4 research outputs found
Recommended from our members
Hybrid cloud security certification
In this report, I introduce a hybrid approach for certifying security properties of cloud services that combines monitoring and testing data. This report argues about the need for hybrid certification and examines the basic characteristics of hybrid certification models.
The certification of cloud service security has become a necessity due to the on-going concerns about cloud security and the need to increase cloud trustworthiness through rigorous assessments of security by trusted third parties. Unlike the certification of security in traditional software systems, which is based on static forms of security assessment (e.g., the Common Criteria model), the certification of cloud service security requires continuous assessment. This is because cloud services are provisioned through dynamic infrastructures operating under security controls and other configurations that may change dynamically introducing unforeseen vulnerabilities. Cloud service security can also be compromised because of attacks on co-tenant services.
Recent work on cloud service certification applies dynamic forms of security assessment, notably dynamic testing or continuous monitoring. These overcome some of the limitations of traditional security certification and audits (e.g. they produce machine readable certificates incorporating dynamically collected evidence). However, there are cases where existing approaches cannot provide an adequate level of assurance. Testing, for instance, may be insufficient for transactional services, as it is normally performed through a special testing (as opposed to the operational) service interface. Monitoring-based certification may also be insufficient if there is conflicting or inconclusive evidence in monitoring data; such data may, for example, not cover all traces of system events that should be seen to assess a property.
To overcome such problems, I am working on a hybrid approach for certifying cloud service security that can combine both monitoring and testing evidence. For that reason, I designed a new cloud certification approach supporting the automated and continuous certification of security properties of cloud services based on the combination of dynamically acquired testing and monitoring evidence that can deliver the high level of assurance and can overcome the limitations of assessments based on each of these types of evidence in isolation. My approach is based on the cloud certification framework of the CUMULUS EU FP7 project
KPI-related monitoring, analysis, and adaptation of business processes
In today's companies, business processes are increasingly supported by IT systems. They can be implemented as service orchestrations, for example in WS-BPEL, running on Business Process Management (BPM) systems. A service orchestration implements a business process by orchestrating a set of services. These services can be arbitrary IT functionality, human tasks, or again service orchestrations. Often, these business processes are implemented as part of business-to-business collaborations spanning several participating organizations. Service choreographies focus on modeling how processes of different participants interact in such collaborations.
An important aspect in BPM is performance management. Performance is measured in terms of Key Performance Indicators (KPIs), which reflect the achievement towards business goals. KPIs are based on domain-specific metrics typically reflecting the time, cost, and quality dimensions. Dealing with KPIs involves several phases, namely monitoring, analysis, and adaptation. In a first step, KPIs have to be monitored in order to evaluate the current process performance. In case monitoring shows negative results, there is a need for analyzing and understanding the reasons why KPI targets are not reached. Finally, after identifying the influential factors of KPIs, the processes have to be adapted in order to improve the performance. %The goal thereby is to enable these phases in an automated manner.
This thesis presents an approach how KPIs can be monitored, analyzed, and used for adaptation of processes. The concrete contributions of this thesis are: (i) an approach for monitoring of processes and their KPIs in service choreographies; (ii) a KPI dependency analysis approach based on classification learning which enables explaining how KPIs depend on a set of influential factors; (iii) a runtime adaptation approach which combines monitoring and KPI analysis in order to enable proactive adaptation of processes for improving the KPI performance; (iv) a prototypical implementation and experiment-based evaluation.Die Ausführung von Geschäftsprozessen wird heute zunehmend durch IT-Systeme unterstützt und auf Basis einer serviceorientierten Architektur umgesetzt. Die Prozesse werden dabei häufig als Service Orchestrierungen implementiert, z.B. in WS-BPEL. Eine Service Orchestrierung interagiert mit Services, die automatisiert oder durch Menschen ausgeführt werden, und wird durch eine Prozessausführungsumgebung ausgeführt. Darüber hinaus werden Geschäftsprozesse oft nicht in Isolation ausgeführt sondern interagieren mit weiteren Geschäftsprozessen, z.B. als Teil von Business-to-Business Beziehungen. Die Interaktionen der Prozesse werden dabei in Service Choreographien modelliert.
Ein wichtiger Aspekt des Geschäftsprozessmanagements ist die Optimierung der Prozesse in Bezug auf ihre Performance, die mit Hilfe von Key Performance Indicators (KPIs) gemessen wird. KPIs basieren auf Prozessmetriken, die typischerweise die Dimensionen Zeit, Kosten und Qualität abbilden, und evaluieren diese in Bezug auf die Erreichung von Unternehmenszielen. Die Optimierung der Prozesse in Bezug auf ihre KPIs umfasst mehrere Phasen. Im ersten Schritt müssen KPIs durch Monitoring der Prozesse zur Laufzeit erhoben werden. Falls die KPI Werte nicht zufriedenstellend sind, werden im nächsten Schritt die Faktoren analysiert, die die KPI Werte beeinflussen. Schließlich werden auf Basis dieser Analyse die Prozesse angepasst um die KPIs zu verbessern.
In dieser Arbeit wird ein integrierter Ansatz für das Monitoring, die Analyse und automatisierte Adaption von Prozessen mit dem Ziel der Optimierung hinsichtlich der KPIs vorgestellt. Die Beiträge der Arbeit sind wie folgt: (i) ein Ansatz zum Monitoring von KPIs über einzelne Prozesse hinweg in Service Choreographien, (ii) ein Ansatz zur Analyse von beeinflussenden Faktoren von KPIs auf Basis von Entscheidungsbäumen, (iii) ein Ansatz zur automatisierten, proaktiven Adaption von Prozessen zur Laufzeit auf Basis des Monitorings und der KPI Analyse, (iv) eine prototypische Implementierung und experimentelle Evaluierung