Automated Synthesis and Ranking of Secure BPMN Orchestrators

Ciancia, Vincenzo; Martín, José Antonio; Martinelli, Fabio; Matteucci, Ilaria; Petrocchi, Marinella; Pimentel, Ernesto

doi:10.4018/ijsse.2014040103

Cited by 3 publications

(2 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors use several specific constructs to express usual security requirements for services (derived from a number of Web service security standards, like WS‐Security), check the process for possible violations and have the main focus on adaptation of the orchestration in order to avoid violation of contract terms. Ciancia et al extended the work with a richer specification language (CryptoCCS) and provided transformation from BPMN to this language. Instead, in our paper, we focus on monitoring of security properties, define how and where monitoring actions must be performed, and trigger the notification mechanism.…”

Section: Related Workmentioning

confidence: 99%

Security policy monitoring of BPMN‐based service compositions

Asim

Yautsiukhin

Brucker

et al. 2018

J Software Evolu Process

View full text Add to dashboard Cite

Service composition is a key concept of Service‐Oriented Architecture that allows for combining loosely coupled services that are offered and operated by different service providers. Such environments are expected to dynamically respond to changes that may occur at runtime, including changes in the environment and individual services themselves. Therefore, it is crucial to monitor these loosely coupled services throughout their lifetime. In this paper, we present a novel framework for monitoring services at runtime and ensuring that services behave as they have promised. In particular, we focus on monitoring non‐functional properties that are specified within an agreed security contract. The novelty of our work is based on the way in which monitoring information can be combined from multiple dynamic services to automate the monitoring of business processes and proactively report compliance violations. The framework enables monitoring of both atomic and composite services and provides a user friendly interface for specifying the monitoring policy. We provide an information service case study using a real composite service to demonstrate how we achieve compliance monitoring. The transformation of security policy into monitoring rules, which is done automatically, makes our framework more flexible and accurate than existing techniques.

show abstract

Section: Related Workmentioning

confidence: 99%

Security policy monitoring of BPMN‐based service compositions

Asim

Yautsiukhin

Brucker

et al. 2018

J Software Evolu Process

View full text Add to dashboard Cite

show abstract

“…The proposed tool supports model-driven development of processes that integrate security and compliance requirements across all phases of the system life-cycle. Together with [17] a formal methodology for the automatic synthesis of a secure orchestrator, a set of BPMN processes is described to guarantee non-disclosure of messages exchanged in processes. Finally, model checking techniques are used for evaluating security aspects of business processes in dynamic environments [20].…”

Section: Related Workmentioning

confidence: 99%

Business Process Modeling for Insider Threat Monitoring and Handling

Stavrou¹,

Kandias²,

Karoulas³

et al. 2014

Trust, Privacy, and Security in Digital Business

View full text Add to dashboard Cite

Abstract. Business process modeling has facilitated modern enterprises to cope with the constant need to increase their productivity, reduce costs and offer competitive products and services. Despite modeling's and process management's widespread success, one may argue that it lacks of built-in security mechanisms able to detect and deter threats that may manifest throughout the process. To this end, a variety of different solutions have been proposed by researchers which focus on different threat types. In this paper we examine the insider threat through business processes. Depending on their motives, insiders participating in an organization's business process may manifest delinquently in a way that causes severe impact to the organization. We examine existing security approaches to tackle down the aforementioned threat in enterprise business processes and propose a preliminary model for a monitoring approach that aims at mitigating the insider threat. This approach enhances business process monitoring tools with information evaluated from Social Media by examining the online behavior of users and pinpoints potential insiders with critical roles in the organization's processes. Also, this approach highlights the threat introduced in the processes operated by such users. We conclude with some observations on the monitoring results (i.e. psychometric evaluations from the social media analysis) concerning privacy violations and argue that deployment of such systems should be allowed solely on exceptional cases, such as protecting critical infrastructures or monitoring decision making personnel.

show abstract