This document discusses an approach called OPBUS that aims to automate risk treatment in business processes. OPBUS extends business process models to include risk assessment. It uses a domain specific language to assess risks in business processes by analyzing activities, data flows, and threats. OPBUS then uses constraint programming techniques and security pattern models to generate optimized configurations of security controls to address identified risks in an automated manner. The approach was prototyped as an Eclipse plugin to demonstrate specification of security patterns and risk-based selection of security controls for business processes.

1. A Security Pattern-Driven Approach Toward the
Automation of Risk Treatment in Business
Processes
MSc. Ángel Jesús Varela Vaca
Higher Technical School of Computer Engineering -
Department of Computer Languages and Systems - Quivir Research Group
University of Seville
contact: ajvarela@us.es

2. Outline
 Context
 OPBUS: Automatic Risk Assessment in BPs
 Security Patterns, theory and models
 Case of study
 OPBUS: A prototype
 Ongoing work

3. Context Sequence
(Work flow)
Participants
External
Activites (Task) Services
Messages
(Data flow)
What about risks?
Q
Events Artifacts (Data
(Work Flow) Store/Annotation) What about security?
What about implementation?
Main Challenges:
• Business goals (time, cost, resources)  Business Process Models
• Could we ensure that BP models are conformed to specific risk
level??  Risk assessment
* M. Menzel, I. Thomas, and C. Meinel, “Security requirements specification in service-oriented business process
management,” International Conference on Availability, Reliability and Security vol. 0, pp. 41–48, 2009.
* C. Wolter, M. Menzel, A. Schaad, P. Miseldine, and C. Meinel, “Model-driven business process security requirement
specification,” Journal of Systems Architecture – Embedded Systems Design, vol. 55, no. 4, pp. 211–223, 2009.

4. Context
BPi
Activity Channel of
Customers/ Start communication
BPMS
Users
Main challenges:
1. How to “describe” the countermeasures in Security Countermeasure:
Secure pipe
business processes? Fault Tolerance
Access control
2. Countermeasures are very heterogeneous.
3. Countermeasures are described in natural
language and informal way.
Application Web DataBase Legacy
4. The selection of countermeasures is carried Web Server
Server Service System
out in manual way without criteria.
Business/Logical
Confidentiality Integrity Availability
Security Goals
Domain
Regulations/
Standards Security Patterns
Secure Protocol
Models !!!
Technnical /
Standards
Network Layer Application Layer Transport Layer
Application/ Infrastructure
Domain
IPSec
S-HTTP HTTPS (SSL/TLS)
Configuration/
Code
require
OpenSSL Apache (mod_ssl) JSSE GnuTLS

5. OPBUS – Automatic Risk Assessment in BPS
Main challenges:
1. What is a security risk?! Security risks are related to threats and
vulnerabilities
• Technical risks (SQL Injections, XSS, DoS, Protocols, …)
• No-design failures/changes of business processes (live locks, dead
locks, …)
2. How to assess BP models ?! Activities  Data  WebForms
3. How to figure out where/why fail to conform risk levels?!
4. How to adapt solutions to the assessment carried out ?!

6. OPBUS – Automatic Risk Assessment in BPS
• Provide a light-extension for generic BP models
• Provide a DSL for risk assessment of BPs
• New artifact
• New properties
I: [3,5]
C: [5,5]
A: [1,6] Frequency: [1,6]
Threats: {R1,R3,R6} Consequence: [2,3]
Vulnerability: V1 Frequency: [3,6]
Consequence: [1,5]
Risk= Value * Frequency * Consequence A1
Vulnerability: V2
RiskBP = RiskA1 + RiskA2 G1 G2 Threat Scenario
BPi
S1 E1
R3 R2
A2 R6
R1 R4 R5
I: [3,5] Threats
C: [5,5]
A: [1,6]
Threats: {R1,R3,R6} T1 T2
Treatments
Extension Meta-Model Business Meta-Model Business Process Meta-Model
Risk Reduction: [10,20]%
Acceptable Risk Reduction: [10,30]% Cost: 10.000
Integrity Risk Cost: 1000
Confidentiality Asset Value
1 Process Model Model Element Property
Availability Cost
Risk Meta-Model
1
Pre 1..*
Objective Message Flow
Frenquency
1
Post 1
Pool
1..*
Connector
Sequence
In general, risk assessment methods use:
- Asset: Low or 1  SINGLE VALUE
1 Flow
Consequence
1..* Vulnerability 1
1..*
1..*
Threat
1..* Threat
Countermeasure
1..*
1..*
Treatment
1..* Scenario 1..*
Activity
1..*
Events
1..*
Gateway
1..* 1..*
Artefact
1..*
OPBUS approach is more accurate:
- Asset: [1,5]  RANGE
1
Risk Scenario
Reduction

