opbus: a framework for improving the dependability of risk-aware business processes
DESCRIPTION
Slides for thesis defense.TRANSCRIPT
![Page 1: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/1.jpg)
OPBUS: A Framework for Improving theDependability of Risk-Aware Business
Processes
Ángel Jesús Varela Vaca
Supervised byDr. Rafael Martínez Gasca
![Page 2: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/2.jpg)
Goal: Goal: qualityquality improvement of business improvement of businessprocess managementprocess management
Introduction
2
![Page 3: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/3.jpg)
Outline
3
![Page 4: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/4.jpg)
Outline
4
![Page 5: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/5.jpg)
Motivation
5
![Page 6: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/6.jpg)
Motivation
6
![Page 7: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/7.jpg)
Motivation
7
![Page 8: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/8.jpg)
Motivation
8
![Page 9: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/9.jpg)
Motivation
9
![Page 10: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/10.jpg)
BPM life-cycle
10
Business Procesos Modeling
Validation, Simulation, Verification
Process Mining Business Activity
Monitoring
Implementation Test & Deployment
Operation, Monitoring, Maintenance
Enactment Configuration
Design & Analysis
Evaluation
![Page 11: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/11.jpg)
Design and Analysis
11
•Determine, analyze and evaluate risks
Design & Analysis
• Validation analysis• Verification analysis• Performance analysis• Diagnosis analysis
Risk assessment
[10-20] [10-20]
[10-20]
[10-20]
[10-20]
[15-30] [50-60] [15-30]
![Page 12: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/12.jpg)
Configuration
12
• Selection and implementation of countermeasures.
Configuration
Risk treatment
Select the best configuration to treat non-acceptable risks.
![Page 13: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/13.jpg)
Enactment
13
Enactment• Ensure the delivering of correct business
process services in presence of faults.
Fault Tolerance
![Page 14: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/14.jpg)
Outline
14
![Page 15: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/15.jpg)
OPBUS: The framework
15
Enactment Configuration
Design & Analysis
Evaluation
Feature Oriented Domain Analysis
Feature Oriented Domain Analysis
Model-based fault diagnosisModel-based
fault diagnosis
Model-based fault diagnosisModel-based
fault diagnosis
![Page 16: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/16.jpg)
Model-based Fault Diagnosis
16
SDM1: x = a*cM2: y = b*dM3: z = c*eA1: f = x+yA2: g = y+z
OMa = 2b = 2c = 3d = 3e = 2f = 10g = 12
Conflicts{A1, M1, M2}{A1, A2, M1, M3}
Diagnoses{A1}{M1}{M2, A2}{M2, M3}
![Page 17: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/17.jpg)
Model-based Fault Diagnosis
17
17
DiagnosesDiagnoses
ObservationsObservations
Structural Relations
Structural RelationsModelModel
BMx = a*cy = b*dz = c*ef = x+yg = y+z
Structural relationsARR1: f-a*c-b*d=0ARR2: g-b*d-c*e=0ARR3: f-g-c*(a-e)=0
A1 A2 M1 M2 M3
ARR1 1 0 1 1 0ARR2 0 1 0 1 1ARR3 1 1 1 0 1
Obsa = 2b = 2c = 3d = 3e = 2f = 10g = 12
Diagnoses{A1}{M1}
![Page 18: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/18.jpg)
Feature-Oriented Domain Analysis
18
Example of SSL/TSL enforcement for strong encryptation
# allow all ciphers for the initial handshake,# so export browsers can upgrade via SGC facility
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
<Directory /usr/local/apache2/htdocs> # but finally deny all browsers which haven't upgraded SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128</Directory>
![Page 19: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/19.jpg)
Constraint Programming
19
Model-based fault diagnosisModel-based
fault diagnosis
Feature Oriented Domain Analysis
Feature Oriented Domain Analysis
![Page 20: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/20.jpg)
Outline
21
![Page 21: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/21.jpg)
22
Context
![Page 22: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/22.jpg)
Name ModellingSecurity
DimensionsCost Objectives
ThreatsVuln.
