing BPMN as a Modeling Notation for CACAO Security Playbooks.pdf

•

0 likes•69 views

As cyber systems become increasingly complex and cybersecurity threats become more prominent, defenders must prepare, coordinate, automate, document, and share their response methodologies to the extent possible. The CACAO standard was developed to satisfy the above requirements providing a common machine-readable framework and schema to document cybersecurity operations processes, including defensive tradecraft and tactics, techniques, and procedures. Although this approach is compelling, a remaining limitation is that CACAO provides no native modeling notation for graphically representing playbooks, which is crucial for simplifying their creation, modification, and understanding. In contrast, the industry is familiar with BPMN, a standards-based modeling notation for business processes that has also found its place in representing cybersecurity processes. This research examines BPMN and CACAO and explores the feasibility of using the BPMN modeling notation to graphically represent CACAO security playbooks. The results indicate that mapping CACAO and BPMN is attainable at an abstract level; however, conversion from one encoding to another introduces a degree of complexity due to the multiple ways CACAO constructs can be represented in BPMN and the extensions required in BPMN to fully support CACAO.

Presentations & Public Speaking

Reviewing BPMN as a Modeling
Notation for CACAO Security
Playbooks
Authors: Mateusz Zych, Vasileios Mavroeidis, Konstantinos Fysarakis, Manos Athanatos
Cyentiﬁc AS
Projects supported this research:

Ph.D. Research Fellow Mateusz Zych
Cyentiﬁc AS
Present Status of Cybersecurity
● Increasing and more sophisticated cyber attacks
● Asynchronous time advantage between adversaries and defenders
● Defenders must prepare, coordinate, automate, document and share their response
methodologies
● EU: NIS Legislation (Network and Information Security)
● Collaborative Automated Course of Action Operations (CACAO)
2 of 13

Ph.D. Research Fellow Mateusz Zych
Cyentiﬁc AS
Collaborative Automated Course
of Action Operations (CACAO)
● Schema and taxonomy for cybersecurity playbooks
● Machine-readable
● Vendor-agnostic
● Maintained by the OASIS CACAO TC
● Early adoption
3 of 13

Ph.D. Research Fellow Mateusz Zych
Cyentiﬁc AS
Problem Statement/The Need
● CACAO:
○ New OASIS standard (upcoming)
○ Early adoption
○ No tools
○ No modeling notation
○ Challenging to work with
4 of 13

Ph.D. Research Fellow Mateusz Zych
Cyentiﬁc AS
Our Aim
● Examine the use of BPMN modeling notation as a candidate to graphically represent CACAO
playbooks
● Provide a high-level construct mapping between CACAO and BPMN.
5 of 13

Ph.D. Research Fellow Mateusz Zych
Cyentiﬁc AS
Business Process Model Notation (BPMN)
● Maintained by Object Management Group (OMG)
● Published in 2011, ISO/IEC 19510 since 2013
● Mature
● Support different levels of abstraction
● Rich set of graphical elements
● Wide range of tools and platforms.
● Also used for cybersecurity purposes
6 of 13

Ph.D. Research Fellow Mateusz Zych
Cyentiﬁc AS 7 of 13
CACAO-BPMN Mapping

Ph.D. Research Fellow Mateusz Zych
Cyentiﬁc AS
Use case
8 of 13
Template playbook
in any format
CACAO JSON BPMN Visualization
Create Translate

Ph.D. Research Fellow Mateusz Zych
Cyentiﬁc AS
Use Case: Vulnerability Response Process (CISA)
9 of 13
CISA template playbook
CACAO JSON
BPMN (+ BPMN XML)
https://github.com/cyentiﬁc-rni/bpmn-cacao

Ph.D. Research Fellow Mateusz Zych
Cyentiﬁc AS
Limitations
● Troublesome 1-1 mapping, however attainable
● Some CACAO construct can be modeled in several ways in BPMN
● BPMN Sub-Processes solves few problems but introduces complexity
● User need to be restricted to utilize 1-1 translator
10 of 13

Ph.D. Research Fellow Mateusz Zych
Cyentiﬁc AS
Further Work
● One-to-one mapping (in progress)
● BPMN extensions to support all metadata (ﬁnishing)
● Translator: CACAO->BPMN and BPMN->CACAO
○ Lossless conversion
11 of 13

Ph.D. Research Fellow Mateusz Zych
Cyentiﬁc AS
Conclusion
● Presented and analyzed the mapping
● Validated the feasibility of using BPMN to graphically represent CACAO
● Great value for defenders
○ Decreased time needed for working and understanding CACAO playbooks.
12 of 13

Ph.D. Research Fellow Mateusz Zych
Cyentiﬁc AS
Thank you for your attention
Questions?
13 of 13
Get in touch!
Linkedin

This talk by Stefan Streichsbier, Co-Founder of GuardRails.io, provides a brief history of how development, operations and security testing have become highly complex. It continues to outline the key problems with traditional security solutions and why in 2020 companies around the world are still figuring out a good way to manage security as part of rapid development cycles. Specifically, the big challenge of introducing and fixing new security issues versus tackling the existing security dept of existing applications. To quote Bishop Desmond Tutu, “There comes a point where we need to stop just pulling people out of the river. We need to go upstream and find out why they’re falling in.” After setting the stage, the remainder of the talk will focus on the paradigm shift that security solutions have to incorporate in order to solve the problem of sustainably secure applications on all layers. This will explore how the elements of Speed, Just in time training, and Data science have to be leveraged to empower development teams around the globe to get ahead for once and finally become able to move fast and be safe at the same time. The 3 core takeaways for the audience are: 1.) Where security practices have gone wrong so far. 2.) What new technologies will cause a paradigm shift in how security is applied at scale. 3.) How security will look like in 5-10 years.

About an Immune System Understanding for Cloud-native Applications - Biology ...

Nane Kratzke

Presentation for 9th International Conference on Cloud Computing, GRIDS, and Virtualization (CLOUD COMPUTING 2018) in Barcelona, Spain, 2018. There is no such thing as an impenetrable system, although the penetration of systems does get harder from year to year. The median days that intruders remained undetected on victim systems dropped from 416 days in 2010 down to 99 in 2016. Perhaps because of that, a new trend in security breaches is to compromise the forensic trail to allow the intruder to remain undetected for longer in victim systems and to retain valuable footholds for as long as possible. This paper proposes an immune system inspired solution which uses a more frequent regeneration of cloud application nodes to ensure that undetected compromised nodes can be purged. This makes it much harder for intruders to maintain a presence on victim systems. Basically the biological concept of cell-regeneration is combined with the information systems concept of append-only logs. Evaluation experiments performed on popular cloud service infrastructures (Amazon Web Services, Google Compute Engine, Azure and OpenStack) have shown that between 6 and 40 nodes of elastic container platforms can be regenerated per hour. Even a large cluster of 400 nodes could be regenerated in somewhere between 9 and 66 hours. So, regeneration shows the potential to reduce the foothold of undetected intruders from months to just hours.

An Application-Oriented Approach for Computer Security Education

Xiao Qin

In the past few years, numerous universities have incorporated computer security courses into their undergraduate curricula. Recent studies show that students can effectively gain their knowledge and experience in building secure computer systems by conducting course projects. However, existing computer security laboratory exercises are comprised of small-scale, fragmented, and isolated course projects, making it inadequate to prepare undergraduate students to implement real-world secure computing systems. Conventional wisdom in designing computer security course projects pays little attention to train students to assemble small building blocks into a large-scale secure computing and information system. To overcome students’ lack of experience in implementing large-scale secure software, we propose a novel application-oriented approach to teaching computer security courses by constructing course projects for computer security education. In this pilot project we will develop an extensible application framework for computer security course projects. The framework will provide valuable learning materials that can enable undergraduate students to gain unique experience of building large-scale trustworthy computer systems. Course projects are implemented as plugin modules of an application-based framework. After integrating all the security modules together in the framework, undergraduate students can experiment with various ways of implementing sophisticated secure computer and information systems.

Trends and Hot Topics in Networking 2023 - IA377 Seminar FEEC-UNICAMP

Christian Esteve Rothenberg

Abstract: Following the state of the art is paramount for sound and impact scientific practices informed strategic R&D decisions. This seminar seeks two main contributions: (i) providing a 10,000 foot view of 10 selected hot topics in networking, and (ii) Overview of recent practices in scientific events (e.g. Digitalization, Submission deadlines revisited, Open Science, Artifact Review Badging). The 10 selected hot topics are as follows: Intent-Based Networking (IBN) Zero-Touch Management (ZTM) Digital Twins (Networking for Digital Twins & Network Digital Twins) Metaverse Blockchain Networking AI/ML (Network protocols meet AI/ML, Machine Learning for Networking) High precision networking Quantum Communications & Computing 6G (Beyond 5G) OpenRAN

Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Thin...

