Towards alignment of architectural domains in security policy specifications

Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI

Knowledge Representation Concepts for Automated SLA Management

Outsourcing of complex IT infrastructure to IT service providers has increased substantially during the past years. IT service providers must be able to fulfil their service-quality commitments based upon predefined Service Level Agreements (SLAs) with the service customer. They need to manage, execute and maintain thousands of SLAs for different customers and different types of services, which needs new levels of flexibility and automation not available with the current technology. The complexity of contractual logic in SLAs requires new forms of knowledge representation to automatically draw inferences and execute contractual agreements. A logic-based approach provides several advantages including automated rule chaining allowing for compact knowledge representation as well as flexibility to adapt to rapidly changing business requirements. We suggest adequate logical formalisms for representation and enforcement of SLA rules and describe a proof-of-concept implementation. The article describes selected formalisms of the ContractLog KR and their adequacy for automated SLA management and presents results of experiments to demonstrate flexibility and scalability of the approach.Comment: Paschke, A. and Bichler, M.: Knowledge Representation Concepts for Automated SLA Management, Int. Journal of Decision Support Systems (DSS), submitted 19th March 200

Applying OMG D&C Specification and ECA Rules for Autonomous Distributed Component-based Systems

Manual administration of complex distributed applications is almost impossible to achieve. On one side, work in autonomic computing focuses on systems that are able to maintain themselves, driven by high-level policies. Such a selfadministration relies on the concept of a control loop. On the other side, modeling is currently used to ease design of complex distributed systems. Nevertheless, at runtime, models remain useless, because they are decoupled from the running system which is subject to dynamic changes. The autonomic computing control loop involves an abstract representation of the system used to analyze the situation and to adapt the application properly. Our proposition, named Distributed Autonomous Component-based ARchitectures (Dacar), introduces models in the control loop. Using adequate models into the control loop, it is possible to design both the distributed systems and their evolution policies, and to execute them. The metamodel suggested in our work mixes both OMG Deployment and Configuration specification and the Event-Condition-Action (ECA) metamodels. This paper treats the different concerns that are present in the control loop and focuses on the concepts of the metamodel that are needed to express entities of the control loop. It also gives an overview of the current Dacar prototype and illustrated it on an ubiquitous application example

State-of-the-art on evolution and reactivity

This report starts by, in Chapter 1, outlining aspects of querying and updating resources on the Web and on the Semantic Web, including the development of query and update languages to be carried out within the Rewerse project. From this outline, it becomes clear that several existing research areas and topics are of interest for this work in Rewerse. In the remainder of this report we further present state of the art surveys in a selection of such areas and topics. More precisely: in Chapter 2 we give an overview of logics for reasoning about state change and updates; Chapter 3 is devoted to briefly describing existing update languages for the Web, and also for updating logic programs; in Chapter 4 event-condition-action rules, both in the context of active database systems and in the context of semistructured data, are surveyed; in Chapter 5 we give an overview of some relevant rule-based agents frameworks

Adaptive Process Management in Cyber-Physical Domains

The increasing application of process-oriented approaches in new challenging cyber-physical domains beyond business computing (e.g., personalized healthcare, emergency management, factories of the future, home automation, etc.) has led to reconsider the level of flexibility and support required to manage complex processes in such domains. A cyber-physical domain is characterized by the presence of a cyber-physical system coordinating heterogeneous ICT components (PCs, smartphones, sensors, actuators) and involving real world entities (humans, machines, agents, robots, etc.) that perform complex tasks in the “physical” real world to achieve a common goal. The physical world, however, is not entirely predictable, and processes enacted in cyber-physical domains must be robust to unexpected conditions and adaptable to unanticipated exceptions. This demands a more flexible approach in process design and enactment, recognizing that in real-world environments it is not adequate to assume that all possible recovery activities can be predefined for dealing with the exceptions that can ensue. In this chapter, we tackle the above issue and we propose a general approach, a concrete framework and a process management system implementation, called SmartPM, for automatically adapting processes enacted in cyber-physical domains in case of unanticipated exceptions and exogenous events. The adaptation mechanism provided by SmartPM is based on declarative task specifications, execution monitoring for detecting failures and context changes at run-time, and automated planning techniques to self-repair the running process, without requiring to predefine any specific adaptation policy or exception handler at design-time

