Plantilla Ponencia Workshop

An Open-Source Proactive Security Infrastructure for Business Process Management

Dr. ngel Jess Varela Vaca Mara Teresa Gmez-Lpez, David Jimnez Vargas, Rafael Martnez Gasca, Antonio J. Surez, Pedro J. AbadIDEA Research Group,ETS. Ingeniera Informtica - Department of Computer Languages and Systems University of Seville

Thank you very much, first of all I'd like to be grateful for this opportunity to present my research for all of you. Although this presentation is titled Automatic Selection of Optimal Configurations and Security Compliance Checking, at the beginning Im going to introduce myself. After that Im going to describe in details my proposal for the selection of configurations. Finally, Im going to show the ongoing works that currently Im working on. Notas:

Outline

BackgroundSecurity ChallengesInfrastructure / Case studyConclusions and future works

22

2Notas:

Background 3

SMEs moving on Internet-driven market:Externalization and automationMechanisms for data analysis

Notas:

Background 4

Malcious Customer

SECURITYRegulation & Law compliance Tech. lack of security awarenessSmall budgets

Notas:

Security challenges5

Malcious Customer

Wolter et al. (2011) Menzel et al. (2012)Mechanisms to represent security requirements at process levelLeitner et al. (2015)Extension to represent security in processes aware systems

Notas:

Security challenges6

Malcious Customer

Weske et al. (2007)Monitoring: state of the process and log data.Business Activity Monitoring: analyze logs trails to identify problems.Gonzalez et al. (2011)Active monitoring: state process execution information at real-timePassive monitoring: upon request information

Notas:

Research statements:How to monitor security requirements?How monitoring/analyze security requirements externally?How check compliance of security requirements externally?How to be security proactive?Security challenges7

Malcious Customer

Notas:

Infrastructure Case Study8

Notas:

Infrastructure Case Study9

Notas:

Infrastructure Case Study10

Notas:

Infrastructure Case Study11

Groovy Connectors

Notas:

Infrastructure Case Study12

Notas:

Infrastructure Case Study13

Notas:

Infrastructure Case Study14

Notas:

Infrastructure15

Notas:

Infrastructure16

Notas:

Infrastructure17

Notas:

Infrastructure18

Notas:

Conclusions19

How to monitor security requirements?Using connectors to log information and agent to collect them. How monitoring/analyze security requirements externally?AlientVault (SIEM) system.How check compliance of security requirements externally?Engine based on rules and correlation rules.How to be security proactive?Creation of alarms and sending signals through APIs to the process execution.

Notas:

Thank for your attention, questions?

Dr. ngel J. Varela VacaE-mail: ajvarela@us.es

Muchas gracias .

Notas: