Federated Access Control and Workflow Enforcement in Systems Configuration

Every organization with more than a few system administrators has policies in place. These policies define who is allowed to change what aspects of the configuration of a computer infrastructure. Althoughmany system configuration tools are available for automating configuration changes in an infrastructure, very little work has been done to enforce the policies dealing with access control and workflow of configuration changes. In this paper, we present ACHEL. ACHEL makes it possible to integrate fine-grained access control into existing configuration tools and to enforce an organization's configuration changes workflow. In addition, we prototype ACHEL on a popular configuration tool and demonstrate its capabilities in two case studies.

[1]  Paul Anderson The Complete Guide to LCFG , 2003 .

[2]  Alva L. Couch,et al.  What Is This Thing Called System Configuration? , 2004, LISA.

[3]  Udo Kelter,et al.  Differences between versions of UML diagrams , 2003, ESEC/FSE-11.

[4]  Steve Traugott,et al.  Bootstrapping an Infrastructure , 1998, LISA.

[5]  Harald C. Gall,et al.  Change Distilling:Tree Differencing for Fine-Grained Source Code Change Extraction , 2007, IEEE Transactions on Software Engineering.

[6]  Wouter Joosen,et al.  PoDIM: A Language for High-Level Configuration Management , 2007, LISA.

[7]  David J. DeWitt,et al.  X-Diff: an effective change detection algorithm for XML documents , 2003, Proceedings 19th International Conference on Data Engineering (Cat. No.03CH37405).

[8]  Lionel Cons,et al.  Pan: A High-Level Configuration Language , 2002, LISA.

[9]  Yiu-Kai Ng,et al.  An automated change-detection algorithm for HTML documents based on semantic hierarchies , 2001, Proceedings 17th International Conference on Data Engineering.

[10]  Stephen Childs,et al.  Devolved Management of Distributed Infrastructures with Quattor , 2008, LISA.

[11]  Hector Garcia-Molina,et al.  Meaningful change detection in structured data , 1997, SIGMOD '97.

[12]  Matt Mackall,et al.  Towards a Better SCM: Revlog and Mercurial , 2006 .

[13]  Paul Anderson,et al.  Configuration Tools: Working Together , 2005, LISA.

[14]  Olga Baysal,et al.  diffX: an algorithm to detect changes in multi-version XML documents , 2005, CASCON.

[15]  John McCarthy,et al.  Towards a Mathematical Science of Computation , 1962, IFIP Congress.

[16]  Narayan Desai December Bcfg 2 : A Pay As You Go Approach to Configuration Complexity , 2005 .

[17]  Narayan Desai,et al.  Directing Change Using Bcfg2 , 2006, LISA.

[18]  Colin Higgs Authorisation and Delegation in the Machination Configuration System , 2008, LISA.

[19]  Susan Coghlan,et al.  A Case Study in Configuration Management Tool Deployment , 2005, LISA.

[20]  Eleni Stroulia,et al.  UMLDiff: an algorithm for object-oriented design differencing , 2005, ASE.