OPBUS: A framework for improving the dependability of risk-aware business processes
-
Upload
angel-jesus-varela-vaca -
Category
Technology
-
view
115 -
download
1
description
Transcript of OPBUS: A framework for improving the dependability of risk-aware business processes
OPBUS: A Framework for Improving theDependability of Risk-Aware Business
Processes
Ángel Jesús Varela Vaca
Supervised byDr. Rafael Martínez Gasca
Goal: Goal: qualityquality improvement of business improvement of businessprocess managementprocess management
Introduction
2
Outline
3
Outline
4
Motivation
5
Motivation
6
Motivation
7
Motivation
8
Motivation
9
BPM life-cycle
10
Business Procesos Modeling
Validation, Simulation, Verification
Process Mining Business Activity
Monitoring
Implementation Test & Deployment
Operation, Monitoring, Maintenance
Enactment Configuration
Design & Analysis
Evaluation
Design and Analysis
11
•Determine, analyze and evaluate risks
Design & Analysis
• Validation analysis• Verification analysis• Performance analysis• Diagnosis analysis
Risk assessment
[10-20] [10-20]
[10-20]
[10-20]
[10-20]
[15-30] [50-60] [15-30]
Configuration
12
• Selection and implementation of countermeasures.
Configuration
Risk treatment
Select the best configuration to treat non-acceptable risks.
Enactment
13
Enactment• Ensure the delivering of correct business
process services in presence of faults.
Fault Tolerance
Outline
14
OPBUS: The framework
15
Enactment Configuration
Design & Analysis
Evaluation
Feature Oriented Domain Analysis
Feature Oriented Domain Analysis
Model-based fault diagnosisModel-based
fault diagnosis
Model-based fault diagnosisModel-based
fault diagnosis
Model-based Fault Diagnosis
16
SDM1: x = a*cM2: y = b*dM3: z = c*eA1: f = x+yA2: g = y+z
OMa = 2b = 2c = 3d = 3e = 2f = 10g = 12
Conflicts{A1, M1, M2}{A1, A2, M1, M3}
Diagnoses{A1}{M1}{M2, A2}{M2, M3}
Model-based Fault Diagnosis
17
17
DiagnosesDiagnoses
ObservationsObservations
Structural Relations
Structural RelationsModelModel
BMx = a*cy = b*dz = c*ef = x+yg = y+z
Structural relationsARR1: f-a*c-b*d=0ARR2: g-b*d-c*e=0ARR3: f-g-c*(a-e)=0
A1 A2 M1 M2 M3
ARR1 1 0 1 1 0ARR2 0 1 0 1 1ARR3 1 1 1 0 1
Obsa = 2b = 2c = 3d = 3e = 2f = 10g = 12
Diagnoses{A1}{M1}
Feature-Oriented Domain Analysis
18
Example of SSL/TSL enforcement for strong encryptation
# allow all ciphers for the initial handshake,# so export browsers can upgrade via SGC facility
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
<Directory /usr/local/apache2/htdocs> # but finally deny all browsers which haven't upgraded SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128</Directory>
Constraint Programming
19
Model-based fault diagnosisModel-based
fault diagnosis
Feature Oriented Domain Analysis
Feature Oriented Domain Analysis
Outline
21
22
Context
Name ModellingSecurity
DimensionsCost Objectives
ThreatsVuln.
ControlsAutomatic
analysisRisk
estimationControl flow
Cope et al. 2010 BPMN √ √ √
Muehlem et al. 2005 EPC Partial Partial Partial √ √
Lambert et al. 2006 IDEF √ √
OPBUS * √ √ √ √ √ √ √ √Churilov et al. 2006 EPC √ √
Rodriguez et al. 2006 UML √ √
Menzel et al. 2009 BPMN √ √ √
Jakoubi et al. 2009 Any √ √ Partial √ Partial
Neubauer et al. 2005 Any √ Partial Partial √
Sackman et al. 2008 Any √ √ Partial Partial Partial
Fenz et al. 2009 Petri-Nets √ Partial √
Neubauer et al. 2008 Any √ √ √ √ Partial √
Xue Bai et al. 2012 BPMN √ √ √ Partial √ √
23
Related work
24
Problem statements
25
Risk-Aware Business Processes
26
Risk-aware Business Processes
27
Risk-aware Business Processes
28
Risk-aware Business ProcessesBusiness process model extended with risk information and properties.
