Abstract
Communication is the grounding principle of nowadays complex applications where the functionalities of the overall system are much more powerful then the ones of the isolated components. The task of keeping the communication system operable is highly critical due to the configuration complexity and the need for manual administration. Autonomous configuration mechanisms offer a compelling solution for the communication problem. We present an architecture for the autonomous configuration of secure, layer independent, end-to-end connections in this paper. The Extensible Security Adaptation Framework (Esaf) separates the particularities of communication setups strictly from the communication usage by the applications. Applications are unaware of the utilized security mechanisms and the complex configuration thereof. Protocols and security primitives can be easily introduced into the system whereas others might be disabled due to vulnerabilities without the need to modify existing programs. Moreover the setup can adapt to changing environments dynamically during runtime.
Résumé
La communication est l’élément de base des applications complexes d’aujourd’hui, dans lesquels des fonctionnalités du système entier ont une puissance beaucoup plus grande que celle des composants isolés. A cause de la complexité de la configuration et la nécessité d’administration manuelle, la tâche de tenir le système de communication en fonction est hautement critique. Une solution impérative pour le problème de communication est offert par des méchanismes de configuration autonome. Dans cette publication, nous présentons une architecture pour la configuration autonome des connexions de bout en bout sécurisées et indépendantes de la couche. L’Extensible Security Adaptation Framework (Esaf) sépare strictement les particularités des environnements de communication et l’usage par les applications. Les applications sont ignorantes des méchanismes de sécurité utilisés et leur configuration complexe. Des protocoles et des primitives de sécurité peuvent être facilement introduits dans le système, tandis que d’autres pourraient être désactivés à cause des vulnérabilités, sans la nécessité de modifier des programmes existants. En outre, l’installation est capable de s’adapter dynamiquement aux environnements modifiants pendant le temps d’exécution.
Similar content being viewed by others
References
Keromytis (A.), SomeIpsec Performance Indications, 2001.
Klenk (A.),Masekowsky (M.),Nidermayer (H.),Carle (G.),Esaf: an extensible security adaptation framework, 2005.
Mukhija (A.),Glinz (M.),Casa — A contract-based adaptive software architecture framework, 2003.
Xu (C),Gong (F.),Baldine (I.),Han (L.),Qin (X.), Building security-aware applications on celestial network security management infrastructure. InInternational Conference on Internet Computing, p. 219–226, 2000.
Saxena (B.), An adaptive security framework for wireless adhoc networks. Wireless World Research Forum (Wwrf), 2004, EuroLabs.
Stiller (B.), Class (C), Waldvogel (M.), Caronni (G.), Bauer (D.), A flexible middleware for multimedia communication: Design, implementation, and experience,IEEE Journal on Selected Areas in Communications, 17(9), p. 1614–1631, September 1999.
Irvine (C),Levin (T.),Nguyen (T.),Shifflett (D.),Khosalim (J.),Clark (P.),Wong (A.),Afinidad (F.),Bibighaus (D.),Sears (J.), Overview of a high assurance architecture for distributed multilevel security. Proceedings of the 2002 IEEE Workshop on Information Assurance and SecurityTib2 1555 United States Military Academy, West Point,Ny, 17–19 June 2002, 2002.
Swaminathan (G.), C++ socket classes (1.12), 2004.
Ganz (Z.),Ganz (A.),Park (H.), Security broker for multimedia wireless lans: Design, implementation and testbed, 1998.
The Open Group. Common Security:Cdsq andCssm, Version 2 (with corrigenda), 2000.
Keeney (J.). Chisel: A policy-driven, context-aware, dynamic adaptation framework, 2003.
Li (J.), Yarvis (M.), Reiher (P.), Securing distributed adaptation.Computer Networks (Amsterdam, Netherlands: 1999), 38(3), p. 347–371, 2002.
Linn (J.), Generic security service application program interface, version 2.Ietf, 1997.
Mao (M.),Katz (R.), A framework for universal service access using device ensemble,Grace Hopper celebration of women in computing, 2002.
Yarvis (M.), Challenges in distributed adaptation,Computer science colloquium, Harvey Mudd college, March 2, 2000.
Yarvis (M.),Reiher (P.),Popek (G.), A reliability model for distributed adaptation,IEEE Conference on open architectures and network programming, Tel Aviv, Israel, March 26–27, 2000.
Ferguson (N.),Schneier (B.), A cryptographic evaluation ofIpsec. Technical report, 3031 Tisch Way, Suite 100Pe, San Jose,Ca 95128, USA, June 2000.
Yahiaoui (N.),Traverson (B.),Levy (B.). Classification and comparison of adaptable platforms,Wcat04, June 2004.
Leffler (S.),Jckusick (M.),Karels (M.),Quarterman (J.), The design and implementation of 4.3 bsd unix operating system.AddisonWesley, 1989.
Naqvi (S.),Riguidel (M.).Vipsec: Virtualized and Pluggable Security Services Infrastructure for Adaptive Grid Computing,Nca, Cambridge, MA, USA, 30 Aug.–1st Sept., 2004.
Rao (S.),Formanek (M.),Riguidel (M.). Prospect of new concepts in securing the cyberspace: Virtual paradigms, infospheres and pervasive computing,Interworking 2004 Conferences, Ottawa, Canada, 29 Nov.–1 Dec. 2004.
Bray (T.),Paoli (J.),Sperbergmcqueen (M.),Maler (E.),Yergeau (F.). Extensible Markup Language (Xml) 1.0 (Third Edition), 2004.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Klenk, A., Niedermayer, H., Masekowsky, M. et al. An architecture for autonomic security adaptation. Ann. Télécommun. 61, 1066–1082 (2006). https://doi.org/10.1007/BF03219881
Received:
Accepted:
Issue Date:
DOI: https://doi.org/10.1007/BF03219881