TECHNISCHE UNIVERSITÄT MÜNCHEN Fakultät für Informatik Lehrstuhl für Sicherheit in der Informationstechnik Model-based Security Engineering of Electronic Business Processes A framework for security engineering in the domain of business process management Jörn Gunnar Eichler Vollständiger Abdruck der bei der Fakultät für Informatik der Technischen Universität München zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften (Dr. rer. nat.) genehmigten Dissertation. Vorsitzender: Univ.-Prof. Dr. Florian Matthes Prüfer der Dissertation: 1. Univ.-Prof. Dr. Claudia Eckert 2. Univ.-Prof. Dr. Helmut Krcmar Die Dissertation wurde am 27.01.2015 bei der Technischen Universität München eingereicht und durch die Fakultät für Informatik am 11.05.2015 angenommen. ii Contents Kurzfassung . vii Abstract . ix 1. Introduction . 1 1.1. Motivation . 1 1.2. Problem Statement . 2 1.3. Objective and Approach . 4 1.4. Contributions . 6 1.5. Structure of the Thesis . 8 2. Background and Related Work . 11 2.1. Introduction . 11 2.2. Business Process Management . 11 2.2.1. General Terminology . 11 2.2.2. Business Process Life Cycle and Supporting Systems . 12 2.2.3. Business Process Modeling . 15 2.3. Software, Method, and Model-driven Engineering . 17 2.3.1. Software Engineering . 17 2.3.2. Method Engineering . 18 2.3.3. Model-driven Engineering . 22 2.4. Security . 27 2.4.1. General Terminology . 27 2.4.2. Security Engineering . 33 2.5. Related Work . 35 2.5.1. Approaches for Security Engineering of Electronic Business Processes . 36 2.5.2. Approaches for Model-based Security Engineering . 42 2.5.3. Discussion . 44 2.6. Summary . 45 3. Running Example: The Replan Process . 47 3.1. Introduction . 47 3.2. Background, Application, and Business Process Model . 47 3.3. Summary . 50 4. Security Engineering Process Model . 51 4.1. Introduction . 51 4.2. Requirements . 52 4.3. Design Approach . 55 4.4. Structure . 57 4.5. Activities . 63 4.5.1. Setup Process . 64 iii Contents 4.5.2. Identify Assets . 68 4.5.3. Assess Security Goals . 70 4.5.4. Model Threats . 72 4.5.5. Elicit Security Requirements . 74 4.5.6. Design Controls . 77 4.5.7. Map Controls . 80 4.5.8. Generate Control Artifacts and Test Cases . 83 4.6. Guidance . 84 4.6.1. Provide Guidance Artifacts for Existing Methods . 84 4.6.2. Rate Security Goals Adapting IT-BPM . 86 4.7. Tool Support and Integration . 90 4.7.1. Tool Support to Tailor a Security Engineering Process . 91 4.7.2. Integration into Software Development Process Models . 95 4.8. Summary . 99 5. Security Engineering Modeling Language . 101 5.1. Introduction . 101 5.2. Requirements . 102 5.3. Design Approach . 104 5.4. Description . 106 5.4.1. Structure . 107 5.4.2. Classification . 108 5.4.3. Rating . 110 5.4.4. Analysis and Design . 112 5.4.5. Relating SecEML and Business Process Models . 115 5.4.6. Concrete Syntax . 117 5.5. Implementation . 118 5.6. Summary . 123 6. Exemplary Study . 125 6.1. Introduction . 125 6.2. Analysis Criteria . 125 6.3. The Replan Process . 127 6.3.1. Setup Process . 128 6.3.2. Identify Assets . 130 6.3.3. Assess Security Goals . 131 6.3.4. Model Threats . 131 6.3.5. Elicit Security Requirements . 132 6.3.6. Design Controls . 133 6.3.7. Map Controls . 133 6.3.8. Generate Control Artifacts and Test Cases . 134 6.4. Application Experiences . 134 6.5. Comparison of Approaches . 137 6.5.1. Comparison of the Process Models . 137 6.5.2. Comparison of the DSMLs . 140 6.5.3. Aggregation . 142 iv Contents 6.6. Discussion . 145 6.7. Summary . 147 7. Conclusion . 149 7.1. Summary of Contributions . 149 7.2. Findings . 150 7.3. Future Work . 152 A. SecEML Grammar . 155 B. Work Products from the Exemplary Study . 161 B.1. Business Process Model . 161 B.2. Process Model Configuration . 163 B.3. Threat Catalog . 166 B.4. Control Catalog . ..