ControlsAutomatic
analysisRisk
estimationControl flow
Cope et al. 2010 BPMN √ √ √
Muehlem et al. 2005 EPC Partial Partial Partial √ √
Lambert et al. 2006 IDEF √ √
OPBUS * √ √ √ √ √ √ √ √Churilov et al. 2006 EPC √ √
Rodriguez et al. 2006 UML √ √
Menzel et al. 2009 BPMN √ √ √
Jakoubi et al. 2009 Any √ √ Partial √ Partial
Neubauer et al. 2005 Any √ Partial Partial √
Sackman et al. 2008 Any √ √ Partial Partial Partial
Fenz et al. 2009 Petri-Nets √ Partial √
Neubauer et al. 2008 Any √ √ √ √ Partial √
Xue Bai et al. 2012 BPMN √ √ √ Partial √ √
23
Related work
![Page 23: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/23.jpg)
24
Problem statements
![Page 24: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/24.jpg)
25
Risk-Aware Business Processes
![Page 25: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/25.jpg)
26
Risk-aware Business Processes
![Page 26: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/26.jpg)
27
Risk-aware Business Processes
![Page 27: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/27.jpg)
28
Risk-aware Business ProcessesBusiness process model extended with risk information and properties.
![Page 28: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/28.jpg)
29
Risk-aware Business Processes
AUTOMATIC
RISK CONFORMANCE
![Page 29: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/29.jpg)
30
Risk estimation of BP models
= f(Value , Frequency, Consequence)
A1
Integrity: [1-5]Vulnerability: CWE-255: Credentials Management
Name: CVE-2010-2370Description: Oracle BPM allows remote attackers to affect integrity, related to BPMFrequency: [1-5]Consequence: [1-5]Vulnerabilities: CWE-255
How to calculate the risk of a BP model?
![Page 30: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/30.jpg)
31
Risk estimation of BP models
S.-M. Huang et al., “Enhancing conflict S.-M. Huang et al., “Enhancing conflict detecting mechanism for Web Services ...”, detecting mechanism for Web Services ...”, Inform. Softw. Technol. (2007)Inform. Softw. Technol. (2007)
![Page 31: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/31.jpg)
32
Risk estimation of BP models
A1 A2A3
A4A5
BP1 = A1
D1
D1 A2
MAX( A3 A4 A5
+ + +
, ) + ) / 5
(
Estimating risk of BP models
![Page 32: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/32.jpg)
37
Risk evaluation of BP models
A1 A2A3
A4A5
D1
✔
![Page 33: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/33.jpg)
38
Diagnosis of non-conformance of risk
![Page 34: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/34.jpg)
39
Determination of PEFs
Determination of PEFs
![Page 35: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/35.jpg)
40
CSP ModelRisk-Aware BP model CSP model
Automatic Transformation
![Page 36: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/36.jpg)
41
CSP Model
Automatic Transformation
Risk-Aware BP model CSP model
![Page 37: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/37.jpg)
42
CSP Model
Automatic Transformation
Risk-Aware BP model CSP model
![Page 38: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/38.jpg)
43
CSP ModelRisk-Aware BP model CSP model
![Page 39: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/39.jpg)
45
Identifying PEFs, Activities & Artifacts
![Page 40: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/40.jpg)
46
Automatic Diagnosis – MDAModel-driven Architecture approachDifferent risk evaluation strategies:•FMEA, MAGERIT, CRAMM, Customized, …Multiple platforms for Constraint Programming:•Choco, COMET, CPLex, …Different strategy of searches: •Exhaustive, local search, hybrid …
![Page 41: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/41.jpg)
Implementation and Results
47
Tools development of eclipse plug-in:• Customizable BPMN editor• Integration Multi-CP solvers• Validation capabilities: structural faults.• Automatic and dynamic transformations and diagnosis of non-conformances
![Page 42: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/42.jpg)
Implementation and Results
48
![Page 43: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/43.jpg)
Outline
49
![Page 44: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/44.jpg)
Context
50
A1 A2A3
A4A5
D1
Identify threats, vulnerabilities and elements of BPs to be treated
What security controls must be configured together with business processes in order to correct non-conformance of risks
Manual Time-consuming
![Page 45: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/45.jpg)
Problem statements
51
How to formalize security countermeasures?
