Predictive Security Analysis for Event-Driven Processes
This paper presents an approach for predictive security analysis in a business process execution environment. It is based on operational formal models and leverages process and threat analysis and simulation techniques in order to be able to dynamically relate events from different processes and architectural layers and evaluate them with respect to security requirements. Based on this, we present a blueprint of an architecture which can provide decision support by performing dynamic simulation and analysis while considering real-time process changes. It allows for the identification of close-future security-threatening process states and will output a predictive alert for the corresponding violation.
Keywordspredictive security analysis analysis of business process behaviour security modelling and simulation complex event processing
Unable to display preview. Download preview PDF.
- 4.Luckham, D.: The Power of Events: An Introduction to Complex Event Processing in Distributed Enterprise Systems. Addison-Wesley, Reading (2002)Google Scholar
- 5.Massart, T., Meuter, C.: Efficient online monitoring of LTL properties for asynchronous distributed systems. Tech. rep., Université Libre de Bruxelles (2006)Google Scholar
- 6.McCoy, D.W.: Business Activity Monitoring: Calm Before the Storm. Gartner Research (2002)Google Scholar
- 7.Netjes, M., Reijers, H., Van der Aalst, W.P.: Supporting the BPM life-cycle with FileNet. In: Proceedings of the Workshop on Exploring Modeling Methods for Systems Analysis and Design (EMMSAD 2006), held in conjunction with the 18th Conference on Advanced Information Systems (CAiSE 2006), Luxembourg, pp. 497–508. Namur University Press, Namur (2006)Google Scholar
- 8.Nicolett, M., Kavanagh, K.M.: Magic Quadrant for Security Information and Event Management. Gartner RAS Core Reasearch Note (May 2009)Google Scholar
- 9.Ochsenschläger, P., Repp, J., Rieke, R., Nitsche, U.: The SH-Verification Tool Abstraction-Based Verification of Co-operating Systems. Formal Aspects of Computing, The International Journal of Formal Method 11, 1–24 (1999)Google Scholar