Abstract
“Security needs to be aligned with business”. Business situational awareness is the ability to continually monitor ongoing actions and events related to business operations and estimate the immediate and close-future impact of the new information. This ability is crucial for business continuity and should encompass all associated aspects. Considering the growing dependability of businesses on IT on the one hand, and ever increasing threats on the other, IT security aspects should get adequate attention in the awareness system. We present an approach to raise business situational awareness using an advanced method of predictive security analysis at runtime. It continually observes a system’s event stream to find deviations from specified behavior and violations of security compliance rules. Operational models of the key processes are utilized to predict critical security states, evaluate possible countermeasures, and trigger corrective actions. A security information model maintains the security strategy and explains possible deviations from the originating goal. The approach is demonstrated on an industrial scenario from a European research project.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
van der Aalst, W.M.P.: Business process management: a comprehensive survey. ISRN Softw. Eng. 2013, 37 (2013)
Arsac, W., Laube, A., Plate, H.: Policy chain for securing service oriented architectures. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds.) DPM 2012 and SETOP 2012. LNCS, vol. 7731, pp. 303–317. Springer, Heidelberg (2013)
Callau-Zori, M., Jiménez-Peris, R., Gulisano, V., Papatriantafilou, M., Fu, Z., Patiño Martínez, M.: STONE: a Stream-based DDoS defense framework. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing SAC 2013, pp. 807–812. ACM, New York (2013)
Coppolino, L., D’Antonio, S., Formicola, V., Romano, L.: Enhancing SIEM technology to protect critical infrastructures. In: Hämmerli, B.M., Kalstad Svendsen, N., Lopez, J. (eds.) CRITIS 2012. LNCS, vol. 7722, pp. 10–21. Springer, Heidelberg (2013)
Deming, W.E.: The new economics for industry, government, education / W. Edwards Deming, Massachusetts Institute of Technology, Center for Advanced Engineering Study, Cambridge (1993)
Eichler, J., Rieke, R.: Model-based situational security analysis. In: Proceedings of the 6th International Workshop on Models@run.time at the ACM/IEEE 14th International Conference on Model Driven Engineering Languages and Systems (MODELS 2011), CEUR Workshop Proceedings, vol. 794, pp. 25–36. RWTH Aachen (2011)
Endsley, M.: Toward a theory of situation awareness in dynamic systems. Hum. Factors 37(1), 32–64 (1995)
Fuchs, A., Rieke, R.: Identification of security requirements in systems of systems by functional security analysis. In: Casimiro, A., de Lemos, R., Gacek, C. (eds.) Architecting Dependable Systems VII. LNCS, vol. 6420, pp. 74–96. Springer, Heidelberg (2010)
Granadillo, G., Jacob, G., Debar, H., Coppolino, L.: Combination approach to select optimal countermeasures based on the rori index. In: 2012 Second International Conference on Innovative Computing Technology (INTECH), pp. 38–45 (2012)
Innerhofer-Oberperfler, F., Breu, R.: Using an enterprise architecture for it risk management. In: Eloff, J.H.P., Labuschagne, L., Eloff, M.M., Venter, H.S. (eds.) ISSA, pp. 1–12. ISSA, Pretoria (2006)
Iso Iec: ISO/IEC 27004:2009 - Information technology - Security techniques - Information security management - Measurement (2009)
Kotenko, I., Chechulin, A.: Attack modeling and security evaluation in SIEM systems. In: International Transactions on Systems Science and Applications, vol. 8. SIWN Press, December 2012
Lange, M., Mendling, J.: An experts’ perspective on enterprise architecture goals, framework adoption and benefit assessment. In: 2011 15th IEEE International Enterprise Distributed Object Computing Conference Workshops (EDOCW), pp. 304–313, August 2011
Llanes, M., Prieto, E., Diaz, R., Coppolino, L., Sergio, A., Cristaldi, R., Achemlal, M., Gharout, S., Gaber, C., Hutchison, A., Dennie, K.: Scenario requirements (public version). Technical report, FP7-257475 MASSIF European project, April 2011
Maggi, F.M., Montali, M., Westergaard, M., van der Aalst, W.M.P.: Monitoring business constraints with linear temporal logic: an approach based on colored automata. In: Rinderle-Ma, S., Toumani, F., Wolf, K. (eds.) BPM 2011. LNCS, vol. 6896, pp. 132–147. Springer, Heidelberg (2011)
MASSIF project consortium: Acquisition and evaluation of the results. Deliverable D2.3.3, FP7-257475 MASSIF European project, September 2013
