Security service adaptation for embedded service systems in changing environments

Illner, S.; Pohl, A.; Krumm, Heiko

doi:10.1109/indin.2004.1417387

Cited by 4 publications

(6 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This can be accomplished by adding features of RBAC extensions such as the UCONABC usage control model 53 and Generalized‐RBAC (GRBAC) 54. An example of this research direction in another context is given by the SIRENA project 55, 56.…”

Section: Discussionmentioning

confidence: 99%

Scalable model‐based configuration management of security services in complex enterprise networks

et al. 2010

View full text Add to dashboard Cite

Security administrators face the challenge of designing, deploying and maintaining a variety of configuration files related to security systems, especially in large‐scale networks. These files have heterogeneous syntaxes and follow differing semantic concepts. Nevertheless, they are interdependent due to security services having to cooperate and their configuration to be consistent with each other, so that global security policies are completely and correctly enforced. To tackle this problem, our approach supports a comfortable definition of an abstract high‐level security policy and provides an automated derivation of the desired configuration files. It is an extension of policy‐based management and policy hierarchies, combining model‐based management (MBM) with system modularization. MBM employs an object‐oriented model of the managed system to obtain the details needed for automated policy refinement. The modularization into abstract subsystems (ASs) segment the system—and the model—into units which more closely encapsulate related system components and provide focused abstract views. As a result, scalability is achieved and even comprehensive IT systems can be modelled in a unified manner. The associated tool MoBaSeC (Model‐Based‐Service‐Configuration) supports interactive graphical modelling, automated model analysis and policy refinement with the derivation of configuration files. We describe the MBM and AS approaches, outline the tool functions and exemplify their applications and results obtained. Copyright © 2010 John Wiley & Sons, Ltd.

show abstract

Section: Discussionmentioning

confidence: 99%

Scalable model‐based configuration management of security services in complex enterprise networks

et al. 2010

View full text Add to dashboard Cite

show abstract

“…Several aspects of that work have already been published. In particular, [Ill04] reports on the automated adaptation of security service configurations to changing environment conditions. [Ilp05] expands the scope to general technical management and presents the overall context of modeling, tool and distributed management systems.…”

Section: Introductionmentioning

confidence: 99%

Policy-based self-management of industrial service systems

Illner

Pohl

Krumm

et al. 2006

2006 IEEE International Conference on Industrial Informatics

View full text Add to dashboard Cite

Service-orientation supports the construction of flexible and comprehensive industrial applications. The growing scale and complexity of the applications, however, demand for enhanced self-management functions providing efficient self-adaptation and repair mechanisms. We propose the approach of policy-controlled self-management which has been developed and successfully tested in the context of Web Service based control applications. We use hierarchically structured management policies where high-level policies serve as abstract definitions of management objectives and low-level policies represent concrete rules for resource monitoring und correcting interventions. The definition, analysis, refinement and deployment of the policies are supported by an interactive graphical modeling tool. Index Terms-model-based management, fault tolerant systems, web services

show abstract

“…Besides using the above outlined approach for the modeling of common management policies we also apply it for modeling security policies as we already presented in [8] and [9]. Either, a meta-model contains transformation methods which describe the relevant graph structures to look for and the alteration function which should be applied to the graph in case that such a structure is found.…”

Section: Management Model Elementsmentioning

confidence: 99%

Automated runtime management of embedded service systems based on design-time modeling and model transformation

Illner

Pohl

Krumm

et al.

INDIN '05. 2005 3rd IEEE International Conference on Industrial Informatics, 2005.

Self Cite

View full text Add to dashboard Cite

The management of distributed and embedded service systems is a complex task as the services are exposed to changing environments which have to be reflected by the services' configurations. These configurations are commonly based on abstract management policies. Embedded devices usually lack the resources to perform the necessary computations to derive an actual configuration from an abstract policy. Thus we developed a two phase management approach that splits up the management process into a design-time and a runtime task. At design-time a model of the managed system is created. This model is augmented by high-level, environmentaware management policies that are automatically refined to low-level service configurations using graph-transformation techniques. This phase is based on the concepts of model-based management and on parts of the Generalized Role Based Access Control model to handle the modeling of the environmentaware policies. The runtime phase covers the enforcement of the environment-aware management policies by a set of management services responsible for the setting of suitable service configurations.

show abstract

Security service adaptation for embedded service systems in changing environments

Cited by 4 publications

References 9 publications

Scalable model‐based configuration management of security services in complex enterprise networks

Scalable model‐based configuration management of security services in complex enterprise networks

Policy-based self-management of industrial service systems

Automated runtime management of embedded service systems based on design-time modeling and model transformation

Contact Info

Product

Resources

About