Upload
angel-jesus-varela-vaca
View
212
Download
0
Embed Size (px)
Citation preview
Plantilla Ponencia Workshop
An Open-Source Proactive Security Infrastructure for Business Process Management
Dr. ngel Jess Varela Vaca Mara Teresa Gmez-Lpez, David Jimnez Vargas, Rafael Martnez Gasca, Antonio J. Surez, Pedro J. AbadIDEA Research Group,ETS. Ingeniera Informtica - Department of Computer Languages and Systems University of Seville
Thank you very much, first of all I'd like to be grateful for this opportunity to present my research for all of you. Although this presentation is titled Automatic Selection of Optimal Configurations and Security Compliance Checking, at the beginning Im going to introduce myself. After that Im going to describe in details my proposal for the selection of configurations. Finally, Im going to show the ongoing works that currently Im working on. Notas:
Outline
BackgroundSecurity ChallengesInfrastructure / Case studyConclusions and future works
22
2Notas:
Background 3
SMEs moving on Internet-driven market:Externalization and automationMechanisms for data analysis
Notas:
Background 4
Malcious Customer
SECURITYRegulation & Law compliance Tech. lack of security awarenessSmall budgets
Notas:
Security challenges5
Malcious Customer
Wolter et al. (2011) Menzel et al. (2012)Mechanisms to represent security requirements at process levelLeitner et al. (2015)Extension to represent security in processes aware systems
Notas:
Security challenges6
Malcious Customer
Weske et al. (2007)Monitoring: state of the process and log data.Business Activity Monitoring: analyze logs trails to identify problems.Gonzalez et al. (2011)Active monitoring: state process execution information at real-timePassive monitoring: upon request information
Notas:
Research statements:How to monitor security requirements?How monitoring/analyze security requirements externally?How check compliance of security requirements externally?How to be security proactive?Security challenges7
Malcious Customer
Notas:
Infrastructure Case Study8
Notas:
Infrastructure Case Study9
Notas:
Infrastructure Case Study10
Notas:
Infrastructure Case Study11
Groovy Connectors
Notas:
Infrastructure Case Study12
Notas:
Infrastructure Case Study13
Notas:
Infrastructure Case Study14
Notas:
Infrastructure15
Notas:
Infrastructure16
Notas:
Infrastructure17
Notas:
Infrastructure18
Notas:
Conclusions19
How to monitor security requirements?Using connectors to log information and agent to collect them. How monitoring/analyze security requirements externally?AlientVault (SIEM) system.How check compliance of security requirements externally?Engine based on rules and correlation rules.How to be security proactive?Creation of alarms and sending signals through APIs to the process execution.
Notas:
Thank for your attention, questions?
Dr. ngel J. Varela VacaE-mail: [email protected]
Muchas gracias .
Notas: