Runtime Verification of Business Processes and Information Security Management

runtime verification of business processes n.w
1 / 19
Embed
Share

"Learn about the importance of runtime verification in business processes, information security management defined by the C-I-A triad, and quality assurance practices. Explore the main objectives and related implementations of VPP-2 at the University of Latvia in 2016. Find out how processes, security, and quality are ensured in a dynamic environment."

  • Business Processes
  • Information Security
  • Quality Assurance
  • VPP-2
  • University of Latvia
rayaanacharya
okin Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Runtime Verification of Business Processes J nis Bi evskis, University of Latvia VPP-2.posms, 2016, Riga

  2. Security Information security is defined within the standard in the context of the C-I-A triad: the preservation of confidentiality (ensuring that information is accessible only to those authorized to have access), integrity (safeguarding the accuracy and completeness of information and processing methods) availability (ensuring that authorized users have access to information and associated assets when required). ISO/IEC 27002 provides best practice recommendations on information security management.

  3. Processes define activity systems staff proceses VPP-2.posms, 2016, Riga

  4. Initial question Does business process runs correctly? Process can run over more than one IS Environment is changing May be process instance is late? Some processes only partly are supported by IS VPP-2.posms, 2016, Riga

  5. Quality assurance Static analysis software is verified without execution Dynamic analysis software verification using test examples in the testing environment Runtime verification software is verified continuously during runtime in the live environment VPP-2.posms, 2016, Riga

  6. Main objectives Provide verification for processes without built-in verification mechanism Provide verification for processes running in heterogeneous environment Provide early warning and error messaging system Provide easy and dynamic definition of process verification descriptions VPP-2.posms, 2016, Riga

  7. VPP-2.posms, 2016, Riga

  8. Related implementations Hardware and software monitoring Widely used in embedded systems: automotive industrial machinery Document management and workflow systems monitoring SOA proxy verifies request, responses, execution patterns and timing VPP-2.posms, 2016, Riga

  9. Problems Built-in solutions Implemented for one system or one platform SOA proxy only for webservices and intervening with execution VPP-2.posms, 2016, Riga

  10. Correctness criteria Process is executed by legal execution path Required actions are executed Execution time limits are not violated VPP-2.posms, 2016, Riga

  11. Proposed solution Verification process is designed for each base process Controller verifies process execution using process verification description Process execution events are detected by agents VPP-2.posms, 2016, Riga

  12. Base process -> verification process VPP-2.posms, 2016, Riga

  13. Proposed solution Verification process is designed for each base process Controller verifies process execution using process verification description Process execution events are detected by agents VPP-2.posms, 2016, Riga

  14. Verification mechanism controller <-> agents VPP-2.posms, 2016, Riga

  15. Process verification description language Base element event describing activity: type parameters agent & address timing (fixed time or relative) Event order Events may have subevents Variables are used to link events VPP-2.posms, 2016, Riga

  16. Lessons learned by prototyping Rather detailed base process execution model must be available Agent delays and some peculiarities should be taken into account Agents must be developed with minimum overhead for runtime environment: event-based recomended VPP-2.posms, 2016, Riga

  17. Performance issues Agents identified all of requested evetns Errors were caused by the controller workload event request reached agent after event occured Event detection could be requested more than one step ahead 70% Missed/false negative events 60% 50% 40% False negative 30% 20% Missed events 10% 0% 150 175 200 Instances (150 40events/s, 400 60 evetns/s) 225 250 275 300 325 350 375 400 VPP-2.posms, 2016, Riga

  18. Summary Solution is applicable for heterogeneous environment No changes are required in running systems Set of agents may be supplements without any changes in controller or verification process descriptions Solution is applicable for wide area of problems: high level business processes document processing systems time critical data processing systems VPP-2.posms, 2016, Riga

  19. Thank you for attention! Questions? VPP-2.posms, 2016, Riga

Related


No related presentations.

More Related Content