Skip to main content
Springer Nature Link
Log in

Management Patterns for Network Resilience: Design and Verification of Policy Configurations

  • Chapter
  • First Online:
Cyberpatterns

  • 1613 Accesses

Abstract

Computer and communication networks are becoming increasingly critical in supporting business, leisure and daily life in general. Thus, there is a compelling need for resilience to be a key property of networks. The approach we present in this paper is intended to enable the specification of management patterns that describe the dynamic intrusion tolerant behaviour of resilient networks. A management pattern describes a policy-based collaboration between a set of resilience mechanisms used to address a specific type of challenge. Much of the existing work on security patterns has focused only on the static defence aspect of a network. However, dynamic behaviour adds a great deal of complexity to network management, thus making the specification of patterns for this activity very desirable.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    We use a succinct pseudo syntax but in the current implementation patterns are written in PonderTalk [19] which is more verbose. We also limit the example to the configuration of a small set of mechanisms.

  2. 2.

    http://www.omnetpp.org/

  3. 3.

    http://ponder2.net/

References

  1. Agrawal D, Giles J, Lee KW, Lobo J. Policy ratification. In: Proceedings of the sixth IEEE International workshop on policies for distributed systems and networks (Policy). Washington: IEEE Computer Society; 2005. p. 223–32. http://dx.doi.org/10.1109/POLICY.2005.25.

  2. Bandara AK. A formal approach to analysis and refinement of policies. PhD thesis,London: Imperial College; 2005.

    Google Scholar 

  3. Charalambides M, Flegkas P, Pavlou G, Rubio-Loyola J, Bandara A, Lupu E, Russo A, Sloman M, Dulay N. Dynamic policy analysis and conflict resolution for diffserv quality of service management. In: NOMS ’06: 10th IEEE/IFIP network operations and management symposium, vancouver. Canada; 2006. p. 294–304. doi:10.1109/NOMS.2006.1687560.

  4. Craven R, Lobo J, Ma J, Russo A, Lupu E, Bandara A. Expressive policy analysis with enhanced system dynamicity. In: Proceedings of the 4th International symposium on information, Computer, and communications security (ASIACCS ’09). New York: ACM; 2009. p. 239–50. doi:10.1145/1533057.1533091.

  5. Gamma E, Helm R, Johnson R, Vlissides J. Design patterns: elements of reusable object-oriented software. Boston: Addison-Wesley Longman Publishing Co. Inc; 1995.

    Google Scholar 

  6. Li P, Salour M, Su X. A survey of internet worm detection and containment. Commun Surv Tutor IEEE. 2008; 10(1):20–35. doi:10.1109/COMST.2008.4483668.

  7. Lupu E, Dulay N, Sloman M, Sventek J, Heeps S, Strowes S, Twidle K, Keoh SL, Schaeffer-Filho A. AMUSE: autonomic management of ubiquitous e-health systems. Concurrency and computation: Pract Experience. 2008; 20(3):277–95. doi:10.1002/cpe.v20:3.

  8. Medvidovic N, Taylor R. A classification and comparison framework for software architecture description languages. IEEE Trans Softw Eng. 2000; 26(1):70–93. doi:10.1109/32.825767.

  9. OSA. The open security architecture. Available at. http://www.opensecurityarchitecture.org. Last accessed Sep 2013.

  10. PandaLabs. PandaLabs Annual Report 2011 Summary. Tech. rep. Panda Security. 2011. http://press.pandasecurity.com/wp-content/uploads/2012/01/Annual-Report-PandaLabs-2011.pdf.

  11. Peng T, Leckie C, Ramamohanarao K. Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput Surv. 2007; 39(1):3. doi:http://doi.acm.org/10.1145/1216370.1216373.

  12. Rosado DG, Fernandez-Medina E, Piattini M, Gutierrez C. A study of security architectural patterns. In: Proceedings of the first International conference on availability, reliability and security (ARES ’06). Washington: IEEE Computer Society; 2006. p. 358–65. doi:10.1109/ARES.2006.18.

  13. Schaeffer-Filho A. Supporting management interaction and composition of self-managed cells. PhD thesis. London: Imperial College London; 2009.

    Google Scholar 

  14. Schaeffer-Filho A, Smith P, Mauthe A, Hutchison D, Yu Y, Fry M. A framework for the design and evaluation of network resilience management. In: Network operations and management symposium (NOMS), IEEE. 2012. p. 401–08. doi:10.1109/NOMS.2012.6211924.

  15. Schaeffer-Filho A, Mauthe A, Hutchison D, Smith P, Yu Y, Fry M. PReSET: a toolset for the evaluation of network resilience strategies. In: Proceedings of the IFIP/IEEE integrated network management symposium (IM 2013). Ghent, Belgium: IEEE Computer Society; 2013. p. 202–9.

    Google Scholar 

  16. Sloman M, Lupu E. Security and management policy specification. Network, IEEE. 2002;16(2):10–19. doi:10.1109/65.993218.

  17. Sterbenz JPG, Hutchison D, Çetinkaya EK, Jabbar A, Rohrer JP, Schöller M, Smith P. Resilience and survivability in communication networks: strategies, principles, and survey of disciplines. Comput Netw. 2010;54(8):1245–1265. doi:10.1016/j.comnet.2010.03.005.

  18. Taylor RN, Medvidovic N, Dashofy EM. Software architecture: foundations, theory, and practice. New Jersey: Wiley Publishing; 2009.

    Google Scholar 

  19. Twidle K, Lupu E, Dulay N, Sloman M. Ponder2 - a policy environment for autonomous pervasive systems. In: POLICY ’08: IEEE workshop on policies for distributed systems and networks. Palisades, New York: IEEE Computer Society; 2008. p. 245–46. http://dx.doi.org/10.1109/POLICY.2008.10.

  20. Yu Y, Fry M, Schaeffer-Filho A, Smith P, Hutchison D. An adaptive approach to network resilience: evolving challenge detection and mitigation. In: proceedings of the 8th International workshop on the Design of reliable communication networks (DRCN). 2011. p. 172–179. doi:10.1109/DRCN.2011.6076900.

Download references

Acknowledgments

This research is supported by the EPSRC funded India-UK Advanced Technology Centre in Next Generation Networking and has been partially supported by the European Union Research Framework Programme 7 via the PRECYSE project with contract number FP7-SEC-2012-1-285181.

Author information

Authors and Affiliations

  1. Institute of Informatics, Federal University of Rio Grande do Sul, Porto Alegre, Brazil

    Alberto Schaeffer-Filho

  2. Safety and Security Department, AIT Austrian Institute of Technology, Seibersdorf, Austria

    Paul Smith

  3. School of Computing and Communications, Lancaster University, Lancaster, United Kingdom

    Andreas Mauthe & David Hutchison

Authors
  1. Alberto Schaeffer-Filho
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paul Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andreas Mauthe
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. David Hutchison
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alberto Schaeffer-Filho .

Editor information

Editors and Affiliations

  1. Department of Computing and Communication Technologies, Oxford Brookes University, Oxford, Oxfordshire, United Kingdom

    Clive Blackwell

  2. Department of Computing and Communication Technologies, Oxford Brookes University, Oxford, Oxfordshire, United Kingdom

    Hong Zhu

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Schaeffer-Filho, A., Smith, P., Mauthe, A., Hutchison, D. (2014). Management Patterns for Network Resilience: Design and Verification of Policy Configurations. In: Blackwell, C., Zhu, H. (eds) Cyberpatterns. Springer, Cham. https://doi.org/10.1007/978-3-319-04447-7_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-04447-7_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-04446-0

  • Online ISBN: 978-3-319-04447-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics