The article with the title “Modular analysis and modelling of risk scenarios with dependencies“by Gyrd Brændeland, Atle Refsdal and Ketil Stølen (SINTEF) has been accepted for publication in Journal of Systems and Software (Volume 83, Issue 10, October 2010, Pages 1995-2013).

With its topic the article is related to MASTER. The risk analysis of critical infrastructures such as the electric power supply or telecommunications is complicated by the fact that such infrastructures are mutually dependent. The authors propose a modular approach to the modelling and analysis of risk scenarios with dependencies. Their approach may be used to deduce the risk level of an overall system from previous risk analyses of its constituent systems. A custom made assumption-guarantee style is put forward as a means to describe risk scenarios with external dependencies. They also define a set of deduction rules facilitating various kinds of reasoning, including the analysis of mutual dependencies between risk scenarios expressed in the assumption-guarantee style.

Daniel Schleicher from the MASTER project and David Schumm from the COMPAS project, both working at the University of Stuttgart (USTUTT), gave a presentation on Compliance Management in Automated Business Processes at IBM Global Business Services in Ehningen, Germany.  

In this presentation they gave an overview of the sources of compliance requirements and explained why compliance is becoming more and more important for enterprises today.  

In the individual part of the presentation Daniel Schleicher presented an approach which ensures the compliant design of business processes. This approach can be used to enrich the MASTER approach by design time tools to ensure that business processes are compliant.  

The discussion and the positive feedback that followed the presentation confirmed that the problems which are addressed in COMPAS and MASTER are relevant, in other words, compliance is an important topic in industry. Other academic COMPAS partners are planning to do similar events with local industry during the last period of the project.

MASTER can evaluate if policies are complied with across SOA endpoints. It provides runtime evidence directly from the points of interest over the enterprise such that the administrator can react in real time to misbehaviours or misconfigurations. The MASTER ESB has full visibility to perform complete mediation that is transparent to application users. Also, the MASTER Control Cockpit can be configured to show for each policy in the infrastructure what are the events potentially violating the policy. MASTER comes not only as a reporter tool, but also as a stateful cross-service control panel, that the administrator can use to tune the enforcement mechanisms according to the application context and runtime.

The architectural components of the MASTER tool. Dashed lines represent control flows, the continuous line shows the message flow.

We present the demonstration that shows the automatic monitoring depending on the deployed policies, as well as the features of the management interface that the administrator is presented with. We will also propose possible ways in which this evidence can be aggregated for analysis.

Aljosa Pasic from Atos Origin succeeded with his paper in DEPEND 2010. The paper Advanced Policies for the Administrative Delegation in Federated Environments co-authored by Manuel Gil Pérez, Gabriel López, Antonio F. Gómez Skarmeta was accepted for the session Trust, System Dependability and Security.

In the paper the authors refer that in existing federated identity management systems it is more and more necessary new set of advanced policies, such as policies for the administrative delegation. They allow administrators to delegate a subset of the system policies management to other users, who will have a much wider knowledge in the application area where those policies will be applied. The authors present an infrastructure that manages the complete life cycle of the administrative delegation policies, as well as a way for reducing the complexity in their management for some scenarios, where these users do not have to be experts in the subject area. This proposal will also make use of standard languages, such as XACML, to express authorization policies. 

Aljosa Pasic also was a panelist in the panels “Security in Sensors/Devices/Mesh/Internet infrastructures” and “Challenges in Future internet”.

The Third International Conference on Dependability DEPEND 2010 took place in July 18 – 25, 2010 Venice/Mestre.