Mellado, D., Blanco, C., Sánchez, L.E., Fernández-Medina, E.: A systematic review of security requirements engineering. Comput. Stand. Interfaces 32(4), 153–165 (2010)
Nightingale, D.J., Rhodes, D.H.: Enterprise systems architecting: emerging art and science within engineering systems. In: MIT Engineering Systems Symposium, March 2004
Ochsenschläger, P., Rieke, R.: Abstraction based verification of a parameterised policy controlled system. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds.) Computer Network Security, Communications in Computer and Information Science, vol. 1, pp. 228–241. Springer, Heidelberg (2007)
Peled, D.A.: Software Reliability Methods, 1st edn. Springer, Heidelberg (2001)
Prieto, E., Diaz, R., Romano, L., Rieke, R., Achemlal, M.: MASSIF: a promising solution to enhance olympic games IT security. In: Georgiadis, C.K., Jahankhani, H., Pimenidis, E., Bashroush, R., Al-Nemrat, A. (eds.) ICGS3/e-Democracy 2012. LNICST, vol. 99, pp. 139–147. Springer, Heidelberg (2011)
Rieke, R., Coppolino, L., Hutchison, A., Prieto, E., Gaber, C.: Security and reliability requirements for advanced security event management. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 171–180. Springer, Heidelberg (2012)
Rieke, R., Repp, J., Zhdanova, M., Eichler, J.: Monitoring security compliance of critical processes. In: 2014 22th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), pp. 525–560. IEEE Computer Society, February 2014
Rieke, R., Schütte, J., Hutchison, A.: Architecting a security strategy measurement and management system. In: Proceedings of the Workshop on Model-Driven Security MDsec 2012, pp. 2:1–2:6. ACM, New York (2012)
Rieke, R., Stoynova, Z.: Predictive security analysis for event-driven processes. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2010. LNCS, vol. 6258, pp. 321–328. Springer, Heidelberg (2010)
Rieke, R., Zhdanova, M., Repp, J., Giot, R., Gaber, C.: Fraud detection in mobile payment utilizing process behavior analysis. In: 2013 Eighth International Conference on Availability, Reliability and Security (ARES), pp. 662–669. IEEE Computer Society (2013)
Schiefer, J., Rozsnyai, S., Rauscher, C., Saurer, G.: Event-driven rules for sensing and responding to business situations. In: Jacobsen, H.A., Mühl, G., Jaeger, M.A. (eds.) DEBS. ACM International Conference Proceeding Series, vol. 233, pp. 198–205. ACM (2007)
Schütte, J., Rieke, R., Winkelvos, T.: Model-based security event management. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 181–190. Springer, Heidelberg (2012)
Sherwood, J., Clark, A., Lynas, D.: Enterprise Security Architecture: A Business-Driven Approach. CMP Books, San Francisco (2005)
Sowa, J.F., Zachman, J.A.: Extending and formalizing the framework for information systems architecture. IBM Syst. J. 31(3), 590–616 (1992)
Tallon, P.: Inside the adaptive enterprise: an information technology capabilities perspective on business process agility. Inf. Technol. Manag. 9(1), 21–36 (2008)
The Open Group: TOGAF Standard Version 9.1 (2012). http://pubs.opengroup.org/architecture/togaf9-doc/arch/. Accessed 24 May 2015
Tjoa, S., Jakoubi, S., Goluch, G., Kitzler, G., Goluch, S., Quirchmayr, G.: A formal approach enabling risk-aware business process modeling and simulation. IEEE Trans. Serv. Comput. 4(2), 153–166 (2011)
TOGAF-SABSA Integration WG: TOGAF and SABSA Integration. Whitepaper. The Open Group, The SABSA Institute, October 2011
Verissimo, P., et al.: Massif architecture document. Technical report, FP7-257475 MASSIF European project, April 2012. http://www.massif-project.eu/sites/default/files/deliverables/MASSIF_Architecturedocument_v15_final.zip. Accessed 24 May 2015
Zhdanova, M., Repp, J., Rieke, R., Gaber, C., Hemery, B.: No smurfs: Revealing fraud chains in mobile money transfers. In: Proceedings of 2014 International Conference on Availability, Reliability and Security, ARES 2014, pp. 11–20. IEEE Computer Society (2014)
Acknowledgments
This research was supported by the European Commission in the context of the project MASSIF (ID 257475) and the German Federal Ministry of Education and Research in the project ACCEPT (ID 01BY1206D).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Rieke, R., Zhdanova, M., Repp, J. (2015). Security and Business Situational Awareness. In: Cleary, F., Felici, M. (eds) Cyber Security and Privacy. CSP 2015. Communications in Computer and Information Science, vol 530. Springer, Cham. https://doi.org/10.1007/978-3-319-25360-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-25360-2_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25359-6
Online ISBN: 978-3-319-25360-2
eBook Packages: Computer ScienceComputer Science (R0)