Amélie Gyrard

Keynote “Trends on Data Graphs & Security for the Internet of Things” (Extended Version) #WF-IoT World Forum Internet of Things Workshop on #Security and #Privacy for #InternetofThings and Cyber-Physical Systems #CPS #Security #Toolbox #Attacks and #Countermeasures #STAC #Security #KnowledgeGraphs #Ontologies Speaker: Dr. Ghislain Atemezing(Research & Development Director, MONDECA, Paris, France) @gatemezing Credits: Dr. Amelie Gyrard (Kno.e.sis, Wright State University, Ohio, USA)

presentation_ECMLPKDD16_Concept_v1Luís Moreira-Matias

Approximating Attack Surfaces with Stack Traces [ICSE 15]

Chris Theisen

Security testing and reviewing efforts are a necessity for software projects, but are time-consuming and expensive to apply. Identifying vulnerable code supports decision-making during all phases of software development. An approach for identifying vulnerable code is to identify its attack surface, the sum of all paths for untrusted data into and out of a system. Identifying the code that lies on the attack surface requires expertise and significant manual effort. This paper proposes an automated technique to empirically approximate attack surfaces through the analysis of stack traces. We hypothesize that stack traces from user-initiated crashes have several desirable attributes for measuring attack surfaces. The goal of this research is to aid software engineers in prioritizing security efforts by approximating the attack surface of a system via stack trace analysis. In a trial on Windows 8, the attack surface approximation selected 48.4% of the binaries and contained 94.6% of known vulnerabilities. Compared with vulnerability prediction models (VPMs) run on the entire codebase, VPMs run on the attack surface approximation improved recall from .07 to .1 for binaries and from .02 to .05 for source files. Precision remained at .5 for binaries, while improving from .5 to .69 for source files.

Trustworthy Computational Science: Lessons Learned and Next Steps

Von Welch

The OSS movement has brought free, high quality, reusable software to the masses, but much of this code and the way it’s stored and consumed is insecure. Nowhere is this better exemplified than in npm, the world’s largest repository of open-source software. In this talk, learn about the specific challenges faced by the JavaScript community, and the things we’re doing to try and save us from ourselves. The problem with security is that it’s almost always an afterthought. This is a cultural problem to the extent that developers have been trained to prioritize functionality over all else. However, this is also a tooling problem, because developers shouldn’t spend the majority of their time combing over dependencies in an attempt to find potential security holes. In traditional companies, there’s a separate security team to offload this effort from developers, but this turns out to be an extremely ineffective way to solve the problem. The right solution is to change how developers think about security, while giving them the insight and automation they need to make good decisions as early in the development cycle as possible. We’ll discuss the ways in which most security tools are outright hostile toward developers, and how we got there from a cultural perspective. We’ll talk about the needs of operations and security teams, and how those needs must be met in order to successfully apply the principles of DevOps to the security realm. Finally, we’ll take a look at the new and emerging tools that are bringing this brave future to us today.

Technical debt in ML | Jaroslaw Szymczak | DN18

DataconomyGmbH

DN18 | Technical Debt in Machine Learning | Jaroslaw Szymczak | OLX

Dataconomy Media

Abstract: In this talk, the audience will have an opportunity to familiarise with the concept of technical debt in Machine Learning. In order to properly diagnose the problems and enquiries from stakeholders, creators and maintainers of ML systems need to be aware not only of their part of the system but all the interactions it has, from the incoming data. Unlike in software development, it is not possible to create strict abstraction layers as Machine Learning systems are heavily dependent on the data that they are created on. Certain problems arise when after the first deployment of the new ML system is starts to alter the data that is then labelled and used to refresh it. There are also some benefits of using rules for events that are important but very rare to be reflected in ML model (imagine the system that tries to prevent some things that could happen but so far never happened). Such rule-based system can also be used for feature extraction. All things considered, it leads to interactions between rules and model that are forming a decision cascade in some form of a complicated graph, where at first rules are used to create features and then to override ML system decision in specific cases. All of the cases will be illustrated with real-life examples from the author's professional experience and advice on how they could be addressed. About the Author: Jaroslaw Szymczak is a Machine Learning Scientist in OLX Tech Hub Berlin. Jaroslaw has a Computer Science M.Sc. with specialization in decision support and machine learning, and a background in analytics and predictive models creation for finance institutions, FMCG and Telecom companies. He currently specialises in applying Machine Learning to solve trust and safety, as well as content quality issues on OLX classifieds sites across the globe.

202212APSEC.pptx.pdf

Hiroshi Maruyama

Samsung SDS OpeniT - The possibility of Python

Insuk (Chris) Cho

Agile Secure Development

Bosnia Agile

How to make the agile team work with security requirements? To get secure coding practices into agile development is often hard work. A security functional requirement might be included in the sprint, but to get secure testing, secure architecture and feedback of security incidents working is not an easy talk for many agile teams. In my role as Scrum Master and security consultant I have developed a recipe of 7 steps that I will present to you. Where we will talk about agile secure development, agile threat modelling, agile security testing and agile workflows with security. Many of the steps can be made without costly tools, and I will present open source alternatives for all steps. This to make a test easier and to get a lower startup of your teams security process.

Mitre ATT&CK by Mattias Almeflo Nixu

Nixu Corporation

OpenStack Control Plane Architectures - Design Solutions

Shane Gibson

Building an OpenStack private cloud can be very complex. Underpinning the entire operational capabilities of your cloud is the Control Plane. It's common knowledge you should treat your cloud resources "like cattle" and not "pets", yet most clouds treat the control plane like a favored pet. How should the modern cloud architect choose to design the control plane aspect of your private cloud? Attendees of this presentaion should walk away with a grasp of various architectures for managing the design and build out of your Control Plane, and know where each architecture would best fit depending on your needs and cloud scale. We will discuss designs for building and managing your Control Plane: * standalone single server * active/passive * multi-node active/active * distributed Each has their own trade off and relevance depending on your goals. This presentation will help guide you in considering the models available and help you to make a decision for your cloud platform.

Se research update

Nacha Chondamrongkul

cv-2016-23

Sergei Vorobyov

praveen projectdocx mini.2 (1).

akashganathay

Anurag Awasthi - Machine Learning applications for CloudStack

ShapeBlue

While Machine learning and data mining has had profound impact on how we model applications and use data for better product consumption, there is scope for extending prediction algorithms to lower levels as well. Some useful applications of machine learning in ACS could be exploring better resource allocation that is aware of usage statistics, predicting faults, load balancing, etc. In this talk we will * take a broad overview of what Machine Learning/Data mining is and how it is being used in today's tech ecosystemn* explore ways in which we can make ACS more efficientn* discuss some recent advancements in how ML can benefit datacenters from research community

System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...

NECST Lab @ Politecnico di Milano

Acorn Recovery: Restore IT infra within minutes

IP ServerOne

Getting started with Amazon Bedrock Studio and Control Tower

Vladimir Samoylov

Similar to IEEE-CSR-DS4CS-Reviewing BPMN as a Modeling Notation for CACAO Security Playbooks.pdf

ResumeArvind Raghuwanshi

Microcontroladores: programación de microcontroladores PIC de 8 bits en C

SANTIAGO PABLO ALBERTO

PyConPL 2017 - with python: security

Piotr Dyba

Technical debt in machine learning - Data Natives Berlin 2018

Jaroslaw Szymczak

Software engineering project(srs)!!

sourav verma

Kallio Chipster Bosc2009bosc

Agile project management in IT - Sebastian Sussmann

DevDay.org

How npm is making JavaScript safe for everyone

Daniel Sauble

Technical debt in ML | Jaroslaw Szymczak | DN18

DataconomyGmbH

DN18 | Technical Debt in Machine Learning | Jaroslaw Szymczak | OLX

Dataconomy Media

202212APSEC.pptx.pdf

Hiroshi Maruyama

Samsung SDS OpeniT - The possibility of Python

Insuk (Chris) Cho

Agile Secure Development

Bosnia Agile

Mitre ATT&CK by Mattias Almeflo Nixu

Nixu Corporation

OpenStack Control Plane Architectures - Design Solutions

Shane Gibson

Se research update

Nacha Chondamrongkul

cv-2016-23

Sergei Vorobyov

praveen projectdocx mini.2 (1).

akashganathay

Anurag Awasthi - Machine Learning applications for CloudStack

ShapeBlue

System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...

NECST Lab @ Politecnico di Milano

Similar to IEEE-CSR-DS4CS-Reviewing BPMN as a Modeling Notation for CACAO Security Playbooks.pdf (20)

Resume

Microcontroladores: programación de microcontroladores PIC de 8 bits en C

PyConPL 2017 - with python: security

Technical debt in machine learning - Data Natives Berlin 2018

Software engineering project(srs)!!