How to select adequate security controls according to requirements/objectives/goals of organizations?
Security patterns
• Textual• Informal• Natural language
Inference mechanisms• Feature-Oriented Domain Analysis (FODA)• Constraint Programming Techniques• Multi-objective strategy (cost-benefit, MTTR-development
time, …)
Extended & Formalized• Feature models
![Page 46: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/46.jpg)
Modelling security patterns
52
Name
Security GoalsSecurity Goals
Security IntentionSecurity Intention
Problem
Context
Solutions
Forces
Feature model: Domain of configurationsOperators:
SELECT CHECK
Integrity, Confidentiality, Availability, …
Data integrity, Fault Tolerance, Enforce Authentication, …
Vulnerability: CWE-523: Unprotected Transport of Credentials
Operators: OPTIONAL MANDATORY
![Page 47: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/47.jpg)
Security controls – Confidentiality & Integrity & Authentication
53
Nombre Description
Security Goals: Confidentiality, Integrity, Authentication
Security Intention: Enforcerment SSL/TLS
Problem CWE-523: Unprotected Transport of Credentials
CWE-523: Unprotected Transport of Credentials
![Page 48: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/48.jpg)
Security controls – Confidentiality & Integrity & Authentication
54
Enforcement of SSL/TLSStandards SSL v2.0, TLS v1.0, TLS v1.1, SSL v3.0Cipher Suite: high variability
Nombre Description
Security Goals: Confidentiality, Integrity, Authentication
Security Intention: Enforcerment SSL/TLS
Problem CWE-523: Unprotected Transport of Credentials
![Page 49: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/49.jpg)
Security controls – Confidentiality & Integrity & Authentication
55
SSL/TLS enables:Confidentiality: encrypting dataIntegrity: message authentication codeAuthentication: digital signatures and/or certificate.
Lot of cross-tree constraints !!!
Metrics:
![Page 50: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/50.jpg)
Security control – Availability & Integrity
56
CWE-390: Detection of Error Condition Without Action
Name Description
Security Goals: Availability, Integrity
Security Intention: Fault Tolerance
Problem CWE-390: Detection of Error Condition Without Action
![Page 51: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/51.jpg)
Security control – Availability & Integrity
57
Fault tolerance:Error detectionRecovery management
Metrics:
![Page 52: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/52.jpg)
Security control – Authorization
58
Name Description
Security Goals: Authorization
Security Intention: Enfocerment Authorization
Problem CWE-89 - SQL injectionCWE-79 - Cross-site Scripting
• CWE-89 - SQL injection• CWE-79 - Cross-site Scripting
![Page 53: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/53.jpg)
Security control – Authorization
59
Name Description
Security Goals: Authorization
Security Intention: Enfocerment Authorization
Problem CWE-89 - SQL injectionCWE-79 - Cross-site Scripting
Enforcement of Authorization:Information filtering via Web Application Firewalls (WAFs)Configuration rule set: High variability
SecRuleREQUEST_HEADERS:Host "^$" \"phase:2,rev:'2.2.4',t:none,block,msg:'Empty Host Header',id:'960007',tag:'PROTOCOL_VIOLATION/MISSING_HEADER_HOST',severity:'5',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},setvar:tx.protocol_violation_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-PROTOCOL_VIOLATION/MISSING_HEADER-%{matched_var_name}=%{matched_var}"
