Security Compliance Tracking of Processes in Networked Cooperating Systems

Systems of systems that collaborate for a common purpose are called cooperating systems. Typical examples of novel cooperating systems are electronic health systems and electronic money transfer systems but also critical infrastructures, such as future vehicular ad hoc networks and distributed air traffic management systems. Business processes and technical workflows control the cooperation of the networked systems. Important safety and security goals of the applications, business goals, and external compliance requirements create security obligations for such processes. These processes must not only be secure, they must be demonstrably so. To support this, we present an approach for security compliance tracking of processes in networked cooperating systems using an advanced method of predictive security analysis at runtime. At that, operational models are utilized for: (a) tracking conformance of process behavior with respect to the specification, (b) detection of behavior anomalies which indicate possible attacks, (c) tracking compliance of process behavior with respect to safety and security requirements, and (d) prediction of possible violations of safety and security policies in the near future. We provide an extensive background analysis, introduce the model-based conformance tracking and uncertainty management algorithm, and describe security compliance tracking and model-based behavior prediction. We demonstrate the implementation of the proposed approach on a critical infrastructure scenario from a European research project.

[1]  Roland Rieke,et al.  Predictive Security Analysis for Event-Driven Processes , 2010, MMM-ACNS.

[2]  Maria Zhdanova,et al.  Monitoring Security Compliance of Critical Processes , 2014, 2014 22nd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing.

[3]  Carsten Rudolph,et al.  Abstractions Preserving Parameter Confidentiality , 2005, ESORICS.

[4]  G. Jacob,et al.  Combination approach to select optimal countermeasures based on the RORI index , 2012, Second International Conference on the Innovative Computing Technology (INTECH 2012).

[5]  Fabio Casati,et al.  Event correlation for process discovery from web service interaction logs , 2011, The VLDB Journal.

[6]  Steve A. Schneider Security properties and CSP , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[7]  Roland Rieke,et al.  Identification of Security Requirements in Systems of Systems by Functional Security Analysis , 2009, WADS.

[8]  Padhraic Smyth,et al.  From Data Mining to Knowledge Discovery in Databases , 1996, AI Mag..

[9]  Maria Zhdanova,et al.  No Smurfs: Revealing Fraud Chains in Mobile Money Transfers , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[10]  Julian Schütte,et al.  Architecting a security strategy measurement and management system , 2012, MDsec '12.

[11]  Henrik Sandberg,et al.  Challenges in Power System Information Security , 2012, IEEE Security & Privacy.

[12]  Didier Bert,et al.  Construction of Finite Labelled Transistion Systems from B Abstract Systems , 2000, IFM.

[13]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[14]  Brice Morin,et al.  Security-driven model-based dynamic adaptation , 2010, ASE '10.

[15]  Wil M. P. van der Aalst,et al.  Conformance checking of processes based on monitoring real behavior , 2008, Inf. Syst..

[16]  Roland Rieke,et al.  Model-based Situational Security Analysis , 2011 .

[17]  Fabio Martinelli,et al.  Towards Continuous Usage Control on Grid Computational Services , 2005, Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services - (icas-isns'05).

[18]  Marco Montali,et al.  Monitoring Business Constraints with Linear Temporal Logic: An Approach Based on Colored Automata , 2011, BPM.

[19]  Moe Thandar Wynn,et al.  Workflow simulation for operational decision support , 2009, Data Knowl. Eng..

[20]  Maria Zhdanova,et al.  Fraud Detection in Mobile Payments Utilizing Process Behavior Analysis , 2013, 2013 International Conference on Availability, Reliability and Security.

[21]  Pawel Sobocinski A Well-behaved LTS for the Pi-calculus: (Abstract) , 2007, Electron. Notes Theor. Comput. Sci..

[22]  Julian Schütte,et al.  Model-Based Security Event Management , 2012, MMM-ACNS.

[23]  Roland Rieke Abstraction-based analysis of known and unknown vulnerabilities of critical information infrastructures , 2008, Int. J. Syst. Syst. Eng..

