|
Security adaptation approach | (1) An architectural approach for self-managing security services | (2) A software framework for autonomic security in pervasive environments | (3) Context sensitive adaptive authentication | (4) Adaptive messaging middleware | (5) Adaptive security architecture based on EC-MQV algorithm in personal networks |
|
Adaptation viewpoint |
Object to adapt | Generic approach | Generic approach | Authentication mechanism | Generic approach | Key agreement algorithm |
Adaptation timing | Runtime, reactive, and proactive | Runtime and reactive | Runtime and reactive | Runtime, reactive, and proactive | Start-up |
Monitor and analyses | Monitoring and analysing composed inside the Context subsystem by means of dedicated services for trust level, threat level, availability, memory usage, and bandwidth usage. The internal design of services is not described. | Monitors: beforehand defined security events. Analyses: decides to reconfigure based on monitored events. How a decision is made is not described. | Monitors: location of user’s devices and timestamps. Analyses: ULPC partially analyses monitoring results by means of the developed fusion algorithms. The application has to conclude the current authentication level. | Monitoring: security measuring is the most emphasised form of monitoring. Analyses: the separated component composes the monitoring results to the higher level. The internal design of this component is not described. | Monitors location and device capabilities. Analyses: beforehand analysed. |
Planning and execution | Planning: static planning by the means of ECSA policies. Execution: ECSA Policy manager enforces beforehand defined actions. | Planning: in high level Execution: — | Planning: — Execution: — | Planning and execution are composed into the one phase called Adapt. However, the content of this phase is not described. | Planning: static planning, that is, beforehand defined actions for different locations. Execution: beginning of each communication session. |
Knowledge | Inside the monitoring services and ECSA policies. | Profile database (content is not described) | — | Adaptive database (content is not described) | — |
Self-properties | Self-configuration, optimization, and protection. Context-awareness | Self-configuration, optimization, and protection. Context-awareness | Self-configuration. Context-awareness | Self-configuration, optimization, protection, and healing. | Context-awareness |
|
Security viewpoint |
Mechanisms | Generic approach | Generic approach | Authentication mechanism | Generic approach | Key agreement algorithm |
Attributes | Generic approach | Generic approach | Authentication | Generic approach | Confidentiality and integrity |
Protected asset | Generic approach | Generic approach | User’s identity | Generic approach | Data in communication channel |
Threats | Generic approach | Generic approach | Identity theft | Generic approach | Threats for the communication confidentiality and integrity. |
|
Lifecycle viewpoint |
Architecture | Structure is described. Middleware under the application layer contains elements for adaptation. Behaviour is not described. | Structure and behaviour of the approach are described. Separated components for monitoring, analysing, and responding. | Structure and behaviour of the approach are described. Separated components for monitoring and analysing. | Structure is described. The ASM component performs all adaptation tasks. The component contains monitor, analyse, and adaptation parts. Behaviour is not described. | Structure is described. Layer between application and security protocol. |
Extensibility | Completely | Completely | No | Partially | Partially |
Flexibility | Easy | Easy | Hard | Moderate | Easy |
Reusability | It is possible to reuse the whole approach or individual components. | It is possible to reuse the whole approach or individual components. | It is possible to reuse the whole approach. Individual components can be also reused, but the functionality is strongly related to this approach. | Reusing the whole adaptation approach requires that the GEMOM middleware is utilised as a whole, which causes additional work. Reusing individual monitoring (measuring) parts will be easy. | CaSM component can be reused. It is notable that the component is intended for the start-up phase adaptations. |
Maturity | Validation No Guidelines No Community No | Validation No Guidelines No Community No | Validation Yes Guidelines partially Yesa Community No | Validation Yes Guidelines No Community No | Validation No Guidelines No Community No |
|