Model-driven security management of embedded service systems

The paradigm of service oriented architectures spreads throughout the domain of business software and enterprise networks. With the proposal of the device profile for Web-services also small, less powerful embedded devices should be able to interact with services of the network infrastructure they are connected to. New challenges arise when it comes to the adaptive management of these devices. The available computing power is often too low to allow extensive runtime evaluations for automatic adaptation to new situations. Moreover when thinking of large scaled device networks the creation and management of security policies may become a complex task. In this paper we address the latter by splitting the security management task into a design-time and run-time task. At design-time the considered access control policy is graphically modeled applying the concepts of role based access control and the definition is aided by a modeling tool. At run-time the configurations created by this tool are the basis for the access control computations of a security service infrastructure.