TY - GEN
T1 - Multi-party authorization and conflict mediation for decentralized configuration management processes
AU - Kinkelin, Holger
AU - Niedermayer, Heiko
AU - Muller, Marc
AU - Carle, Georg
N1 - Publisher Copyright:
© 2019 IFIP.
PY - 2019/5/16
Y1 - 2019/5/16
N2 - Configuration management in networks with highest security demands must not depend on just one administrator and her device. Otherwise, problems can be caused by mistakes or malicious behavior of this admin, or when her computer got com-promised, which allows an attacker to abuse the administrator's far-reaching permissions.Instead, we propose to use a reliable and resilient configuration management process orchestrated by a configuration management system (CMS). This can be achieved by separation of concerns (proposing a configuration vs. authorizing it), employing multi-party authorization (MPA), and enforcing that only authorized configurations can be deployed. This results in a configuration management process that is decentralized on a human, decision-making level, and a technical, device level.However, due to different opinions or adversarial interference, the result of an MPA process can end in a conflict. This raises the question how such conflicts can be mediated in a better way than just employing majority voting, which is insufficient in certain situations. As an alternative, this paper introduces building blocks of customizable conflict mediation strategies which we integrated into our CMS TANCS [1]. The conflict mediation functionality as well as the initial TANCS implementation run on top of the distributed ledger and smart contract framework Hyperledger Fabric which makes all processes resilient and tamper-resistant.
AB - Configuration management in networks with highest security demands must not depend on just one administrator and her device. Otherwise, problems can be caused by mistakes or malicious behavior of this admin, or when her computer got com-promised, which allows an attacker to abuse the administrator's far-reaching permissions.Instead, we propose to use a reliable and resilient configuration management process orchestrated by a configuration management system (CMS). This can be achieved by separation of concerns (proposing a configuration vs. authorizing it), employing multi-party authorization (MPA), and enforcing that only authorized configurations can be deployed. This results in a configuration management process that is decentralized on a human, decision-making level, and a technical, device level.However, due to different opinions or adversarial interference, the result of an MPA process can end in a conflict. This raises the question how such conflicts can be mediated in a better way than just employing majority voting, which is insufficient in certain situations. As an alternative, this paper introduces building blocks of customizable conflict mediation strategies which we integrated into our CMS TANCS [1]. The conflict mediation functionality as well as the initial TANCS implementation run on top of the distributed ledger and smart contract framework Hyperledger Fabric which makes all processes resilient and tamper-resistant.
KW - Configuration Management
KW - Distributed Management
KW - Security Services
UR - https://www.scopus.com/pages/publications/85066995548
M3 - Conference contribution
AN - SCOPUS:85066995548
T3 - 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019
SP - 5
EP - 8
BT - 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019
Y2 - 8 April 2019 through 12 April 2019
ER -