Kallio Chipster Bosc2009

Agile project management in IT - Sebastian Sussmann

How npm is making JavaScript safe for everyone

Technical debt in ML | Jaroslaw Szymczak | DN18

DN18 | Technical Debt in Machine Learning | Jaroslaw Szymczak | OLX

202212APSEC.pptx.pdf

Samsung SDS OpeniT - The possibility of Python

Agile Secure Development

Mitre ATT&CK by Mattias Almeflo Nixu

OpenStack Control Plane Architectures - Design Solutions

Se research update

cv-2016-23

praveen projectdocx mini.2 (1).

Anurag Awasthi - Machine Learning applications for CloudStack

System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...

Recently uploaded

Acorn Recovery: Restore IT infra within minutes

IP ServerOne

Getting started with Amazon Bedrock Studio and Control Tower

Vladimir Samoylov

Presentatie 8. Joost van der Linde & Daniel Anderton - Eliq 28 mei 2024

Dutch Power

Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...

OECD Directorate for Financial and Enterprise Affairs

Obesity causes and management and associated medical conditions

Faculty of Medicine And Health Sciences

AWANG ANIQKMALBIN AWANG TAJUDIN B22080004 ASSIGNMENT 2 MPU3193 PHILOSOPHY AND...

AwangAniqkmals

Doctoral Symposium at the 17th IEEE International Conference on Software Test...

Sebastiano Panichella

Presentatie 4. Jochen Cremer - TU Delft 28 mei 2024

Dutch Power

Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf

khadija278284

Announcement of 18th IEEE International Conference on Software Testing, Verif...

Sebastiano Panichella

Gregory Harris' Civics Presentation.pptx

gharris9

somanykidsbutsofewfathers-140705000023-phpapp02.pptx

Howard Spence

María Carolina Martínez - eCommerce Day Colombia 2024

eCommerce Institute

Bitcoin Lightning wallet and tic-tac-toe game XOXO

Matjaž Lipuš

Media as a Mind Controlling Strategy In Old and Modern Era

faizulhassanfaiz1670

This presentation, created by Syed Faiz ul Hassan, explores the profound influence of media on public perception and behavior. It delves into the evolution of media from oral traditions to modern digital and social media platforms. Key topics include the role of media in information propagation, socialization, crisis awareness, globalization, and education. The presentation also examines media influence through agenda setting, propaganda, and manipulative techniques used by advertisers and marketers. Furthermore, it highlights the impact of surveillance enabled by media technologies on personal behavior and preferences. Through this comprehensive overview, the presentation aims to shed light on how media shapes collective consciousness and public opinion.

0x01 - Newton's Third Law: Static vs. Dynamic Abusers

OWASP Beja

f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures. About the Speaker =============== Diogo Sousa, Engineering Manager @ Canonical An opinionated individual with an interest in cryptography and its intersection with secure software development.

International Workshop on Artificial Intelligence in Software Testing

Sebastiano Panichella

Burning Issue Presentation By Kenmaryon.pdf

kkirkland2

Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf

Access Innovations, Inc.

Tom tresser burning issue.pptx My Burning issue

amekonnen

Recently uploaded (20)

Acorn Recovery: Restore IT infra within minutes

Getting started with Amazon Bedrock Studio and Control Tower

Presentatie 8. Joost van der Linde & Daniel Anderton - Eliq 28 mei 2024

Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...

Obesity causes and management and associated medical conditions

AWANG ANIQKMALBIN AWANG TAJUDIN B22080004 ASSIGNMENT 2 MPU3193 PHILOSOPHY AND...

Doctoral Symposium at the 17th IEEE International Conference on Software Test...

Presentatie 4. Jochen Cremer - TU Delft 28 mei 2024

Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf

Announcement of 18th IEEE International Conference on Software Testing, Verif...