Business process model customisation using domain-driven controlled variability management and rule generation

Business process models are abstract descriptions and as such should be applicable in different situations. In order for a single process model to be reused, we need support for configuration and customisation. Often, process objects and activities are domain-specific. We use this observation and allow domain models to drive the customisation. Process variability models, known from product line modelling and manufacturing, can control this customisation by taking into account the domain models. While activities and objects have already been studied, we investigate here the constraints that govern a process execution. In order to integrate these constraints into a process model, we use a rule-based constraints language for a workflow and process model. A modelling framework will be presented as a development approach for customised rules through a feature model. Our use case is content processing, represented by an abstract ontology-based domain model in the framework and implemented by a customisation engine. The key contribution is a conceptual definition of a domain-specific rule variability language

Business process model customisation using domain-driven controlled variability management and rule generation

Business process models are abstract descriptions and as such should be applicable in different situations. In order for a single process model to be reused, we need support for configuration and customisation. Often, process objects and activities are domain-specific. We use this observation and allow domain models to drive the customisation. Process variability models, known from product line modelling and manufacturing, can control this customisation by taking into account the domain models. While activities and objects have already been studied, we investigate here the constraints that govern a process execution. In order to integrate these constraints into a process model, we use a rule-based constraints language for a workflow and process model. A modelling framework will be presented as a development approach for customised rules through a feature model. Our use case is content processing, represented by an abstract ontology-based domain model in the framework and implemented by a customisation engine. The key contribution is a conceptual definition of a domain-specific rule variability language

A Generic Approach to Supporting the Management of Computerised Clinical Guidelines and Protocols

Clinical guidelines or protocols (CGPs) are statements that are systematically developed for the purpose of guiding the clinician and the patient in making decisions about appropriate healthcare for specific clinical problems. Using CGPs is one of the most effective and proven ways to attaining improved quality, optimised resource utilisation, cost containment and reduced variation in healthcare practice. CGPs exist mainly as paper-based natural language statements, but are increasingly being computerised. Supporting computerised CGPs in a healthcare environment so that they are incorporated into the routine used daily by clinicians is complex and presents major information management challenges. This thesis contends that the management of computerised CGPs should incorporate their manipulation (operations and queries), in addition to their specification and execution, as part of a single unified management framework. The thesis applies modern advanced database technology to the task of managing computerised CGPs. The event-condition-action (ECA) rule paradigm is recognised to have a huge potential in supporting computerised CGPs. In this thesis, a unified generic framework, called SpEM and an approach, called MonCooS, were developed for enabling computerised CGPs, to be specified by using a specification language, called PLAN, which follows the ECA rule paradigm; executed by using a software mechanism based on the ECA mechanism within a modern database system, and manipulated by using a manipulation language, called TOPSQL. The MonCooS approach focuses on providing clinicians with assistance in monitoring and coordinating clinical interventions while leaving the reasoning task to domain experts. A proof-of-concepts system, TOPS, was developed to show that CGP management can be easily attained, within the SpEM framework, by using the MonCooS approach. TOPS is used to evaluate the framework and approach in a case study to manage a microalbuminuria protocol for diabetic patients. SpEM and MonCooS were found to be promising in supporting the full-scale management of information and knowledge for the computerised clinical protocol. Active capability within modern DBMS is still experiencing significant limitations in supporting some requirements of this application domain. These limitations lead to pointers for further improvements in database management system (DBMS) functionality for ECA rule support. The main contributions of this thesis are: a generic and unified framework for the management of CGPs; a general platform and an advanced software mechanism for the manipulation of information and knowledge in computerised CGPs; a requirement for further development of the active functionality within modern DBMS; and a case study for the computer-based management of microalbuminuria in diabetes patients