Simulation runs define the single execution steps of a simulation procedure. Each simulation run refers to a Petri net and specifies the number of traces that should be generated during the simulation. Petri nets can be imported in PNML format. At the moment, SecSy only allows a random Petri net traversal with no option to specify transition probabilities.
To enforce or violate non-functional process properties, each simulation run allows adding a set of transformers. As described in the “Getting Started” section, transformers are applied to traces which are generated “correctly” according to context and timing information and change their structure and content in a post-processing manner. To add a transformer to a simulation run, the user can either choose from a list of existing transformers (“Add”) or define a new transformer (“New”).
Each transformer has an activation probability which allows to specify the portion of traces on which the transformer will be applied and further parameters relating to the transformer type. Currently, SecSy supports the following transformers:
|
Obfuscation |
This transformer randomly removes values for a specified set of log entry fields (e.g. attribute values or originator information). This way, the quality of resulting log files can be influenced, which is useful for testing approaches dealing with noise and incompleteness.
|
|
Day Delay |
This transformer adds a random delay of several days (adjustable) to single log entries. This way, the situation where work is piling up or not finished for some time can be simulated.
|
|
Incomplete Logging |
This transformer randomly leaves out single log entries, i.e. removes them from a given trace. This way, incomplete logging (an activity has been executed, but the system did not log this event) can be simulated.
|
|
Skip Activity |
This transformer randomly removes single entries from a given trace. In contrast to the Incomplete Logging transformer, it adjusts the time stamps of succeeding entries in a way as if the removed activity never occurred. This can be helpful when security violations in form of not executing mandatory process activities should be simulated.
|
|
Unauthorized Execution |
This transformer enforces or violates authorization constraints for executing process activities on a trace. It randomly chooses log entries and adjusts the originator field in a way that the assigned subject does not have the permission to execute the corresponding activity.
|
|
BoD |
This transformer enforces or violates the Binding of Duties property on a given trace. It allows to specify a set of activities which all have to be executed by the same subject. This filter is applied on each generated log trace (activation probability = 1.0) and allows to define a violation probability instead (violation prob. of 0.0 means enforcement).
|
|
SoD |
This transformer enforces or violates the Separation of Duties property on a given trace. It allows to specify a set of activities which all have to be executed by different subjects. This filter is applied on each generated log trace (activation probability = 1.0) and allows to define a violation probability instead (violation prob. of 0.0 means enforcement).
|
Transformers are applied on generated log traces in the order they appear in the simulation run dialog. To ensure consistent outputs, some transformers lock fields of log entries to prevent succeeding transformers to revert their adjustments. This may cause situations where one transformer prevents another from successful appliance.
New simulation runs can be added relating to the same net, but with a different number passes or filter settings. This allows to simulate different execution properties of the same process along time (e.g. normal execution for 1000 traces, then 2000 traces with 2% unauthorized activity executions). It is also possible to use different versions of a net in succeeding simulation runs. This allows to simulate process dynamics (e.g. execution of the original net for 1000 traces, then 2000 traces with a variant of the net where some control flow adjustments happened). With such a configuration, approaches for change point detection can be evaluated.
Note: In case of DETAILED log generation, the context and data container settings are applied for all simulation runs of a simulation procedure. This means, that users have to keep in mind to set permissions for all activities of all referred process models. Simulation will fail, in case of incomplete context definitions. To keep track of the distinct activities of all simulation runs, use the “Show activities”-Button in the Home Screen.