Skip to main content
SpringerLink
Log in

Capturing Dynamicity and Uncertainty in Security and Trust via Situational Patterns

  • Conference paper
  • First Online:
Leveraging Applications of Formal Methods, Verification and Validation: Engineering Principles (ISoLA 2020)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 12477))

Included in the following conference series:

Abstract

Modern smart systems are highly dynamic and allow for dynamic and ad-hoc collaboration not only among devices, but also among humans and organizations. Such a collaboration can introduce uncertainty to a system, as behavior of humans cannot be directly controlled and the system has to deal with unforeseen changes. Security and trust play a crucial role in these systems, especially in domains like Industry 4.0 and similar. In this paper we aim at providing situational patterns for tackling uncertainty in trust – in particular in access control. To do so, we provide a classification of uncertainty of access control in Industry 4.0 systems and illustrate this on a series of representative examples. Based on this classification and examples, we derive situational patterns per type of uncertainty. These situational patterns will serve as adaptation strategies in cases when, due to uncertainty, an unanticipated situation is encountered in the system. We base the approach on our previous work of autonomic component ensembles and security ensembles.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://trust40.ipd.kit.edu/home/.

References

  1. Abreu, V., Santin, A.O., Viegas, E.K., Stihler, M.: A multi-domain role activation model. In: Proceedings of ICC 2017, Paris, France, pp. 1–6. IEEE (2017)

    Google Scholar 

  2. Ahmad, M., Gnaho, C., Bruel, J.-M., Laleau, R.: Towards a requirements engineering approach for capturing uncertainty in cyber-physical systems environment. In: Abdelwahed, E.H., et al. (eds.) MEDI 2018. CCIS, vol. 929, pp. 115–129. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-02852-7_11

    Chapter  Google Scholar 

  3. Al Ali, R., Bures, T., Hnetynka, P., Krijt, F., Plasil, F., Vinarek, J.: Dynamic security specification through autonomic component ensembles. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11246, pp. 172–185. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03424-5_12

    Chapter  Google Scholar 

  4. Al Ali, R., Bures, T., Hnetynka, P., Matejek, J., Plasil, F., Vinarek, J.: Toward autonomically composable and context-dependent access control specification through ensembles. Int. J. Softw. Tools Technol. Transfer 22(4), 511–522 (2020). https://doi.org/10.1007/s10009-020-00556-1

    Article  Google Scholar 

  5. Al-Ali, R., et al.: Dynamic security rules for legacy systems. In: Proceedings of ECSA 2019 - Volume 2, Paris, France, pp. 277–284. ACM (2019)

    Google Scholar 

  6. Anaya, I.D.P., Simko, V., Bourcier, J., Plouzeau, N., Jézéquel, J.M.: A prediction-driven adaptation approach for self-adaptive sensor networks. In: Proceedings of SEAMS 2014, Hyderabad, India, pp. 145–154 (2014)

    Google Scholar 

  7. Argento, L., Margheri, A., Paci, F., Sassone, V., Zannone, N.: Towards adaptive access control. In: Kerschbaum, F., Paraboschi, S. (eds.) DBSec 2018. LNCS, vol. 10980, pp. 99–109. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-95729-6_7

    Chapter  Google Scholar 

  8. Baudry, G., Macharis, C., Vallée, T.: Range-based multi-actor multi-criteria analysis: a combined method of multi-actor multi-criteria analysis and Monte Carlo simulation to support participatory decision making under uncertainty. Eur. J. Oper. Res. 264(1), 257–269 (2018)

    Article  MathSciNet  Google Scholar 

  9. Ben Abdelkrim, I., Baina, A., Feltus, C., Aubert, J., Bellafkih, M., Khadraoui, D.: Coalition-OrBAC: an agent-based access control model for dynamic coalitions. In: Rocha, Á., Adeli, H., Reis, L.P., Costanzo, S. (eds.) WorldCIST’18 2018. AISC, vol. 745, pp. 1060–1070. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-77703-0_103

    Chapter  Google Scholar 

  10. Bures, T., Plasil, F., Kit, M., Tuma, P., Hoch, N.: Software abstractions for component interaction in the Internet of Things. Computer 49(12), 50–59 (2016)

    Article  Google Scholar 

  11. Bures, T., Weyns, D., Schmer, B., Fitzgerald, J.: Software engineering for smart cyber-physical systems: models, system-environment boundary, and social aspects. ACM SIGSOFT Softw. Eng. Not. 43(4), 42–44 (2019)