Gregory Harris' Civics Presentation.pptx

somanykidsbutsofewfathers-140705000023-phpapp02.pptx

María Carolina Martínez - eCommerce Day Colombia 2024

Bitcoin Lightning wallet and tic-tac-toe game XOXO

Media as a Mind Controlling Strategy In Old and Modern Era

0x01 - Newton's Third Law: Static vs. Dynamic Abusers

International Workshop on Artificial Intelligence in Software Testing

Burning Issue Presentation By Kenmaryon.pdf

Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf

Tom tresser burning issue.pptx My Burning issue

IEEE-CSR-DS4CS-Reviewing BPMN as a Modeling Notation for CACAO Security Playbooks.pdf

1. Reviewing BPMN as a Modeling Notation for CACAO Security Playbooks Authors: Mateusz Zych, Vasileios Mavroeidis, Konstantinos Fysarakis, Manos Athanatos Cyentiﬁc AS Projects supported this research:

2. Ph.D. Research Fellow Mateusz Zych Cyentiﬁc AS Present Status of Cybersecurity ● Increasing and more sophisticated cyber attacks ● Asynchronous time advantage between adversaries and defenders ● Defenders must prepare, coordinate, automate, document and share their response methodologies ● EU: NIS Legislation (Network and Information Security) ● Collaborative Automated Course of Action Operations (CACAO) 2 of 13

3. Ph.D. Research Fellow Mateusz Zych Cyentiﬁc AS Collaborative Automated Course of Action Operations (CACAO) ● Schema and taxonomy for cybersecurity playbooks ● Machine-readable ● Vendor-agnostic ● Maintained by the OASIS CACAO TC ● Early adoption 3 of 13

4. Ph.D. Research Fellow Mateusz Zych Cyentiﬁc AS Problem Statement/The Need ● CACAO: ○ New OASIS standard (upcoming) ○ Early adoption ○ No tools ○ No modeling notation ○ Challenging to work with 4 of 13

5. Ph.D. Research Fellow Mateusz Zych Cyentiﬁc AS Our Aim ● Examine the use of BPMN modeling notation as a candidate to graphically represent CACAO playbooks ● Provide a high-level construct mapping between CACAO and BPMN. 5 of 13

6. Ph.D. Research Fellow Mateusz Zych Cyentiﬁc AS Business Process Model Notation (BPMN) ● Maintained by Object Management Group (OMG) ● Published in 2011, ISO/IEC 19510 since 2013 ● Mature ● Support different levels of abstraction ● Rich set of graphical elements ● Wide range of tools and platforms. ● Also used for cybersecurity purposes 6 of 13

7. Ph.D. Research Fellow Mateusz Zych Cyentiﬁc AS 7 of 13 CACAO-BPMN Mapping

8. Ph.D. Research Fellow Mateusz Zych Cyentiﬁc AS Use case 8 of 13 Template playbook in any format CACAO JSON BPMN Visualization Create Translate

9. Ph.D. Research Fellow Mateusz Zych Cyentiﬁc AS Use Case: Vulnerability Response Process (CISA) 9 of 13 CISA template playbook CACAO JSON BPMN (+ BPMN XML) https://github.com/cyentiﬁc-rni/bpmn-cacao

10. Ph.D. Research Fellow Mateusz Zych Cyentiﬁc AS Limitations ● Troublesome 1-1 mapping, however attainable ● Some CACAO construct can be modeled in several ways in BPMN ● BPMN Sub-Processes solves few problems but introduces complexity ● User need to be restricted to utilize 1-1 translator 10 of 13

11. Ph.D. Research Fellow Mateusz Zych Cyentiﬁc AS Further Work ● One-to-one mapping (in progress) ● BPMN extensions to support all metadata (ﬁnishing) ● Translator: CACAO->BPMN and BPMN->CACAO ○ Lossless conversion 11 of 13

12. Ph.D. Research Fellow Mateusz Zych Cyentiﬁc AS Conclusion ● Presented and analyzed the mapping ● Validated the feasibility of using BPMN to graphically represent CACAO ● Great value for defenders ○ Decreased time needed for working and understanding CACAO playbooks. 12 of 13

13. Ph.D. Research Fellow Mateusz Zych Cyentiﬁc AS Thank you for your attention Questions? 13 of 13 Get in touch! Linkedin

IEEE-CSR-DS4CS-Reviewing BPMN as a Modeling Notation for CACAO Security Playbooks.pdf

Recommended

Recommended

More Related Content

Similar to IEEE-CSR-DS4CS-Reviewing BPMN as a Modeling Notation for CACAO Security Playbooks.pdf

Similar to IEEE-CSR-DS4CS-Reviewing BPMN as a Modeling Notation for CACAO Security Playbooks.pdf (20)

Recently uploaded

Recently uploaded (20)

IEEE-CSR-DS4CS-Reviewing BPMN as a Modeling Notation for CACAO Security Playbooks.pdf