[24]  George Spanoudakis,et al.  Diagnosing Runtime Violations of Security & Dependability Properties , 2010, SEKE.

[25]  Kelly M. Kavanagh,et al.  Magic Quadrant for Security Information and Event Management , 2011 .

[26]  Jan Mendling,et al.  Metrics for Process Models: Empirical Foundations of Verification, Error Prediction, and Guidelines for Correctness , 2008, Lecture Notes in Business Information Processing.

[27]  Boudewijn F. van Dongen,et al.  XES, XESame, and ProM 6 , 2010, CAiSE Forum.

[28]  Stefan Biffl,et al.  Knowledge-based Runtime Failure Detection for Industrial Automation Systems , 2010, Models@run.time.

[29]  Maritta Heisel,et al.  A comparison of security requirements engineering methods , 2010, Requirements Engineering.

[30]  Thierry Massart Efficient online monitoring of Ltl properties for asynchronous distributed systems , 2006 .

[31]  Luigi Coppolino,et al.  Security and Reliability Requirements for Advanced Security Event Management , 2012, MMM-ACNS.

[32]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.

[33]  Eduardo Valido-Cabrera Software reliability methods , 2006 .

[34]  Nicola Zannone,et al.  Measuring Privacy Compliance with Process Specifications , 2011, 2011 Third International Workshop on Security Measurements and Metrics.

[35]  Roland Rieke,et al.  Abstraction Based Verification of a Parameterised Policy Controlled System , 2007 .

[36]  E. Ovaska,et al.  From Security Modelling to Run-time Security Monitoring , 2009 .

[37]  Raman Kazhamiakin,et al.  Analysis of communication models in web service compositions , 2006, WWW '06.

[38]  Marina Papatriantafilou,et al.  STONE: a stream-based DDoS defense framework , 2013, SAC '13.

[39]  Igor V. Kotenko,et al.  Common Framework for Attack Modeling and Security Evaluation in SIEM Systems , 2012, 2012 IEEE International Conference on Green Computing and Communications.

[40]  Henrik Björklund,et al.  Shuffle Expressions and Words with Nested Data , 2007, MFCS.

[41]  Ulrich Ultes-Nitsche,et al.  The SH-Verification Tool — Abstraction-Based Verification of Co-operating Systems , 1998, Formal Aspects of Computing.

[42]  Remco M. Dijkman,et al.  Semantics and analysis of business process models in BPMN , 2008, Inf. Softw. Technol..

[43]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[44]  Hervé Debar,et al.  The Intrusion Detection Message Exchange Format (IDMEF) , 2007, RFC.

[45]  Cristina Serban,et al.  Run-time security evaluation (RTSE) for distributed applications , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[46]  Gerald Quirchmayr,et al.  A Formal Approach Enabling Risk-Aware Business Process Modeling and Simulation , 2011, IEEE Transactions on Services Computing.

[47]  Brian Randell,et al.  On Failures and Faults , 2003, FME.

[48]  Daniel Mellado,et al.  A systematic review of security requirements engineering , 2010, Comput. Stand. Interfaces.

[49]  Luigi Coppolino,et al.  Enhancing SIEM Technology to Protect Critical Infrastructures , 2012, CRITIS.

[50]  W.M.P. van der Aalst,et al.  Business Process Management: A Comprehensive Survey , 2013 .

[51]  Ann Q. Gates,et al.  A taxonomy and catalog of runtime software-fault monitoring tools , 2004, IEEE Transactions on Software Engineering.

[52]  Luigi Coppolino,et al.  A Trusted Information Agent for Security Information and Event Management , 2012, ICONS 2012.

[53]  Roland Rieke,et al.  MASSIF: A Promising Solution to Enhance Olympic Games IT Security , 2011, ICGS3/e-Democracy.

[54]  Andreas Schaad,et al.  Model-driven business process security requirement specification , 2009, J. Syst. Archit..

[55]  Wil M. P. van der Aalst,et al.  Process Mining - Discovery, Conformance and Enhancement of Business Processes , 2011 .