D4.2.2

This deliverable is the second of two deliverables (D4.2.1, D4.2.2) that present the design of
the SPECS Enforcement module. While D4.2.1 introduced a preliminary design of the module
at month 6, this document presents the refined architecture of the SPECS Enforcement.
At month 6 document D4.2.1 presented:
  • The current solutions which offer at least some aspects of the adaptive security
    management (SLA@SOI [1], Contrail [2], mOSAIC [3], TClouds [4], OPTIMIS [5],
    PoSecCo [6], Adaptive Security Management [7]).
  •  The notion of enforcement from the SPECS perspective.
  •  The high-level architecture based on different WP requirements (please see D1.1.1).
  •  The potential adoption of existing solutions in the SPECS framework.

A second version of the document (D4.2.2) presents:

  • The refined architecture: The main Enforcement components introduced at month 6 stayed the  same. We added Auditing component for logging services. We rethought the roles and functionalities of the main Enforcement components. This document presents the final set of responsibilities for each main Enforcement component.
  • The refined interactions with other SPECS modules: According to the finalized design of the Enforcement module, we refined interactions with the Platform and other core modules (through the Platform) in all phases of the enforcement process (i.e., planning, implementation, diagnosis and redressing/remediation).
  •  Technical aspects of the Enforcement module (underlying technologies): We introduce and discuss the actual infrastructure used to support all Enforcement components and orchestrate all enforcement actions.
  •  Security mechanisms integrated into the SPECS framework: We describe a set of security mechanisms (and Enforcement security components that implement them) integrated into the SPECS framework that can provide security at the internal level (among SPECS components) or at the external level (to End-users’ services).