    Article  Google Scholar 

  12. Buschmann, F. (ed.): Pattern-Oriented Software Architecture: A System of Patterns. Wiley, Hoboken (1996)

    Google Scholar 

  13. Cheng, P.C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: an experiment on quantified risk-adaptive access control. In: Proceedings of SP 2007, Berkeley, USA, pp. 222–227 (2007)

    Google Scholar 

  14. Cheng, S.W., Garlan, D.: Stitch: a language for architecture-based self-adaptation. J. Syst. Softw. 85(12), 2860–2875 (2012)

    Article  Google Scholar 

  15. Cotrini, C., Weghorn, T., Basin, D.: Mining ABAC rules from sparse logs. In: Proceedings of EURO S&P 2018, London, UK, pp. 31–46 (2018)

    Google Scholar 

  16. Cámara, J., Garlan, D., Kang, W.G., Peng, W., Schmerl, B.R.: Uncertainty in self-adaptive systems categories, management, and perspectives. Report CMU-ISR-17-110, Institute for Software Research School of Computer Science Carnegie Mellon University, Pittsburgh, PA 15213 (2017)

    Google Scholar 

  17. De Capitani di Vimercati, S., Samarati, P.: Mandatory access control policy (MAC). In: van Tilborg, H.C.A., Jajodia, S. (eds.) Encyclopedia of Cryptography and Security, p. 758. Springer, Boston (2011). https://doi.org/10.1007/978-1-4419-5906-5_822

  18. Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison Wesley Professional, Boston (1994)

    MATH  Google Scholar 

  19. Esfahani, N., Malek, S.: Uncertainty in self-adaptive software systems. In: de Lemos, R., Giese, H., Müller, H.A., Shaw, M. (eds.) Software Engineering for Self-Adaptive Systems II. LNCS, vol. 7475, pp. 214–238. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35813-5_9

    Chapter  Google Scholar 

  20. Fowler, M.: Writing Software Patterns (2006). https://www.martinfowler.com/articles/writingPatterns.html

  21. Gerostathopoulos, I., Bures, T., Hnetynka, P., Hujecek, A., Plasil, F., Skoda, D.: Strengthening adaptation in cyber-physical systems via meta-adaptation strategies. ACM Trans. Cyber-Phys. Syst. 1(3), 1–25 (2017)

    Article  Google Scholar 

  22. Gerostathopoulos, I., Škoda, D., Plášil, F., Bureš, T., Knauss, A.: Tuning self-adaptation in cyber-physical systems through architectural homeostasis. J. Syst. Softw. 148, 37–55 (2019)

    Article  Google Scholar 

  23. Heinrich, R.: Architectural runtime models for integrating runtime observations and component-based models. J. Syst. Softw. 169, 110722 (2020)

    Article  Google Scholar 

  24. Hnetynka, P., Bures, T., Gerostathopoulos, I., Pacovsky, J.: Using component ensembles for modeling autonomic component collaboration in smart farming. In: Proceedings of SEAMS 2020, Seoul, Republic of Korea (2020)

    Google Scholar 

  25. Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-based access control. Computer 48(2), 85–88 (2015)

    Article  Google Scholar 

  26. Kruijff, G., et al.: Designing, developing, and deploying systems to support human-robot teams in disaster response. Adv. Robot. 28(23), 1547–1570 (2014)

    Article  Google Scholar 

  27. Krupitzer, C., Roth, F.M., VanSyckel, S., Schiele, G., Becker, C.: A survey on engineering approaches for self-adaptive systems. Pervasive Mob. Comput. 17, 184–206 (2015)

    Article  Google Scholar 

  28. Latella, D., Loreti, M., Massink, M., Senni, V.: Stochastically timed predicate-based communication primitives for autonomic computing. In: Electronic Proceedings in Theoretical Computer Science, vol. 154, pp. 1–16 (2014)

    Google Scholar 

  29. Li, X., Eckert, M., Martinez, J.F., Rubio, G.: Context aware middleware architectures: survey and challenges. Sensors 15(8), 20570–20607 (2015)

    Article  Google Scholar 

  30. Lu, Y.: Industry 4.0: a survey on technologies, applications and open research issues. J. Ind. Inf. Integration 6, 1–10 (2017)