SecRuleREQUEST_HEADERS:Host "^$" \"phase:2,rev:'2.2.4',t:none,block,msg:'Empty Host Header',id:'960007',tag:'PROTOCOL_VIOLATION/MISSING_HEADER_HOST',severity:'5',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},setvar:tx.protocol_violation_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-PROTOCOL_VIOLATION/MISSING_HEADER-%{matched_var_name}=%{matched_var}"
Example of rule
![Page 54: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/54.jpg)
CSP model
60
Formal models
CP
// VariablesBoolean C1,C2,C3,C4,C5,C6,C7Integer x,y,z;// Feature modelC1 ↔ C2C3 → C1C2 ↔(C6 ∨ C7 ∨ C8)C5 → C6 // require// Extra functionsC1 → x = y + zC4 → z = value1C5 → z ≥ r11 z ≤ r12˄C6 → y = value2C7 → y = value3C8 → y ≥ r21 y ≤ r22˄// OperationMaximize(x)
Transformation
![Page 55: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/55.jpg)
Performance & Analysis Results
61
FeatureModel (FM)
Number ofFeatures
Mandatory Optional XOR OrVoid
feature model
Legalconfigurations
Time(ms)
Fault Tolerance (FT) 17 8 1 7 0 × 7 9SSL/TLS 49 10 0 42 5 × 3.683 4.699WAF 62 6 6 57 4 × 241.920 77.427
![Page 56: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/56.jpg)
Analysis & Performance results
62
FeatureModel
Optimizationcriteria
ConfigurationsTime(ms)
SSL/TLS
Single Objective: Minimize (ALE) 13.138 2.041Single Objective: Maximize (AROR) 5.268 1.255Single Objective: Minimize (Cost) 1.800 2.394Multi-objective: Maximize (AROR) + Minimize (ALE) 5.268 5.257Multi-objective: Minimize (Cost) + Minimize (ALE) 0 406Multi-objective: ~Minimize (Cost) + Minimize (ALE) 108 880
Fault Tolerance
Single Objective: Minimize (MTTR) 4 39Single Objective: Maximize (Risk Reduction) 58 42Multi-objective: Minimize (MTTR) + Maximize (Risk Reduction) 36 39
#Digital Signature Certificate CipherSuite
ProtocolObjective
PSK SRP Anon. X.509 OpenPGPKeyChange
MethodCipherEnc MAC ALE Cost
1 √ RSA TLSv1.0 2.000 452 √ RSA MD5 TLSv1.0 2.000 453 √ RSA IDEA-128 SHA-1 TLSv1.1 2.000 504 √ Fortezza SHA-256 TLSv1.1 2.000 505 √ DHE_RSA 3DES 168 SHA-1 TLSv1.1 2.000 50
![Page 57: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/57.jpg)
Outline
63
![Page 58: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/58.jpg)
Context
64
A1 A2A3
A4A5
D1
![Page 59: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/59.jpg)
Problem statements
65
![Page 60: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/60.jpg)
Fault Tolerance Layer (FTL)
66
Recovery mechanisms
Dynamic Binding
Replication and redundancy
Software diversity
Check-pointing
Error detection
Detect Discrepancies
Fault Diagnosis
![Page 61: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/61.jpg)
Error Detection & Fault Diagnosis
67
A1 A2A3
A4A5
FTL
![Page 62: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/62.jpg)
FTL – Error Detection & Fault Diagnosis
68
A1 A2A3
A4A5
C1 ≡ A1 = x + yC2 ≡ A1 = dC3 ≡ A2 = d * z
MAXIMIZE(C1,C2,…)
A1, A2
![Page 63: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/63.jpg)
Recovery – Dynamic binding
70
+ Primary-backup
FTL
![Page 64: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/64.jpg)
Recovery – Diversity
71
FTL
![Page 65: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/65.jpg)
FTL – Recovery
72
FTL
![Page 66: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/66.jpg)
Performance results
73
![Page 67: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/67.jpg)
