Predictive Security Analysis for Event-Driven Processes

This paper presents an approach for predictive security analysis in a business process execution environment. It is based on operational formal models and leverages process and threat analysis and simulation techniques in order to be able to dynamically relate events from different processes and architectural layers and evaluate them with respect to security requirements. Based on this, we present a blueprint of an architecture which can provide decision support by performing dynamic simulation and analysis while considering real-time process changes. It allows for the identification of close-future security-threatening process states and will output a predictive alert for the corresponding violation.

[1]  Carsten Rudolph,et al.  A Formal Notion of Trust - Enabling Reasoning about Security Properties , 2010, IFIPTM.

[2]  David A. Duce,et al.  The Changing Face of Standardization: A Place for Formal Methods? , 1999, Formal Aspects of Computing.

[3]  Hajo A. Reijers,et al.  Supporting the BPM lifecycle with FileNet , 2006 .

[4]  Remco M. Dijkman Diagnosing Differences between Business Process Models , 2008, BPM.

[5]  Ulrich Ultes-Nitsche,et al.  The SH-Verification Tool — Abstraction-Based Verification of Co-operating Systems , 1998, Formal Aspects of Computing.

[6]  Hajo A. Reijers,et al.  Supporting the BPM life-cycle with FileNet , 2006, EMMSAD.

[7]  Roland Rieke Abstraction-based analysis of known and unknown vulnerabilities of critical information infrastructures , 2008, Int. J. Syst. Syst. Eng..

[8]  Thierry Massart Efficient online monitoring of Ltl properties for asynchronous distributed systems , 2006 .

[9]  Roland Rieke,et al.  Identification of authenticity requirements in systems of systems by functional security analysis , 2009 .

[10]  Roland Rieke,et al.  Identification of Security Requirements in Systems of Systems by Functional Security Analysis , 2009, WADS.

[11]  David Luckham,et al.  The power of events - an introduction to complex event processing in distributed enterprise systems , 2002, RuleML.

[12]  Kelly M. Kavanagh,et al.  Magic Quadrant for Security Information and Event Management , 2011 .

[13]  Peter R. Pietzuch,et al.  A Framework for Event Composition in Distributed Systems , 2003, Middleware.

[14]  Raman Kazhamiakin,et al.  Analysis of communication models in web service compositions , 2006, WWW '06.

[15]  Roland Rieke,et al.  Uniform Parameterisation of Phase Based Cooperations , 2010 .

[16]  Moe Thandar Wynn,et al.  Workflow simulation for operational decision support , 2009, Data Knowl. Eng..

[17]  Remco M. Dijkman,et al.  Semantics and analysis of business process models in BPMN , 2008, Inf. Softw. Technol..