29
Risk-aware Business Processes
AUTOMATIC
RISK CONFORMANCE
30
Risk estimation of BP models
= f(Value , Frequency, Consequence)
A1
Integrity: [1-5]Vulnerability: CWE-255: Credentials Management
Name: CVE-2010-2370Description: Oracle BPM allows remote attackers to affect integrity, related to BPMFrequency: [1-5]Consequence: [1-5]Vulnerabilities: CWE-255
How to calculate the risk of a BP model?
31
Risk estimation of BP models
S.-M. Huang et al., “Enhancing conflict S.-M. Huang et al., “Enhancing conflict detecting mechanism for Web Services ...”, detecting mechanism for Web Services ...”, Inform. Softw. Technol. (2007)Inform. Softw. Technol. (2007)
32
Risk estimation of BP models
A1 A2A3
A4A5
BP1 = A1
D1
D1 A2
MAX( A3 A4 A5
+ + +
, ) + ) / 5
(
Estimating risk of BP models
37
Risk evaluation of BP models
A1 A2A3
A4A5
D1
✔
38
Diagnosis of non-conformance of risk
39
Determination of PEFs
Determination of PEFs
40
CSP ModelRisk-Aware BP model CSP model
Automatic Transformation
41
CSP Model
Automatic Transformation
Risk-Aware BP model CSP model
42
CSP Model
Automatic Transformation
Risk-Aware BP model CSP model
43
CSP ModelRisk-Aware BP model CSP model
45
Identifying PEFs, Activities & Artifacts
46
Automatic Diagnosis – MDAModel-driven Architecture approachDifferent risk evaluation strategies:•FMEA, MAGERIT, CRAMM, Customized, …Multiple platforms for Constraint Programming:•Choco, COMET, CPLex, …Different strategy of searches: •Exhaustive, local search, hybrid …
Implementation and Results
47
Tools development of eclipse plug-in:• Customizable BPMN editor• Integration Multi-CP solvers• Validation capabilities: structural faults.• Automatic and dynamic transformations and diagnosis of non-conformances
Implementation and Results
48
Outline
49
Context
50
A1 A2A3
A4A5
D1
Identify threats, vulnerabilities and elements of BPs to be treated
What security controls must be configured together with business processes in order to correct non-conformance of risks
Manual Time-consuming
Problem statements
51
How to formalize security countermeasures?
How to select adequate security controls according to requirements/objectives/goals of organizations?
Security patterns
• Textual• Informal• Natural language
Inference mechanisms• Feature-Oriented Domain Analysis (FODA)• Constraint Programming Techniques• Multi-objective strategy (cost-benefit, MTTR-development
time, …)
Extended & Formalized• Feature models
Modelling security patterns
52
Name
Security GoalsSecurity Goals
Security IntentionSecurity Intention
Problem
Context
Solutions
Forces
Feature model: Domain of configurationsOperators:
SELECT CHECK
Integrity, Confidentiality, Availability, …
Data integrity, Fault Tolerance, Enforce Authentication, …
Vulnerability: CWE-523: Unprotected Transport of Credentials
Operators: OPTIONAL MANDATORY
Security controls – Confidentiality & Integrity & Authentication
53
Nombre Description
Security Goals: Confidentiality, Integrity, Authentication
Security Intention: Enforcerment SSL/TLS
Problem CWE-523: Unprotected Transport of Credentials
CWE-523: Unprotected Transport of Credentials
Security controls – Confidentiality & Integrity & Authentication
54
Enforcement of SSL/TLSStandards SSL v2.0, TLS v1.0, TLS v1.1, SSL v3.0Cipher Suite: high variability
Nombre Description
Security Goals: Confidentiality, Integrity, Authentication
Security Intention: Enforcerment SSL/TLS
Problem CWE-523: Unprotected Transport of Credentials
Security controls – Confidentiality & Integrity & Authentication
55
SSL/TLS enables:Confidentiality: encrypting dataIntegrity: message authentication codeAuthentication: digital signatures and/or certificate.
Lot of cross-tree constraints !!!
