Security and Business Situational Awareness

  • Roland Rieke
  • Maria Zhdanova
  • Jürgen Repp
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 530)


“Security needs to be aligned with business”. Business situational awareness is the ability to continually monitor ongoing actions and events related to business operations and estimate the immediate and close-future impact of the new information. This ability is crucial for business continuity and should encompass all associated aspects. Considering the growing dependability of businesses on IT on the one hand, and ever increasing threats on the other, IT security aspects should get adequate attention in the awareness system. We present an approach to raise business situational awareness using an advanced method of predictive security analysis at runtime. It continually observes a system’s event stream to find deviations from specified behavior and violations of security compliance rules. Operational models of the key processes are utilized to predict critical security states, evaluate possible countermeasures, and trigger corrective actions. A security information model maintains the security strategy and explains possible deviations from the originating goal. The approach is demonstrated on an industrial scenario from a European research project.


Predictive security analysis Process behavior analysis Security modeling and simulation Security monitoring Security strategy Security information and event management Governance and compliance 



This research was supported by the European Commission in the context of the project MASSIF (ID 257475) and the German Federal Ministry of Education and Research in the project ACCEPT (ID 01BY1206D).


  1. 1.
    van der Aalst, W.M.P.: Business process management: a comprehensive survey. ISRN Softw. Eng. 2013, 37 (2013)Google Scholar
  2. 2.
    Arsac, W., Laube, A., Plate, H.: Policy chain for securing service oriented architectures. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds.) DPM 2012 and SETOP 2012. LNCS, vol. 7731, pp. 303–317. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  3. 3.
    Callau-Zori, M., Jiménez-Peris, R., Gulisano, V., Papatriantafilou, M., Fu, Z., Patiño Martínez, M.: STONE: a Stream-based DDoS defense framework. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing SAC 2013, pp. 807–812. ACM, New York (2013)Google Scholar
  4. 4.
    Coppolino, L., D’Antonio, S., Formicola, V., Romano, L.: Enhancing SIEM technology to protect critical infrastructures. In: Hämmerli, B.M., Kalstad Svendsen, N., Lopez, J. (eds.) CRITIS 2012. LNCS, vol. 7722, pp. 10–21. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  5. 5.
    Deming, W.E.: The new economics for industry, government, education / W. Edwards Deming, Massachusetts Institute of Technology, Center for Advanced Engineering Study, Cambridge (1993)Google Scholar
  6. 6.
    Eichler, J., Rieke, R.: Model-based situational security analysis. In: Proceedings of the 6th International Workshop on Models@run.time at the ACM/IEEE 14th International Conference on Model Driven Engineering Languages and Systems (MODELS 2011), CEUR Workshop Proceedings, vol. 794, pp. 25–36. RWTH Aachen (2011)Google Scholar
  7. 7.
    Endsley, M.: Toward a theory of situation awareness in dynamic systems. Hum. Factors 37(1), 32–64 (1995)CrossRefGoogle Scholar
  8. 8.
    Fuchs, A., Rieke, R.: Identification of security requirements in systems of systems by functional security analysis. In: Casimiro, A., de Lemos, R., Gacek, C. (eds.) Architecting Dependable Systems VII. LNCS, vol. 6420, pp. 74–96. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  9. 9.
    Granadillo, G., Jacob, G., Debar, H., Coppolino, L.: Combination approach to select optimal countermeasures based on the rori index. In: 2012 Second International Conference on Innovative Computing Technology (INTECH), pp. 38–45 (2012)Google Scholar
  10. 10.
    Innerhofer-Oberperfler, F., Breu, R.: Using an enterprise architecture for it risk management. In: Eloff, J.H.P., Labuschagne, L., Eloff, M.M., Venter, H.S. (eds.) ISSA, pp. 1–12. ISSA, Pretoria (2006)Google Scholar
  11. 11.
    Iso Iec: ISO/IEC 27004:2009 - Information technology - Security techniques - Information security management - Measurement (2009)Google Scholar
  12. 12.
    Kotenko, I., Chechulin, A.: Attack modeling and security evaluation in SIEM systems. In: International Transactions on Systems Science and Applications, vol. 8. SIWN Press, December 2012Google Scholar
  13. 13.
    Lange, M., Mendling, J.: An experts’ perspective on enterprise architecture goals, framework adoption and benefit assessment. In: 2011 15th IEEE International Enterprise Distributed Object Computing Conference Workshops (EDOCW), pp. 304–313, August 2011Google Scholar
  14. 14.
    Llanes, M., Prieto, E., Diaz, R., Coppolino, L., Sergio, A., Cristaldi, R., Achemlal, M., Gharout, S., Gaber, C., Hutchison, A., Dennie, K.: Scenario requirements (public version). Technical report, FP7-257475 MASSIF European project, April 2011Google Scholar
  15. 15.
    Maggi, F.M., Montali, M., Westergaard, M., van der Aalst, W.M.P.: Monitoring business constraints with linear temporal logic: an approach based on colored automata. In: Rinderle-Ma, S., Toumani, F., Wolf, K. (eds.) BPM 2011. LNCS, vol. 6896, pp. 132–147. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  16. 16.
    MASSIF project consortium: Acquisition and evaluation of the results. Deliverable D2.3.3, FP7-257475 MASSIF European project, September 2013Google Scholar
  17. 17.
    Mellado, D., Blanco, C., Sánchez, L.E., Fernández-Medina, E.: A systematic review of security requirements engineering. Comput. Stand. Interfaces 32(4), 153–165 (2010)CrossRefGoogle Scholar
  18. 18.
    Nightingale, D.J., Rhodes, D.H.: Enterprise systems architecting: emerging art and science within engineering systems. In: MIT Engineering Systems Symposium, March 2004Google Scholar
  19. 19.
    Ochsenschläger, P., Rieke, R.: Abstraction based verification of a parameterised policy controlled system. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds.) Computer Network Security, Communications in Computer and Information Science, vol. 1, pp. 228–241. Springer, Heidelberg (2007)Google Scholar
  20. 20.
    Peled, D.A.: Software Reliability Methods, 1st edn. Springer, Heidelberg (2001)CrossRefzbMATHGoogle Scholar
  21. 21.
    Prieto, E., Diaz, R., Romano, L., Rieke, R., Achemlal, M.: MASSIF: a promising solution to enhance olympic games IT security. In: Georgiadis, C.K., Jahankhani, H., Pimenidis, E., Bashroush, R., Al-Nemrat, A. (eds.) ICGS3/e-Democracy 2012. LNICST, vol. 99, pp. 139–147. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  22. 22.
    Rieke, R., Coppolino, L., Hutchison, A., Prieto, E., Gaber, C.: Security and reliability requirements for advanced security event management. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 171–180. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  23. 23.
    Rieke, R., Repp, J., Zhdanova, M., Eichler, J.: Monitoring security compliance of critical processes. In: 2014 22th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), pp. 525–560. IEEE Computer Society, February 2014Google Scholar
  24. 24.
    Rieke, R., Schütte, J., Hutchison, A.: Architecting a security strategy measurement and management system. In: Proceedings of the Workshop on Model-Driven Security MDsec 2012, pp. 2:1–2:6. ACM, New York (2012)Google Scholar
  25. 25.
    Rieke, R., Stoynova, Z.: Predictive security analysis for event-driven processes. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2010. LNCS, vol. 6258, pp. 321–328. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  26. 26.
    Rieke, R., Zhdanova, M., Repp, J., Giot, R., Gaber, C.: Fraud detection in mobile payment utilizing process behavior analysis. In: 2013 Eighth International Conference on Availability, Reliability and Security (ARES), pp. 662–669. IEEE Computer Society (2013)Google Scholar
  27. 27.
    Schiefer, J., Rozsnyai, S., Rauscher, C., Saurer, G.: Event-driven rules for sensing and responding to business situations. In: Jacobsen, H.A., Mühl, G., Jaeger, M.A. (eds.) DEBS. ACM International Conference Proceeding Series, vol. 233, pp. 198–205. ACM (2007)Google Scholar
  28. 28.
    Schütte, J., Rieke, R., Winkelvos, T.: Model-based security event management. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 181–190. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  29. 29.
    Sherwood, J., Clark, A., Lynas, D.: Enterprise Security Architecture: A Business-Driven Approach. CMP Books, San Francisco (2005)CrossRefGoogle Scholar
  30. 30.
    Sowa, J.F., Zachman, J.A.: Extending and formalizing the framework for information systems architecture. IBM Syst. J. 31(3), 590–616 (1992)CrossRefGoogle Scholar
  31. 31.
    Tallon, P.: Inside the adaptive enterprise: an information technology capabilities perspective on business process agility. Inf. Technol. Manag. 9(1), 21–36 (2008)MathSciNetCrossRefGoogle Scholar
  32. 32.
    The Open Group: TOGAF Standard Version 9.1 (2012). Accessed 24 May 2015
  33. 33.
    Tjoa, S., Jakoubi, S., Goluch, G., Kitzler, G., Goluch, S., Quirchmayr, G.: A formal approach enabling risk-aware business process modeling and simulation. IEEE Trans. Serv. Comput. 4(2), 153–166 (2011)CrossRefGoogle Scholar
  34. 34.
    TOGAF-SABSA Integration WG: TOGAF and SABSA Integration. Whitepaper. The Open Group, The SABSA Institute, October 2011Google Scholar
  35. 35.
    Verissimo, P., et al.: Massif architecture document. Technical report, FP7-257475 MASSIF European project, April 2012. Accessed 24 May 2015
  36. 36.
    Zhdanova, M., Repp, J., Rieke, R., Gaber, C., Hemery, B.: No smurfs: Revealing fraud chains in mobile money transfers. In: Proceedings of 2014 International Conference on Availability, Reliability and Security, ARES 2014, pp. 11–20. IEEE Computer Society (2014)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Fraunhofer Institute SITDarmstadtGermany
  2. 2.Philipps-Universität MarburgMarburgGermany

Personalised recommendations