Informatics VIII: Chair for
Network Architectures and Services
Layout: 
 
Homepage
Members
Projects
Abgeschlossene Projekte - Past projects
Research
Publications
Events
Teaching
Theses
Job Offers
Contact
Internal website
 

Situated Autonomic Service Control

Institution

Computer Networks and Internet, University of Tübingen

Team Leader

Prof. Dr. Georg Carle

Staff

Andreas Klenk

Students

Hannes Angst
Andreas Müller
Antje Barth
Till Bentz
Blaz Primc
Jan Boysen
Wenga Diane

Partners

France Télécom Research & Development
Fraunhofer Institut FOKUS

Funding

France Télécom Research & Development

Project Time

01.10.2005 -

Description       

One of the central challenges of future service provisioning is to incorporate an increasing number of wireless and wired network technologies, a variety of heterogeneous end user terminals and the requirements of QoS sensitive and realtime services.
The prospects of autonomic networking research are to let the network take care of itself and resolve problems automatically. The focus of the Situated Autonomic Service Control (SASCO) project is on situated autonomous behaviour of interconnected computer systems on the basis of a highly scalable P2P overlay. The project will investigate methods for context aware and near to zero effort autonomic configuration strategies applicable to existing service infrastructures.

One critical point with regards to P2P based overlay technology is the fact that security and access control is often not an integral part of overlay networks. P2P research primarily perceived firewalls as an obstacle for the mutual connections between the participating overlay hosts. The data exchange of overlay networks is at the application layer, and some overlays even disguise their traffic and tunnel through firewalls. However, firewalls are successful security components that serve as single points of control to effectively guard services in the protected domain from unauthorized access. Firewalls loose their protective features if they cannot distinguish between legitimate and unauthorized overlay traffic, they will end up with a decision to either allow or to block all inbound overlay traffic. There is a significant risk attached to unlimited connectivity to the peers from arbitrary sources.


Our approach comprises an extension of the situated overlay by Overlay Access Control. All access must pass this component and must be authenticated and authorized before it can reach the service. Hence, the Overlay Access Control takes a similar role like nowadays firewalls. The situated overlay approach and its close relation with the IMS allows for more sensitive authorization decisions. The authorization can discriminate based on the different levels of trust in a service, for instance, a network management service by the network provider may receive extensive configuration access to components, not available to other services.

[1] Antje Barth, Michael Kleis, Andreas Klenk, Benoit Radier, Sanaa Elmoumouhi, Mikael Salaun, and Georg Carle. Context dissemination in peer-to-peer networks. In Chapter in Book: Developing Advanced Web Services through P2P Computing and Autonomous Agents: Trends and Innovation. Khaled Ragab, Aboul-Ella Hassanien, Tarek Helmy (Eds.). IGI-Global, April 2010.
[2] Michael Kleis, Andreas Klenk, Benoit Radier, Sanaa Elmoumouhi, Georg Carle, and Mikael Salaun. Autonomic service control in next generation networks. International Journal On Advances in Intelligent Systems, pages 58-73, June 2009. [ .pdf ]
[3] Andreas Klenk, Georg Carle, Benoit Radier, and Mikael Salaun. Secure Stateless Trust Negotiation. In IFIP Network and Service Security Conference, Paris, France, June 2009. [ .pdf ]
[4] Andreas Klenk, Tobias Heide, Benoit Radier, Mikael Salaun, and Georg Carle. Pluggable Authorization and Distributed Enforcement with pam_xacml. In Kommunikation in Verteilten Systemen (KiVS) 2009, pages 253-264, Kassel, Germany, March 2009. Springer. [ .pdf ]
[5] Andreas Klenk, Michael Kleis, Benoit Radier, Sanaa Elmoumouhi, Georg Carle, and Michael Salaun. Towards autonomic service control in next generation networks. In Proceedings of The Fourth International Conference on Autonomic and Autonomous Systems, ICAS 2008, pages 198-204, Gosier, Guadeloupe, March 2008. IEEE. [ .pdf ]
[6] Michael Kleis, Kai Büttner, Sanaa Elmoumouhi, Georg Carle, and Mikael Salaun. CSP, Cooperative Service Provisioning Using Peer-to-Peer Principles. In Self-Organizing Systems, Second International Workshop, IWSOS 2007, volume 4725 of Lecture Notes in Computer Science, pages 73-87, The Lake District, UK, September 2007. Springer.
[7] Andreas Klenk, Frank Petri, Benoit Radier, Mikael Salaun, and Georg Carle. Automated trust negotiation in autonomic environments. In Self-Organizing Systems, Second International Workshop, IWSOS 2007, volume 4725 of Lecture Notes in Computer Science, pages 272-279, The Lake District, UK, September 2007. Springer. [ .pdf ] 
 
© copyright 2009 TUM Informatics VIII: Chair for Network Architectures and Services Impressum