Multi-party authorization and conflict mediation for decentralized configuration management processes

by   Holger Kinkelin, et al.

Configuration management in networks with highest security demands must not depend on just one administrator and her device. Otherwise, problems can be caused by mistakes or malicious behavior of this admin, or when her computer got compromised, which allows an attacker to abuse the administrator's far-reaching permissions. Instead, we propose to use a reliable and resilient configuration management process orchestrated by a configuration management system (CMS). This can be achieved by separation of concerns (proposing a configuration vs. authorizing it), employing multi-party authorization (MPA), and enforcing that only authorized configurations can be deployed. This results in a configuration management process that is decentralized on a human, decision-making level, and a technical, device level. However, due to different opinions or adversarial interference, the result of an MPA process can end in a conflict. This raises the question how such conflicts can be mediated in a better way than just employing majority voting, which is insufficient in certain situations. As an alternative, this paper introduces building blocks of customizable conflict mediation strategies which we integrated into our CMS TANCS . The conflict mediation functionality as well as the initial TANCS implementation run on top of the distributed ledger and smart contract framework Hyperledger Fabric which makes all processes resilient and tamper-resistant.


Trustworthy Configuration Management for Networked Devices using Distributed Ledgers

Numerous IoT applications, like building automation or process control o...

Managing Distributed MARF with SNMP

The scope of this project's work focuses on the research and prototyping...

An Automated Deployment and Testing Framework for Resilient Distributed Smart Grid Applications

Executing distributed cyber-physical software processes on edge devices ...

State Definition for Conflict Analysis with Four-valued Logic

We examined a four-valued logic method for state settings in conflict re...

ConfigFix: Interactive Configuration Conflict Resolution for the Linux Kernel

Highly configurable systems are highly complex systems, with the Linux k...

DOCSDN: Dynamic and Optimal Configuration of Software-Defined Networks

Networks are designed with functionality, security, performance, and cos...

Deconstructing the Dichotomous Relationship Between "IT analysts and End-users": A Case of Implementing Standard Indicators in Cameroon

Différance and supplément are post-structuralist concepts for analyzing ...

Please sign up or login with your details

Forgot password? Click here to reset