Metrics:
Security control – Availability & Integrity
56
CWE-390: Detection of Error Condition Without Action
Name Description
Security Goals: Availability, Integrity
Security Intention: Fault Tolerance
Problem CWE-390: Detection of Error Condition Without Action
Security control – Availability & Integrity
57
Fault tolerance:Error detectionRecovery management
Metrics:
Security control – Authorization
58
Name Description
Security Goals: Authorization
Security Intention: Enfocerment Authorization
Problem CWE-89 - SQL injectionCWE-79 - Cross-site Scripting
• CWE-89 - SQL injection• CWE-79 - Cross-site Scripting
Security control – Authorization
59
Name Description
Security Goals: Authorization
Security Intention: Enfocerment Authorization
Problem CWE-89 - SQL injectionCWE-79 - Cross-site Scripting
Enforcement of Authorization:Information filtering via Web Application Firewalls (WAFs)Configuration rule set: High variability
SecRuleREQUEST_HEADERS:Host "^$" \"phase:2,rev:'2.2.4',t:none,block,msg:'Empty Host Header',id:'960007',tag:'PROTOCOL_VIOLATION/MISSING_HEADER_HOST',severity:'5',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},setvar:tx.protocol_violation_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-PROTOCOL_VIOLATION/MISSING_HEADER-%{matched_var_name}=%{matched_var}"
SecRuleREQUEST_HEADERS:Host "^$" \"phase:2,rev:'2.2.4',t:none,block,msg:'Empty Host Header',id:'960007',tag:'PROTOCOL_VIOLATION/MISSING_HEADER_HOST',severity:'5',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},setvar:tx.protocol_violation_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-PROTOCOL_VIOLATION/MISSING_HEADER-%{matched_var_name}=%{matched_var}"
Example of rule
CSP model
60
Formal models
CP
// VariablesBoolean C1,C2,C3,C4,C5,C6,C7Integer x,y,z;// Feature modelC1 ↔ C2C3 → C1C2 ↔(C6 ∨ C7 ∨ C8)C5 → C6 // require// Extra functionsC1 → x = y + zC4 → z = value1C5 → z ≥ r11 z ≤ r12˄C6 → y = value2C7 → y = value3C8 → y ≥ r21 y ≤ r22˄// OperationMaximize(x)
Transformation
Performance & Analysis Results
61
FeatureModel (FM)
Number ofFeatures
Mandatory Optional XOR OrVoid
feature model
Legalconfigurations
Time(ms)
Fault Tolerance (FT) 17 8 1 7 0 × 7 9SSL/TLS 49 10 0 42 5 × 3.683 4.699WAF 62 6 6 57 4 × 241.920 77.427
Analysis & Performance results
62
FeatureModel
Optimizationcriteria
ConfigurationsTime(ms)
SSL/TLS
Single Objective: Minimize (ALE) 13.138 2.041Single Objective: Maximize (AROR) 5.268 1.255Single Objective: Minimize (Cost) 1.800 2.394Multi-objective: Maximize (AROR) + Minimize (ALE) 5.268 5.257Multi-objective: Minimize (Cost) + Minimize (ALE) 0 406Multi-objective: ~Minimize (Cost) + Minimize (ALE) 108 880
Fault Tolerance
Single Objective: Minimize (MTTR) 4 39Single Objective: Maximize (Risk Reduction) 58 42Multi-objective: Minimize (MTTR) + Maximize (Risk Reduction) 36 39
#Digital Signature Certificate CipherSuite
ProtocolObjective
PSK SRP Anon. X.509 OpenPGPKeyChange
MethodCipherEnc MAC ALE Cost
1 √ RSA TLSv1.0 2.000 452 √ RSA MD5 TLSv1.0 2.000 453 √ RSA IDEA-128 SHA-1 TLSv1.1 2.000 504 √ Fortezza SHA-256 TLSv1.1 2.000 505 √ DHE_RSA 3DES 168 SHA-1 TLSv1.1 2.000 50
Outline
63
Context
64
A1 A2A3
A4A5
D1
Problem statements
65
Fault Tolerance Layer (FTL)
