Situated Autonomic Service Control

Institution

Computer Networks and Internet, University of Tübingen

Team Leader

Prof. Dr. Georg Carle

Staff

Andreas Klenk

Students

Hannes Angst
Andreas Müller
Antje Barth
Till Bentz
Blaz Primc
Jan Boysen
Wenga Diane

Partners

France Télécom Research & Development
Fraunhofer Institut FOKUS

Funding

France Télécom Research & Development

Project Time

01.10.2005 -

Description       

One of the central challenges of future service provisioning is to incorporate an increasing number of wireless and wired network technologies, a variety of heterogeneous end user terminals and the requirements of QoS sensitive and realtime services.
The prospects of autonomic networking research are to let the network take care of itself and resolve problems automatically. The focus of the Situated Autonomic Service Control (SASCO) project is on situated autonomous behaviour of interconnected computer systems on the basis of a highly scalable P2P overlay. The project will investigate methods for context aware and near to zero effort autonomic configuration strategies applicable to existing service infrastructures.

One critical point with regards to P2P based overlay technology is the fact that security and access control is often not an integral part of overlay networks. P2P research primarily perceived firewalls as an obstacle for the mutual connections between the participating overlay hosts. The data exchange of overlay networks is at the application layer, and some overlays even disguise their traffic and tunnel through firewalls. However, firewalls are successful security components that serve as single points of control to effectively guard services in the protected domain from unauthorized access. Firewalls loose their protective features if they cannot distinguish between legitimate and unauthorized overlay traffic, they will end up with a decision to either allow or to block all inbound overlay traffic. There is a significant risk attached to unlimited connectivity to the peers from arbitrary sources.


Our approach comprises an extension of the situated overlay by Overlay Access Control. All access must pass this component and must be authenticated and authorized before it can reach the service. Hence, the Overlay Access Control takes a similar role like nowadays firewalls. The situated overlay approach and its close relation with the IMS allows for more sensitive authorization decisions. The authorization can discriminate based on the different levels of trust in a service, for instance, a network management service by the network provider may receive extensive configuration access to components, not available to other services.