Sebastian Höhn

Rubacon: automated support for model-based compliance engineering

Compliance frameworks, laws and regulations such as Sarbanes Oxley, Basel II, Solvency II, HIPAA etc. demand from companies in a more and more rigorous way to demonstrate that their organisation, processes and supporting IT landscape implement and follow a set of guidelines at differing levels of abstraction. The work presented in this paper aims to contribute to a software engineering process which is driven by security, risk and compliance management considerations. We concentrate on a part of this approach that focusses on the question how one can use software engineering methods and tools to enforce that the configuration of a system enforces the security policies that arise from business compliance regulations. We present tool support for Model-based Compliance Engineering, i.e. for the model-based development and analysis of software configurations that ensures compliance with security policies. It allows one to check UML models of business applications and their configuration data for adherence to security policies and compliance requirements. The tool is based on standardized data formats, such as UML and XML, which makes its integration into existing business architectures as efficient as possible.

Sichere Nutzungskontrolle für mehr Transparenz in Finanzmärkten

ZusammenfassungGegenwärtige Mechanismen können die Sicherheitsanforderungen in dezentralen IT-Infrastrukturen, wie sie von den Finanzmarktanwendungen genutzt werden, nicht zuverlässig umsetzen. Damit Regularien wirksam werden können, ist die Zugangskontrolle zu den Objekten und Ressourcen nicht ausreichend, sondern es muss direkt die Nutzung der Anwendungen und ihre Ressourcen kontrolliert werden. Nutzungskontrollmechanismen schaffen – so der Anspruch – die nötige Transparenz und Evidenz, um die regelkonforme Nutzung der IT-Infrastruktur zu belegen. Mit Verfahren zur Informationsflusskontrolle und zur Umschreibung von Prozessen sind grundlegende Mechanismen hierzu vorhanden. Der Beitrag stellt die Verbindungen zwischen den Sicherheitseigenschaften gegenwärtiger IT-Infrastrukturen und den dezentralen Entscheidungssituationen auf Finanzmärkten zur Diskussion. Er zeigt, dass mit Mechanismen zur Nutzungskontrolle und entpersonalisierter Kommunikation Frühwarnsysteme für gesamtwirtschaftliche Ziele aufgebaut werden können, ohne die Handlungsfreiheit einzelner Akteure einzuschränken.

Model-based reasoning on the achievement of business goals

Business process modeling has been realized as a methodology for the optimization of workflows in enterprises. Process models help to formalize the actual workflow by describing the activities that are required to achieve a specific business goal. In order to make business processes compliant with laws and regulations, it is necessary in practice to rewrite them in a way such that they guarantee the compliance with the identified security properties. Our research towards automated process rewriting for compliance enforcement has revealed that an essential building block is the ability for reasoning on the achievement of business goals: rewriting is only practically applicable (regardless whether it is performed manually or automatically) if the resulting process still achieves the desired business goals. This paper presents an approach for the automated reasoning on the achievement of business goals based on semantic congruence relations.

Sicherheit im Ubiquitous Computing: Schutz durch Gebote?

Solange man unter Sicherheit vor allem Zugriffskontrolle versteht, bestehen wenig Chancen, ein angemessenes Sicherheitsniveau fur Systeme des Ubiquitous Computing zu erreichen. Solche Systeme sind vor allem durch die spontane Interaktion mobiler und kontextsensitiver Komponenten gepragt. Durch ihre Einfuhrung werden sich die Angriffe auf Computersysteme verandern, denn es ist offensichtlich, dass Fehler und damit eine der wichtigsten Quellen fur Schwachstellen in IT-Systemen bereits heute rasant zunehmen. Der Austausch von ausfuhrbarem Code wird die Fehlerrate weiter steigern. In diesem Beitrag wird ar-gumentiert, dass gegenwartige Sicherheitsmechanismen auf Zugriffskontrolle und Nutzeridentitaten basieren und dass damit keine ausreichende Modellbasis besteht, um Angriffen in Systemen des Ubiquitous Computing zu begegnen.

Bringing the user back into control: a new paradigm for usability in highly dynamic systems

The contribution of this paper is twofold. On the one hand, we report on the results of our investigation of different categories of usability issues. On the other hand, we introduce the ideas of context descriptive security models as a means of mastering the usability challenges of highly dynamic systems. Modern computer systems are involved in many situations of our daily lives. This means that newly deployed systems must be carefully designed in order to be correctly used by laypersons. The scenario we introduce shows that it is no longer feasible to argue that users must be educated in order to correctly operate these systems. As soon as such a system is deployed, for example, in a supermarket, the education-barrier will not be accepted: neither by the customer nor by the provider.

Automated Checking of SAP Security Permisisons

Configuring user security permissions in standard business applications (such as SAP systems) is difficult and error-prone. There are many examples of wrongly configured systems that are open to misuse by unauthorized parties.

Privacy-Aware Service Integration

Privacy mechanisms exist for monolithic systems. However, pervasive environments that gather user data to support advanced services provide little control over the data an individual releases. This is a strong inhibitor for the development of pervasive systems, since most users do not accept that their personal information is sent out to the wild, and potentially passed over to third party systems. We therefore propose a framework to support user control over the data made available to service providers in the context of an OSGi based Extensible Service Systems. A formal privacy model is defined and service and policy descriptions are deduced. Technical system requirements to support these policies are identified. Since guaranteeing privacy inside the system is of little help if any malicious entity can break into it, a security architecture for OSGi based Extensible Service Systems is also defined.