Abstract
We develop a compositional framework for modelling security and business architectures based on rigorous underlying mathematical systems modelling technology. We explain the basic architectural model, which strictly separates declarative specification from operational implementation, and show architectures can interact by composition, substitution, and stacking. We illustrate these constructions using a running example based on airport security and an example based on (cloud-based) outsourcing, indicating how our approach can illustrate how security controls can fail or be circumvented in these cases. We explain our motivations from mathematical modelling and security economics, and conclude by indicating how to aim to develop a decision-support technology.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Beautement, A., Pym, D.: Structured systems economics for security management. In: Moore, T. (ed.) Proc. WEIS 2010, Harvard (2010), http://weis2010.econinfosec.org/papers/session6/weis2010_beautement.pdf
Coulouris, G., Dollimore, J., Kindberg, T.: Distributed Systems: Concepts and Design, 3rd edn. Addison Wesley (2000)
Collinson, M., Monahan, B., Pym, D.: A Discipline of Mathematical Systems Modelling. College Publications (2012)
Collinson, M., Monahan, B., Pym, D.: Semantics for structured systems modelling and simulation. In: Proc. Simutools 2010. ACM Digital Library (2010) ISBN 78-963-9799-87-5
Collinson, M., Monahan, B., Pym, D.: A logical and computational theory of located resource. Journal of Logic and Computation 19(b), 1207–1244 (2009)
Collinson, M., Pym, D.: Algebra and logic for resource-based systems modelling. Mathematical Structures in Computer Science 19, 959–1027 (2009), doi:10.1017/S0960129509990077
Core Gnosis, http://www.hpl.hp.com/research/systems_security/gnosis.html
Ioannidis, C., Pym, D., Williams, J.: Investments and Trade-offs in the Economics of Information Security. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 148–166. Springer, Heidelberg (2009)
Ioannidis, C., Pym, D., Williams, J.: Information security trade-offs and optimal patching policies. European Journal of Operational Research 216(2), 434–444 (2012)
Collinson, M., Pym, D.: Algebra and logic for access control [and erratum]. Formal Aspects of Computing 22(2, 3-4), 83–104 (2010)
Milner, R.: Calculi for synchrony and asynchrony. TCS 25(3), 267–310 (1983)
Beautement, A., Pym, D.: The structure and dynamics of systems security economics, https://www.abdn.ac.uk/~csc335/actors.pdf
Parsons, T.: The Social System. Routledge (1951)
Merton, R.: Social Theory and Social Structure. Macmillan (1968)
Brown, L., Harding, A.: Social modelling and public policy: application of microsimulation modelling in Australia. Journal of Artificial Societies and Social Simulation 5(4) (2002)
Johnson, H., Johnson, P.: Task knowledge structures: Psychological basis and integration into system design. Acta Psychologica 78(1), 3–26 (1991)
Souchon, N., Limbourg, Q., Vanderdonckt, J.: Task Modelling in Multiple Contexts of Use. In: Forbrig, P., Limbourg, Q., Urban, B., Vanderdonckt, J. (eds.) DSV-IS 2002. LNCS, vol. 2545, pp. 59–73. Springer, Heidelberg (2002)
Sterman, J.D.: Business Dynamics: Systems thinking and modeling for a complex world. McGraw Hill (2000)
Pidd, M.: Tools for Thinking: Modelling in Management Science. Wiley (2003)
Gonzalez, J., Sawicka, A.: A framework for human factors in information security. In: WSEAS International Conference on Information Security, Rio de Janeiro (2002)
Adams, A.L., Sasse, M.A.: Users are not the enemy: Why users compromise security mechanisms and how to take remedial measures. Comm. ACM 42(12), 40–46 (1999)
Beautement, A., Sasse, M.: The compliance budget: The economics of user effort in information security. Computer Fraud & Security 10, 8–12 (2009)
Beautement, A., Coles, R., Griffin, J., Ioannidis, C., Monahan, B., Pym, D., Sasse, A., Wonham, M.: Modelling the Hum. and Tech. Costs and Bens. of USB Memory Stick Sec. In: Johnson, M.E. (ed.) Managing Inf. Risk and the Econ. of Sec., pp. 141–163. Springer (2008)
Kabir, M., Han, J., Colman, A.: Modeling and coordinating social interactions in pervasive environments. In: Proc. 16th IEEE Int. Conf. on Eng. Complex Comp. Sys., pp. 243–252 (2011)
de Simone, R.: Higher-level synchronising devices in Meije-SCCS. TCS 37, 245–267 (1985)
Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall International (1985)
Baldwin, A., Pym, D., Shiu, S.: Enterprise information risk management: Dealing with cloud computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing: Selected Topics. Communications and Networks. Springer (2012)
Wolter, C., Menzel, M., Schaad, A., Miseldine, P., Meinel, C.: Model-driven business process security requirement specification. Journal of Systems Architecture 55(4), 211–223 (2009)
Menzel, M., Thomas, I., Meinel, C.: Security requirements specification in service-oriented business process management. In: Proc. ARES 2009, pp. 41–48. IEEE (2009)
Blackwell, C.: A multi-layered security architecture for modelling complex systems. In: Proc. 4th Ann. Workshop on Cybersecurity and Information Intelligence Res. ACM (2008)
Beres, Y., Pym, D., Shiu, S.: Decision Support for Systems Security Investment. In: Proc. Business-driven IT Management (BDIM 2010). IEEE Xplore (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Collinson, M., Pym, D., Taylor, B. (2012). A Framework for Modelling Security Architectures in Services Ecosystems. In: De Paoli, F., Pimentel, E., Zavattaro, G. (eds) Service-Oriented and Cloud Computing. ESOCC 2012. Lecture Notes in Computer Science, vol 7592. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33427-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-33427-6_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33426-9
Online ISBN: 978-3-642-33427-6
eBook Packages: Computer ScienceComputer Science (R0)