Angel Jesus Varela-Vaca

A Model-Driven engineering approach with diagnosis of non-conformance of security objectives in business process models

Several reports indicate that the highest business priorities include: business improvement, security, and IT management. The importance of security and risk management is gaining that even government statements in some cases have imposed the inclusion of security and risk management within business management. Risk assessment has become an essential mechanism for business security analysts, since it allows the identification and evaluation of any threats, vulnerabilities, and risks to which organizations maybe be exposed. In this work, a framework based on the concepts of Model-Driven Development has been proposed. The framework provides different stages which range from a high abstraction level to an executable level. The main contribution lie in the presentation of an extension of a business process meta-model which includes risk information based on standard approaches. The meta-model provides necessary characteristics for the risk assessment of business process models at an abstract level of the approach. The framework has been equipped with specific stages for the automatic validation of business processes using model-based diagnosis which permits the detection of the non-conformance of security objectives specified. The validation stages ensure that business processes are correct with regard to the objectives specified by the customer before they are transformed into executable processes.

Towards the automatic and optimal selection of risk treatments for business processes using a constraint programming approach

Context: The use of Business Process Management Systems (BPMS) has emerged in the IT arena for the automation of business processes. In the majority of cases, the issue of security is overlooked by default in these systems, and hence the potential cost and consequences of the materialization of threats could produce catastrophic loss for organizations. Therefore, the early selection of security controls that mitigate risks is a real and important necessity. Nevertheless, there exists an enormous range of IT security controls and their configuration is a human, manual, time-consuming and error-prone task. Furthermore, configurations are carried out separately from the organization perspective and involve many security stakeholders. This separation makes difficult to ensure the effectiveness of the configuration with regard to organizational requirements. Objective: In this paper, we strive to provide security stakeholders with automated tools for the optimal selection of IT security configurations in accordance with a range of business process scenarios and organizational multi-criteria. Method: An approach based on feature model analysis and constraint programming techniques is presented, which enable the automated analysis and selection of optimal security configurations. Results: A catalogue of feature models is determined by analyzing typical IT security controls for BPMSs for the enforcement of the standard goals of security: integrity, confidentiality, availability, authorization, and authentication. These feature models have been implemented through constraint programs, and Constraint Programming techniques based on optimized and non-optimized searches are used to automate the selection and generation of configurations. In order to compare the results of the determination of configuration a comparative analysis is given. Conclusion: In this paper, we present innovative tools based on feature models, Constraint Programming and multi-objective techniques that enable the agile, adaptable and automatic selection and generation of security configurations in accordance with the needs of the organization.

A Security Pattern-Driven Approach toward the Automation of Risk Treatment in Business Processes

Risk management has become an essential mechanism for business and security analysts, since it enable the identification, evaluation and treatment of any threats, vulnerabilities, and risks to which organizations maybe be exposed. In this paper, we discuss the need to provide a standard representation of security countermeasures in order to automate the selection of countermeasures for business processes. The main contribution lies in the specification of security pattern as standard representation for countermeasures. Classical security pattern structure is extended to incorporate new features that enable the automatic selection of security patterns. Furthermore, a prototype has been developed which support the specification of security patterns in a graphical way.

AFPL2, an Abstract Language for Firewall ACLs with NAT Support

The design and management of firewall ACLs is a very hard and error-prone task. Part of this complexity comes from the fact that each firewall platform has its own low-level language with a different functionality, syntax, and development environment. Although high-level languages have been proposed to model firewall ACLs, none of them has been widely adopted by the industry due to a combination of factors: high complexity, no support of important features of firewalls, etc. In this paper the most important access control policy languages are reviewed, with special focus on the development of firewall ACLs. Based on this analysis, a new domain specific language for firewall ACLs (AFPL2) is proposed, supporting more features that other languages do not cover (e.g. NAT). As the result of our design methodology, AFPL2 is very lightweight and easy to use. AFPL2 can be translated to existing low-level firewall languages, or be directly interpreted by firewall platforms, and is an extension to a previously developed language.

Polynomial Heuristic Algorithms for Inconsistency Characterization in Firewall Rule Sets

Firewalls provide the first line of defence of nearly all networked institutions today. However, Firewall ACLs could have inconsistencies, allowing traffic that should be denied or vice versa. In this paper, we analyze the inconsistency characterization problem as a separate problem of the diagnosis one, and propose formal definitions in order to characterize one-to- many inconsistencies. We identify the combinatorial part of the problem that generates exponential complexities in combined diagnosis and characterization algorithms proposed by other authors. Then we propose a decomposition of the combinatorial problem in several smaller combinatorial ones, which can effectively reduce the complexity of the problem. Finally, we propose an approximate heuristic and algorithms to solve the problem in worst case polynomial time. Although many algorithms have been proposed to address this problem, all of them are combinatorial. The presented algorithms are an heuristic way to solve the problem with polynomial complexity. There are no constraints on how rule field ranges are expressed.

Fast Algorithms for Local Inconsistency Detection in Firewall ACL Updates

Filtering is a very important issue in next generation networks. These networks consist of a relatively high number of resource constrained devices with very special features, such as managing frequent topology changes. At each topology change, the access control policy of all nodes of the network must be automatically modified. In order to manage these access control requirements, firewalls have been proposed by several researchers. However, many of the problems of traditional firewalls are aggravated due to these networks particularities. In this paper we deeply analyze the local consistency problem in firewall rule sets, with special focus on automatic frequent rule set updates, which is the case of the dynamic nature of next generation networks. We propose a rule order independent local inconsistency detection algorithm to prevent automatic rule updates that can cause inconsistencies. The proposed algorithms have very low computational complexity as experimental results will show, and can be used in real time environments.

CONFIDDENT: A model-driven consistent and non-redundant layer-3 firewall ACL design, development and maintenance framework

Design, development, and maintenance of firewall ACLs are very hard and error-prone tasks. Two of the reasons for these difficulties are, on the one hand, the big gap that exists between the access control requirements and the complex and heterogeneous firewall platforms and languages and, on the other hand, the absence of ACL design, development and maintenance environments that integrate inconsistency and redundancy diagnosis. The use of modelling languages surely helps but, although several ones have been proposed, none of them has been widely adopted by industry due to a combination of factors: high complexity, unsupported firewall important features, no integrated model validation stages, etc. In this paper, CONFIDDENT, a model-driven design, development and maintenance framework for layer-3 firewall ACLs is proposed. The framework includes different modelling stages at different abstraction levels. In this way, non-experienced administrators can use more abstract models while experienced ones can refine them to include platform-specific features. CONFIDDENT includes different model diagnosis stages where the administrators can check the inconsistencies and redundancies of their models before the automatic generation of the ACL to one of the many of the market-leader firewall platforms currently supported.

A Quadratic, Complete, and Minimal Consistency Diagnosis Process for Firewall ACLs

Developing and managing firewall Access Control Lists (ACLs) are hard, time-consuming, and error-prone tasks for a variety of reasons. Complexity of networks is constantly increasing, as it is the size of firewall ACLs. Networks have different access control requirements which must be translated by a network administrator into firewall ACLs. During this task, inconsistent rules can be introduced in the ACL. Furthermore, each time a rule is modified (e.g. updated, corrected when a fault is found, etc.) a new inconsistency with other rules can be introduced. An inconsistent firewall ACL implies, in general, a design or development fault, and indicates that the firewall is accepting traffic that should be denied or vice versa. In this paper we propose a complete and minimal consistency diagnosis process which has worst-case quadratic time complexity with the number of rules in a set of inconsistent rules. There are other proposals of consistency diagnosis algorithms. However they have different problems which can prevent their use with big, real-life, ACLs: on the one hand, the minimal ones have exponential worst-case time complexity; on the other hand, the polynomial ones are not minimal.

Guiding the Creation of Choreographed Processes with Multiple Instances Based on Data Models

Choreography in business processes is used as a mechanism to communicate various organizations, by providing a method to isolate the behaviour of each part and keeping the privacy of their data. Nevertheless, choreography diagrams can also be necessary inside an organization when a single instance of a process needs to interact and be synchronized with multiple instances of another process simultaneously. The description, by business experts, and the implementation, by developers, of these choreographed models are highly complex, especially when the activities involved in the processes exchange various data objects and with different cardinalities. We propose the automatic detection of the synchronization points, when a choreographed process model is needed. The choreography will be derived from the analysis of the process model, data objects consumed and generated through the process, and the data conceptual model that relates the data objects. A graphical tool has been developed to support where the synchronization points must be included, helping to decide about the patterns that describe how a single model can be transformed into a choreographed model.

Contract-based test generation for data flow of business processes using constraint programming

The verification of the properties of a business process (BP) has become a significant research topic in recent years. In the early stages of development, the BP model (e.g. BPMN, EPC), the BP contract (task contract, regulations and laws, business rules), and the test objectives (requirements) are the only elements available. In order to support the modellers, automatic tools must be provided in order to check whether their business processes are in line with the BP contract. This paper proposes a new business process called the automatic test-case generator to automate the generation of test cases and verify that a BP has the intended functionality (semantic conformance). This generator is analysed, designed and implemented by taking into account the following tasks: Annotation of the BP model with the business process contract, calculation of the various data flow paths, transformation of these data flow paths into SSA form, and a modelling of a constraint satisfaction problem (constraint programming) of the BP contract for all data flow paths. The execution of this business process generates the test cases automatically.