15,768 research outputs found

    Enabling the Autonomic Management of Federated Identity Providers

    Get PDF
    The autonomic management of federated authorization infrastructures (federations) is seen as a means for improving the monitoring and use of a service provider’s resources. However, federations are comprised of independent management domains with varying scopes of control and data ownership. The focus of this paper is on the autonomic management of federated identity providers by service providers located in other domains, when the identity providers have been diagnosed as the source of abuse. In particular, we describe how an autonomic controller, external to the domain of the identity provider, exercises control over the issuing of privilege attributes. The paper presents a conceptual design and implementation of an effector for an identity provider that is capable of enabling cross-domain autonomic management. The implementation of an effector for a SimpleSAMLphp identity provider is evaluated by demonstrating how an autonomic controller, together with the effector, is capable of responding to malicious abuse

    Semantic-based policy engineering for autonomic systems

    No full text
    This paper presents some important directions in the use of ontology-based semantics in achieving the vision of Autonomic Communications. We examine the requirements of Autonomic Communication with a focus on the demanding needs of ubiquitous computing environments, with an emphasis on the requirements shared with Autonomic Computing. We observe that ontologies provide a strong mechanism for addressing the heterogeneity in user task requirements, managed resources, services and context. We then present two complimentary approaches that exploit ontology-based knowledge in support of autonomic communications: service-oriented models for policy engineering and dynamic semantic queries using content-based networks. The paper concludes with a discussion of the major research challenges such approaches raise

    Machine-assisted Cyber Threat Analysis using Conceptual Knowledge Discovery

    Get PDF
    Over the last years, computer networks have evolved into highly dynamic and interconnected environments, involving multiple heterogeneous devices and providing a myriad of services on top of them. This complex landscape has made it extremely difficult for security administrators to keep accurate and be effective in protecting their systems against cyber threats. In this paper, we describe our vision and scientific posture on how artificial intelligence techniques and a smart use of security knowledge may assist system administrators in better defending their networks. To that end, we put forward a research roadmap involving three complimentary axes, namely, (I) the use of FCA-based mechanisms for managing configuration vulnerabilities, (II) the exploitation of knowledge representation techniques for automated security reasoning, and (III) the design of a cyber threat intelligence mechanism as a CKDD process. Then, we describe a machine-assisted process for cyber threat analysis which provides a holistic perspective of how these three research axes are integrated together

    Constraint integration and violation handling for BPEL processes

    Get PDF
    Autonomic, i.e. dynamic and fault-tolerant Web service composition is a requirement resulting from recent developments such as on-demand services. In the context of planning-based service composition, multi-agent planning and dynamic error handling are still unresolved problems. Recently, business rule and constraint management has been looked at for enterprise SOA to add business flexibility. This paper proposes a constraint integration and violation handling technique for dynamic service composition. Higher degrees of reliability and fault-tolerance, but also performance for autonomously composed WS-BPEL processes are the objectives

    Dynamic Model-based Management of Service-Oriented Infrastructure.

    Get PDF
    Models are an effective tool for systems and software design. They allow software architects to abstract from the non-relevant details. Those qualities are also useful for the technical management of networks, systems and software, such as those that compose service oriented architectures. Models can provide a set of well-defined abstractions over the distributed heterogeneous service infrastructure that enable its automated management. We propose to use the managed system as a source of dynamically generated runtime models, and decompose management processes into a composition of model transformations. We have created an autonomic service deployment and configuration architecture that obtains, analyzes, and transforms system models to apply the required actions, while being oblivious to the low-level details. An instrumentation layer automatically builds these models and interprets the planned management actions to the system. We illustrate these concepts with a distributed service update operation
    • 

    corecore