Table 4: Data for comparison framework.

PropertyDescription

Adaptation
Object to adaptGeneric approach. For the adaptive authorization, authors mention the following possibilities: security policy, algorithms, protocols, and encryption schemes.
Adaptation timingRuntime, proactive, and reactive
Monitoring and analysesSecurity measuring is the most emphasised form of monitoring. Moreover, anomaly and QoS monitoring are also mentioned. The component called Adaptive Analyser and Learner utilises the results of monitoring. The results from security measuring are composed for higher levels. However, the functionality of the component is not described in more detail.
Planning and executionComposed together into the phase called Adapt. The content of this phase is not described in more detail.
KnowledgeThe Analyser component communicates with the Adaptive database. However, the included knowledge is not described.
Self-propertiesSelf-healing by means of self-configuration, that is, selecting replicated component in failure situation.
Self-protection by means of self-configuring and self-optimization.

Security
AttributesGeneric approach. Adaptive authentication and authorization are emphasized in the above mentioned papers. However, means to monitor, other security attributes are also presented.
MechanismsGeneric approach
Protected assetGeneric approach
ThreatsGeneric approach

Lifecycle
ArchitectureThe Adaptive Security Manager (ASM) component performs all tasks related to adaptation. The component contains monitor, analyse, and adaptation parts. Furthermore, adapted security mechanisms are also included inside this component. The monitor part utilises security measurements from different layers of the GEMOM middleware.
ExtensibilityThe adaptation loop is located inside one component, which is closely related to the GEMOM middleware. Hence, extending the whole approach will be laborious. However, the monitoring part is described in an extensible manner.
FlexibilityThe approach is tested in various environments. However, all of these utilise the GEMOM middleware as a whole.
ReusabilityThe security measuring is described in the reusable form. The adaptation loop is tightly coupled to the GEMOM middleware.
MaturityValidation with five different scenarios, that is, a collaborative business portal, a dynamic linked exchange, a financial market data delivery system, a dynamic road management system, and a banking scenario for transaction processing. Implementation by means of deliverables and publications from the GEMOM project. The GEMOM project ended in 2010; software community is not available.