Abstract
Modern smart systems are highly dynamic and allow for dynamic and ad-hoc collaboration not only among devices, but also among humans and organizations. Such a collaboration can introduce uncertainty to a system, as behavior of humans cannot be directly controlled and the system has to deal with unforeseen changes. Security and trust play a crucial role in these systems, especially in domains like Industry 4.0 and similar. In this paper we aim at providing situational patterns for tackling uncertainty in trust – in particular in access control. To do so, we provide a classification of uncertainty of access control in Industry 4.0 systems and illustrate this on a series of representative examples. Based on this classification and examples, we derive situational patterns per type of uncertainty. These situational patterns will serve as adaptation strategies in cases when, due to uncertainty, an unanticipated situation is encountered in the system. We base the approach on our previous work of autonomic component ensembles and security ensembles.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Abreu, V., Santin, A.O., Viegas, E.K., Stihler, M.: A multi-domain role activation model. In: Proceedings of ICC 2017, Paris, France, pp. 1–6. IEEE (2017)
Ahmad, M., Gnaho, C., Bruel, J.-M., Laleau, R.: Towards a requirements engineering approach for capturing uncertainty in cyber-physical systems environment. In: Abdelwahed, E.H., et al. (eds.) MEDI 2018. CCIS, vol. 929, pp. 115–129. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-02852-7_11
Al Ali, R., Bures, T., Hnetynka, P., Krijt, F., Plasil, F., Vinarek, J.: Dynamic security specification through autonomic component ensembles. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11246, pp. 172–185. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03424-5_12
Al Ali, R., Bures, T., Hnetynka, P., Matejek, J., Plasil, F., Vinarek, J.: Toward autonomically composable and context-dependent access control specification through ensembles. Int. J. Softw. Tools Technol. Transfer 22(4), 511–522 (2020). https://doi.org/10.1007/s10009-020-00556-1
Al-Ali, R., et al.: Dynamic security rules for legacy systems. In: Proceedings of ECSA 2019 - Volume 2, Paris, France, pp. 277–284. ACM (2019)
Anaya, I.D.P., Simko, V., Bourcier, J., Plouzeau, N., Jézéquel, J.M.: A prediction-driven adaptation approach for self-adaptive sensor networks. In: Proceedings of SEAMS 2014, Hyderabad, India, pp. 145–154 (2014)
Argento, L., Margheri, A., Paci, F., Sassone, V., Zannone, N.: Towards adaptive access control. In: Kerschbaum, F., Paraboschi, S. (eds.) DBSec 2018. LNCS, vol. 10980, pp. 99–109. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-95729-6_7
Baudry, G., Macharis, C., Vallée, T.: Range-based multi-actor multi-criteria analysis: a combined method of multi-actor multi-criteria analysis and Monte Carlo simulation to support participatory decision making under uncertainty. Eur. J. Oper. Res. 264(1), 257–269 (2018)
Ben Abdelkrim, I., Baina, A., Feltus, C., Aubert, J., Bellafkih, M., Khadraoui, D.: Coalition-OrBAC: an agent-based access control model for dynamic coalitions. In: Rocha, Á., Adeli, H., Reis, L.P., Costanzo, S. (eds.) WorldCIST’18 2018. AISC, vol. 745, pp. 1060–1070. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-77703-0_103
Bures, T., Plasil, F., Kit, M., Tuma, P., Hoch, N.: Software abstractions for component interaction in the Internet of Things. Computer 49(12), 50–59 (2016)
Bures, T., Weyns, D., Schmer, B., Fitzgerald, J.: Software engineering for smart cyber-physical systems: models, system-environment boundary, and social aspects. ACM SIGSOFT Softw. Eng. Not. 43(4), 42–44 (2019)
Buschmann, F. (ed.): Pattern-Oriented Software Architecture: A System of Patterns. Wiley, Hoboken (1996)
Cheng, P.C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: an experiment on quantified risk-adaptive access control. In: Proceedings of SP 2007, Berkeley, USA, pp. 222–227 (2007)
Cheng, S.W., Garlan, D.: Stitch: a language for architecture-based self-adaptation. J. Syst. Softw. 85(12), 2860–2875 (2012)
Cotrini, C., Weghorn, T., Basin, D.: Mining ABAC rules from sparse logs. In: Proceedings of EURO S&P 2018, London, UK, pp. 31–46 (2018)
Cámara, J., Garlan, D., Kang, W.G., Peng, W., Schmerl, B.R.: Uncertainty in self-adaptive systems categories, management, and perspectives. Report CMU-ISR-17-110, Institute for Software Research School of Computer Science Carnegie Mellon University, Pittsburgh, PA 15213 (2017)
De Capitani di Vimercati, S., Samarati, P.: Mandatory access control policy (MAC). In: van Tilborg, H.C.A., Jajodia, S. (eds.) Encyclopedia of Cryptography and Security, p. 758. Springer, Boston (2011). https://doi.org/10.1007/978-1-4419-5906-5_822
Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison Wesley Professional, Boston (1994)
Esfahani, N., Malek, S.: Uncertainty in self-adaptive software systems. In: de Lemos, R., Giese, H., Müller, H.A., Shaw, M. (eds.) Software Engineering for Self-Adaptive Systems II. LNCS, vol. 7475, pp. 214–238. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35813-5_9