Performance results
74
![Page 68: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/68.jpg)
FTL - Summary
75
Recovey DiagnosisDiagnosis Check-pointsCheck-points No. ReplicasNo. Replicas MiscMisc MTTRMTTR
Dynamic Binding Dynamic Binding 2/12/1
DB-Redundant DB-Redundant BinderBinder
2/12/1 Compensation Compensation handlershandlers
N-VersioningN-Versioning NN AdjudicatorAdjudicator
Check-pointingCheck-pointing 2/12/1 Compensation Compensation handlershandlers
+
=
+
+
![Page 69: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/69.jpg)
Outline
76
![Page 70: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/70.jpg)
Final Remarks
78
Risk-AwarenessRisk-Awareness
DependabilityDependability
Flexibility & AgilityFlexibility & Agility
Efficiency & Efficiency & OptimizationOptimization
Risk extensionRisk extension
Risk analysisRisk analysis
Risk treatmentRisk treatment
IntegrityIntegrity
ConfidentialityConfidentiality
AvailabilityAvailability
ReliabilityReliability
AutomationAutomation
AdaptableAdaptable
Multi-platformMulti-platform
Model-Based DiagnosisModel-Based Diagnosis
Constraint ProgrammingConstraint Programming
FODAFODA
BPMBPMQualityQualityBPMBPM
QualityQuality
![Page 71: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/71.jpg)
Outline
79
![Page 72: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/72.jpg)
Best Paper AwardBest Paper Award
DEPEND’10 (Best Paper Award)
DEPEND’10 (Best Paper Award)
CISIS’10 (CORE B)CISIS’10 (CORE B)
Publications and Research findings
80
DX’10DX’10
SECRYTP’11 (CORE B)SECRYTP’11 (CORE B)
RCIS’11 (CORE B)RCIS’11 (CORE B)
IJAS ‘11 Google Scholar
IJAS ‘11 Google Scholar
CISIS’12 (CORE B)CISIS’12 (CORE B)
AEI’12AEI’12
IST ‘13 JCR (2012)
1.250
IST ‘13 JCR (2012)
1.250
JSS ‘13 JCR (2011)
0.836
JSS ‘13 JCR (2011)
0.836 JSS ‘11 JCR (2010)
1.293
JSS ‘11 JCR (2010)
1.293
ConferenceConference
WorkshopWorkshop
Journal in third reviewJournal in third review
Journal PublishedJournal Published
![Page 73: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/73.jpg)
Research stay and projects
81
![Page 74: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/74.jpg)
Other research findings
82
![Page 75: OPBUS: A framework for improving the dependability of risk-aware business processes](https://reader034.vdocuments.us/reader034/viewer/2022052622/5593e0841a28abe90b8b4760/html5/thumbnails/75.jpg)
THANK YOU FOR YOUR ATTENTIONTHANK YOU FOR YOUR ATTENTION
Ángel J. Varela VacaÁngel J. Varela VacaUniversidad de Sevilla,Universidad de Sevilla,
E.T.S. Ingeniería Informática, E.T.S. Ingeniería Informática, Departamento de Lenguajes y Sistemas Informáticos,Departamento de Lenguajes y Sistemas Informáticos,
E-mailE-mail:: [email protected]@us.esLinkedinLinkedin: angeljesusvarelavaca: angeljesusvarelavaca
ProyectoProyecto OPBUSOPBUS: : http://www.lsi.us.es/~quivir/index.php/OPbus/HomePage http://www.lsi.us.es/~quivir/index.php/OPbus/HomePage
THANK YOU FOR YOUR ATTENTIONTHANK YOU FOR YOUR ATTENTION
Ángel J. Varela VacaÁngel J. Varela VacaUniversidad de Sevilla,Universidad de Sevilla,
E.T.S. Ingeniería Informática, E.T.S. Ingeniería Informática, Departamento de Lenguajes y Sistemas Informáticos,Departamento de Lenguajes y Sistemas Informáticos,
E-mailE-mail:: [email protected]@us.esLinkedinLinkedin: angeljesusvarelavaca: angeljesusvarelavaca
ProyectoProyecto OPBUSOPBUS: : http://www.lsi.us.es/~quivir/index.php/OPbus/HomePage http://www.lsi.us.es/~quivir/index.php/OPbus/HomePage