66
Recovery mechanisms
Dynamic Binding
Replication and redundancy
Software diversity
Check-pointing
Error detection
Detect Discrepancies
Fault Diagnosis
Error Detection & Fault Diagnosis
67
A1 A2A3
A4A5
FTL
FTL – Error Detection & Fault Diagnosis
68
A1 A2A3
A4A5
C1 ≡ A1 = x + yC2 ≡ A1 = dC3 ≡ A2 = d * z
MAXIMIZE(C1,C2,…)
A1, A2
Recovery – Dynamic binding
70
+ Primary-backup
FTL
Recovery – Diversity
71
FTL
FTL – Recovery
72
FTL
Performance results
73
Performance results
74
FTL - Summary
75
Recovey DiagnosisDiagnosis Check-pointsCheck-points No. ReplicasNo. Replicas MiscMisc MTTRMTTR
Dynamic Binding Dynamic Binding 2/12/1
DB-Redundant DB-Redundant BinderBinder
2/12/1 Compensation Compensation handlershandlers
N-VersioningN-Versioning NN AdjudicatorAdjudicator
Check-pointingCheck-pointing 2/12/1 Compensation Compensation handlershandlers
+
=
+
+
Outline
76
Final Remarks
78
Risk-AwarenessRisk-Awareness
DependabilityDependability
Flexibility & AgilityFlexibility & Agility
Efficiency & Efficiency & OptimizationOptimization
Risk extensionRisk extension
Risk analysisRisk analysis
Risk treatmentRisk treatment
IntegrityIntegrity
ConfidentialityConfidentiality
AvailabilityAvailability
ReliabilityReliability
AutomationAutomation
AdaptableAdaptable
Multi-platformMulti-platform
Model-Based DiagnosisModel-Based Diagnosis
Constraint ProgrammingConstraint Programming
FODAFODA
BPMBPMQualityQualityBPMBPM
QualityQuality
Outline
79
Best Paper AwardBest Paper Award
DEPEND’10 (Best Paper Award)
DEPEND’10 (Best Paper Award)
CISIS’10 (CORE B)CISIS’10 (CORE B)
Publications and Research findings
80
DX’10DX’10
SECRYTP’11 (CORE B)SECRYTP’11 (CORE B)
RCIS’11 (CORE B)RCIS’11 (CORE B)
IJAS ‘11 Google Scholar
IJAS ‘11 Google Scholar
CISIS’12 (CORE B)CISIS’12 (CORE B)
AEI’12AEI’12
IST ‘13 JCR (2012)
1.250
IST ‘13 JCR (2012)
1.250
JSS ‘13 JCR (2011)
0.836
JSS ‘13 JCR (2011)
0.836 JSS ‘11 JCR (2010)
1.293
JSS ‘11 JCR (2010)
1.293
ConferenceConference
WorkshopWorkshop
Journal in third reviewJournal in third review
Journal PublishedJournal Published
Research stay and projects
81
Other research findings
82
THANK YOU FOR YOUR ATTENTIONTHANK YOU FOR YOUR ATTENTION
Ángel J. Varela VacaÁngel J. Varela VacaUniversidad de Sevilla,Universidad de Sevilla,
E.T.S. Ingeniería Informática, E.T.S. Ingeniería Informática, Departamento de Lenguajes y Sistemas Informáticos,Departamento de Lenguajes y Sistemas Informáticos,
E-mailE-mail:: [email protected]@us.esLinkedinLinkedin: angeljesusvarelavaca: angeljesusvarelavaca
ProyectoProyecto OPBUSOPBUS: : http://www.lsi.us.es/~quivir/index.php/OPbus/HomePage http://www.lsi.us.es/~quivir/index.php/OPbus/HomePage
THANK YOU FOR YOUR ATTENTIONTHANK YOU FOR YOUR ATTENTION
Ángel J. Varela VacaÁngel J. Varela VacaUniversidad de Sevilla,Universidad de Sevilla,
E.T.S. Ingeniería Informática, E.T.S. Ingeniería Informática, Departamento de Lenguajes y Sistemas Informáticos,Departamento de Lenguajes y Sistemas Informáticos,
E-mailE-mail:: [email protected]@us.esLinkedinLinkedin: angeljesusvarelavaca: angeljesusvarelavaca
ProyectoProyecto OPBUSOPBUS: : http://www.lsi.us.es/~quivir/index.php/OPbus/HomePage http://www.lsi.us.es/~quivir/index.php/OPbus/HomePage