Fowler, M.: Writing Software Patterns (2006). https://www.martinfowler.com/articles/writingPatterns.html
Gerostathopoulos, I., Bures, T., Hnetynka, P., Hujecek, A., Plasil, F., Skoda, D.: Strengthening adaptation in cyber-physical systems via meta-adaptation strategies. ACM Trans. Cyber-Phys. Syst. 1(3), 1–25 (2017)
Gerostathopoulos, I., Škoda, D., Plášil, F., Bureš, T., Knauss, A.: Tuning self-adaptation in cyber-physical systems through architectural homeostasis. J. Syst. Softw. 148, 37–55 (2019)
Heinrich, R.: Architectural runtime models for integrating runtime observations and component-based models. J. Syst. Softw. 169, 110722 (2020)
Hnetynka, P., Bures, T., Gerostathopoulos, I., Pacovsky, J.: Using component ensembles for modeling autonomic component collaboration in smart farming. In: Proceedings of SEAMS 2020, Seoul, Republic of Korea (2020)
Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-based access control. Computer 48(2), 85–88 (2015)
Kruijff, G., et al.: Designing, developing, and deploying systems to support human-robot teams in disaster response. Adv. Robot. 28(23), 1547–1570 (2014)
Krupitzer, C., Roth, F.M., VanSyckel, S., Schiele, G., Becker, C.: A survey on engineering approaches for self-adaptive systems. Pervasive Mob. Comput. 17, 184–206 (2015)
Latella, D., Loreti, M., Massink, M., Senni, V.: Stochastically timed predicate-based communication primitives for autonomic computing. In: Electronic Proceedings in Theoretical Computer Science, vol. 154, pp. 1–16 (2014)
Li, X., Eckert, M., Martinez, J.F., Rubio, G.: Context aware middleware architectures: survey and challenges. Sensors 15(8), 20570–20607 (2015)
Lu, Y.: Industry 4.0: a survey on technologies, applications and open research issues. J. Ind. Inf. Integration 6, 1–10 (2017)
Mahdavi-Hezavehi, S., Avgeriou, P., Weyns, D.: A classification framework of uncertainty in architecture-based self-adaptive systems with multiple quality requirements. In: Managing Trade-Offs in Adaptable Software Architectures, pp. 45–77. Elsevier (2017)
Perez-Palacin, D., Mirandola, R.: Uncertainties in the modeling of self-adaptive systems: a taxonomy and an example of availability evaluation. In: Proceedings of ICPE 2014, Dublin, Ireland, pp. 3–14 (2014)
Peruma, A., Krutz, D.E.: Security: a critical quality attribute in self-adaptive systems. In: Proceedings of SEAMS 2018, Gothenburg, Sweden, pp. 188–189 (2018)
Ramirez, A.J., Jensen, A.C., Cheng, B.H.C.: A taxonomy of uncertainty for dynamically adaptive systems. In: Proceedings of SEAMS 2012, Zurich, Switzerland, pp. 99–108 (2012)
Reijsbergen, D.: Probabilistic modelling of station locations in bicycle-sharing systems. In: Milazzo, P., Varró, D., Wimmer, M. (eds.) STAF 2016. LNCS, vol. 9946, pp. 83–97. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-50230-4_7
Sartoli, S., Namin, A.S.: Modeling adaptive access control policies using answer set programming. J. Inf. Secur. Appl. 44, 49–63 (2019)
Sharif, M., Alesheikh, A.A.: Context-aware movement analytics: implications, taxonomy, and design framework: context-aware movement analytics. Wiley Interdiscip. Rev. Data Min. Knowl. Discov. 8(1), e1233 (2018)
Somenzi, F., Touri, B., Trivedi, A.: Almost-sure reachability in stochastic multi-mode system. arXiv:1610.05412 (2016)
Verma, D., et al.: Generative policy model for autonomic management. In: Proceedings of IEEE SmartWorld 2017, San Francisco, USA, pp. 1–6 (2017)
Vimercati, S.D.C.: Discretionary access control policies (DAC). In: van Tilborg, H.C.A., Jajodia, S. (eds.) Encyclopedia of Cryptography and Security, pp. 356–358. Springer, Boston (2011). https://doi.org/10.1007/978-1-4419-5906-5_817
Whittle, J., Sawyer, P., Bencomo, N., Cheng, B.H., Bruel, J.M.: RELAX: incorporating uncertainty into the specification of self-adaptive systems. In: Proceedings of RE 2009, Atlanta, USA, pp. 79–88 (2009)
Yang, Y., Zheng, X., Guo, W., Liu, X., Chang, V.: Privacy-preserving smart IoT-based healthcare big data storage and self-adaptive access control system. Inf. Sci. 479, 567–592 (2019)
Acknowledgment
This work has been funded by the DFG (German Research Foundation) – project number 432576552, HE8596/1-1 (FluidTrust), supported by the Czech Science Foundation project 20-24814J, and also partially supported by Charles University institutional funding SVV 260451.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Bures, T., Hnetynka, P., Heinrich, R., Seifermann, S., Walter, M. (2020). Capturing Dynamicity and Uncertainty in Security and Trust via Situational Patterns. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation: Engineering Principles. ISoLA 2020. Lecture Notes in Computer Science(), vol 12477. Springer, Cham. https://doi.org/10.1007/978-3-030-61470-6_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-61470-6_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-61469-0
Online ISBN: 978-3-030-61470-6
eBook Packages: Computer ScienceComputer Science (R0)