7. OPBUS – Automatic Risk Assessment in BPS
CSP Solver Info. COMET
Solver
COMET Model
BP+Risk Choco Diagnosis Diagnosis
Model Solver worklfows activities/artefacts
Choco Model
COMET
Solver
Risk Formula info. Automatic
Jsolver Model Risk Assessment
Potential
F1: {RS,NP,PP,FW} Non-
Variables: {IntegrityA1: [1,3], ConfidentialityA1: execution
Activity Risk value [1,3], AvailabilityA1:
F2: {RS,PN,FW} [1,3], IntegrityA2: [1,5], conformance
ConfidentialityA2: [1,5], AvailabilityA2:
[1,5], FrequencyR1: [2,4], ConsequenceR1:
flow
[4,5], FrequencyR2:
F3: {RS,SL,NC,BF,FW}
[1,3], RSConsequenceR236 : [4,5], C
FrequencyR3: {F1,F2, F3}
[3,4], ConsequenceR3:
[3,5], RiskReductionT1:360, Acceptable NC Bpi: 120, Risk{F2}
NP 10 risk A1: [1, 1000], RiskA2:
[1,1000], RiskF1: [1,1000], f1: Boolean}
SL 84 C { F3}
Constraints: {
NC 240 NC { F3}
F1: {NCE,DW,NS,BW,WE}
RiskA1 = (IntegrityA1+ConfidentialityA1+AvailabilityA1) { * ((ConsequenceR1 –
BF 360 NC F3}
F2: {NCE,DW,BW,WE}
ConsequenceR1*RiskReductionT1)* (FrequencyR1 – FrequencyR1*RiskReductionT1) +
PP 84 C {F1}
F3: {NCE,REI,WE} IntegrityA1+ConfidentialityA1+AvailabilityA1) * (ConsequenceR3 –
PN R3*RiskReductionT1)* (FrequencyR3 – FrequencyR3*RiskReductionT1) +
Consequence 240 NC {F2 }
F4: {NCE,RSH,WE} (ConsequenceR2
FW – 191ConsequenceR2*RiskReductionT1)*
NC {F1,F2,(FrequencyR2
F3} –
FrequencyR2*RiskReductionT1);
NCE 150 C {F3,F4}
RiskA2 =REI
(IntegrityA1+ConfidentialityA1+AvailabilityA1) * ((ConsequenceR1 –
132 C {F3}
F1: {RSW} ConsequenceR1*RiskReductionT1)* (FrequencyR1 – FrequencyR1*RiskReductionT1) +
RSW 132 C {F4}
(IntegrityA1+ConfidentialityA1+AvailabilityA1) * (ConsequenceR3 –
F2: {RH}
WE 165 NC {F3,F4}
ConsequenceR3*RiskReductionT1)* (FrequencyR3 – FrequencyR3*RiskReductionT1) ;
F3: {CE}
RSH 27
RiskF1 = (RiskA1 + RiskA2)/2;
C {F1}
RH 27 C {F2}
f1 = (Acceptable riskBPi ≤ RiskF1);}
CE 108 NC {F3}

8. OPBUS – IDE for BP risk assessment
• Eclipse Plug-in
• BPMN Modeller with support
for the risk extension
• Transform. to Const. Prog.
• Visual – Diagnosis of BPs

9. OPBUS – IDE for BP risk assessment

10. OPBUS – Security Patterns, theory and models
Christopher Alexander in 1977: “A pattern describes a problem which
occurs over and over again our environment, and then describes the core
of the solution to that pattern“
• We found an standard/template representation !!!
• Still being very textual and natural  Let’s model security patterns

11. Security Patterns, theory and models
Example of an extended security pattern template:
Label to describe security
intentions to implement
Indicates the security goals
to fulfill
Indicates el type of risk
treatment
Describes the attributes
concerning to the context
Describe the constraints
that exist in the business
process that affect the
problem

12. Security Patterns, theory and models
• Ontological represention of concepts
• Extending security pattern info.

13. Security Patterns, theory and models
Customizable models
ISO 27000-series
UML QoS
and FT
Common
Weakness
Enumeration
(CWE)

14. Security Patterns, theory and models
Extension of risk model for OPBUS

15. Case of study Catalogue Security Patterns
Example Scenario (BPMS –
Web Services – Web Forms)

16. Case of study
Forces
Context
AI techniques
for optimized
searchs
Objective
function
Process of selection based
on attributes and constraint
of security patterns

17. OPBUS – Prototypes
Prototype as add-on for specification of security patterns within OPBUS plug-in

18. OPBUS – Prototypes
Prototype as connector for Bonita BPM

19. Ongoing works
Generation and selection of the best configuration from security patterns
1. Analyze features of typical
BPi
Customers/ BPMS
Start
Activity
SSL/TLS
countermeasures in order to achieve
Users
security goals of
Confidentiality info. Encryption/Decryption info. confidentiality, availability, integrity
Authentication Digital Signatures
Information Integrity Message Authentication Code
, authorization and authentication
(Done)
Web Server Application Web DataBase Legacy
Server Service System
Apache (SSL/TLS)
SecurityLevel = {High}
Algorithm CipherSuite ClientAuth Port KeyStore Trust Protocol
SecurityLevel = {High}
Attributes/Extra-
true want false Type Pass File File Pass Type SSLv2.0 TLSv1.X SSLv3
func.
Cross-Relations
Optional
SecurityLevel = {Medium}
JKS PKCS12 PKCS11 JKS PKCS12 PKCS11
Mandatory
Alternative exclude
Or-alternative require

20. Ongoing works
Selection of the best configuration from security patterns:
2. Define a catalogue of security patterns by means of feature models (Done)
3. Apply feature-oriented model analysis in order to obtain configurations based on
objectives functions (Done)
4. Integrate the generation of configuration through feature model analysis in
OPBUS plugin (In progress)
Risk Treatment Catalogue
Security
Countermeasures
Security 1.
Security Pattern 3 Problem
Config.
Context
Pattern 1 Security Force
Problem Pattern 5
Problem Security Context
Context Pattern 2 Force Security Feature
Problem
Pattern 4
Force
Context
analyser 2. Problem
Problem Force Config.
Solution Context
Problem
Force Force
Context
Force
Feature
model
Feature
Feature Feature
model
model model

21. Thank you 
MSc. Ángel Jesús Varela Vaca
Higher Technical School of Computer Engineering -
Department of Computer Languages and Systems - Quivir Research Group
University of Seville
contact: ajvarela@us.es