Short Introduction Achim D. Brucker a.brucker@sheffield.ac.uk http://www.brucker.uk/ Department of Computer Science, The University of Sheffield, Sheffield, UK Dagstuhl Seminar 16191: “Fresh Approaches to Business Process Modeling” http://www.dagstuhl.de/16191 08.05.2016 – 13.05.2016
Personal Background E n e g i r n a e w e t r Since 12/2015: f i o n S g Senior Lecturer at The University of Sheffield, UK Software Assurance (Security, Reliability), I n Model-driven Engineering, Formal Methods f s o d r o m h SAP SE, Germany a t e t M i o n Member of the central security team l a S m e c r u o r F i t Security Testing Strategist y Security Research Expert/Architect Work areas: Ensure that SAP products are build securely Development new security features for SAP products Applied research (security, reliability, . . . ) . . . PhD (Dr. sc. ETH) from ETH Zurich, Switzerland http://www.brucker.uk/ A.D. Brucker The University of Sheffield Short Introduction 08.02.2015 – 13.08.2015 2
Model-driven Security for Business Process-driven Systems Contributions to the Seminar Security aware process-driven systems Modelling Implementation Operation Technology A.D. Brucker The University of Sheffield Short Introduction 08.02.2015 – 13.08.2015 3
Model-driven Security for Business Process-driven Systems Contributions to the Seminar Security aware process-driven systems Modelling Extending BPPMN with security and compliance aspects SecureBPMN (BPMN 1.x, access control and compliance) SecBPMN (BPMN 2.0, broad security scope, rather abstract) Formal analysis of security annotated BPMN models Dolve-Yao-style attacker model SAT-based model-checker (SATMC) Implementation Operation Technology A.D. Brucker The University of Sheffield Short Introduction 08.02.2015 – 13.08.2015 3
Model-driven Security for Business Process-driven Systems Contributions to the Seminar Security aware process-driven systems Modelling Implementation BPMN execution engines Generic extension with security hooks Semi-manual implementation Security-aware BPMN execution engines Generation of code including security enforcement Static source code analysis (based on secure BPMN spec.) of manual implementation and configurations Generation of security configurations XACML policies Log/audit configurations Operation Technology A.D. Brucker The University of Sheffield Short Introduction 08.02.2015 – 13.08.2015 3
Model-driven Security for Business Process-driven Systems Contributions to the Seminar Security aware process-driven systems Modelling Implementation Operation Identify/user management Consistency check of federated user management Enforcement XACML policies Monitoring Runtime monitoring using ConSpec Technology A.D. Brucker The University of Sheffield Short Introduction 08.02.2015 – 13.08.2015 3
Model-driven Security for Business Process-driven Systems Contributions to the Seminar Security aware process-driven systems Modelling Implementation Operation Technology BPMN-based systems: Activiti BPMN SAP Netweaver BPMN jBPMN (JBoss/RedHat) Artifact-based/Transaction-based systems SAP Business Suite (ABAP) SAP HANA (RDL) A.D. Brucker The University of Sheffield Short Introduction 08.02.2015 – 13.08.2015 3
Thank you for your attention! Any questions or remarks? Contact: Dr. Achim D. Brucker Phone: +44 114 22 21806 Department of Computer Science https://de.linkedin.com/in/adbrucker University of Sheffield https://www.brucker.uk Regent Court https://www.logicalhacking.com 211 Portobello St. Sheffield S1 4DP a.brucker@sheffield.ac.uk UK
Recommend
More recommend