    Google Scholar 

  31. Mahdavi-Hezavehi, S., Avgeriou, P., Weyns, D.: A classification framework of uncertainty in architecture-based self-adaptive systems with multiple quality requirements. In: Managing Trade-Offs in Adaptable Software Architectures, pp. 45–77. Elsevier (2017)

    Google Scholar 

  32. Perez-Palacin, D., Mirandola, R.: Uncertainties in the modeling of self-adaptive systems: a taxonomy and an example of availability evaluation. In: Proceedings of ICPE 2014, Dublin, Ireland, pp. 3–14 (2014)

    Google Scholar 

  33. Peruma, A., Krutz, D.E.: Security: a critical quality attribute in self-adaptive systems. In: Proceedings of SEAMS 2018, Gothenburg, Sweden, pp. 188–189 (2018)

    Google Scholar 

  34. Ramirez, A.J., Jensen, A.C., Cheng, B.H.C.: A taxonomy of uncertainty for dynamically adaptive systems. In: Proceedings of SEAMS 2012, Zurich, Switzerland, pp. 99–108 (2012)

    Google Scholar 

  35. Reijsbergen, D.: Probabilistic modelling of station locations in bicycle-sharing systems. In: Milazzo, P., Varró, D., Wimmer, M. (eds.) STAF 2016. LNCS, vol. 9946, pp. 83–97. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-50230-4_7

    Chapter  Google Scholar 

  36. Sartoli, S., Namin, A.S.: Modeling adaptive access control policies using answer set programming. J. Inf. Secur. Appl. 44, 49–63 (2019)

    Google Scholar 

  37. Sharif, M., Alesheikh, A.A.: Context-aware movement analytics: implications, taxonomy, and design framework: context-aware movement analytics. Wiley Interdiscip. Rev. Data Min. Knowl. Discov. 8(1), e1233 (2018)

    Article  Google Scholar 

  38. Somenzi, F., Touri, B., Trivedi, A.: Almost-sure reachability in stochastic multi-mode system. arXiv:1610.05412 (2016)

  39. Verma, D., et al.: Generative policy model for autonomic management. In: Proceedings of IEEE SmartWorld 2017, San Francisco, USA, pp. 1–6 (2017)

    Google Scholar 

  40. Vimercati, S.D.C.: Discretionary access control policies (DAC). In: van Tilborg, H.C.A., Jajodia, S. (eds.) Encyclopedia of Cryptography and Security, pp. 356–358. Springer, Boston (2011). https://doi.org/10.1007/978-1-4419-5906-5_817

    Chapter  Google Scholar 

  41. Whittle, J., Sawyer, P., Bencomo, N., Cheng, B.H., Bruel, J.M.: RELAX: incorporating uncertainty into the specification of self-adaptive systems. In: Proceedings of RE 2009, Atlanta, USA, pp. 79–88 (2009)

    Google Scholar 

  42. Yang, Y., Zheng, X., Guo, W., Liu, X., Chang, V.: Privacy-preserving smart IoT-based healthcare big data storage and self-adaptive access control system. Inf. Sci. 479, 567–592 (2019)

    Article  Google Scholar 

Download references

Acknowledgment

This work has been funded by the DFG (German Research Foundation) – project number 432576552, HE8596/1-1 (FluidTrust), supported by the Czech Science Foundation project 20-24814J, and also partially supported by Charles University institutional funding SVV 260451.

Author information

Authors and Affiliations

  1. Charles University, Prague, Czech Republic

    Tomas Bures & Petr Hnetynka

  2. Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany

    Robert Heinrich, Stephan Seifermann & Maximilian Walter

Authors
  1. Tomas Bures
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Petr Hnetynka
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Robert Heinrich
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stephan Seifermann
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Maximilian Walter
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Tomas Bures or Petr Hnetynka .

Editor information

Editors and Affiliations

  1. University of Limerick and Lero, Limerick, Ireland

    Tiziana Margaria

  2. TU Dortmund, Dortmund, Germany

    Bernhard Steffen

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bures, T., Hnetynka, P., Heinrich, R., Seifermann, S., Walter, M. (2020). Capturing Dynamicity and Uncertainty in Security and Trust via Situational Patterns. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation: Engineering Principles. ISoLA 2020. Lecture Notes in Computer Science(), vol 12477. Springer, Cham. https://doi.org/10.1007/978-3-030-61470-6_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-61470-6_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-61469-0

  • Online ISBN: 978-3-030-61470-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation