Meaningful change detection in structured data
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
Towards a High-Level Machine Configuration System
LISA '94 Proceedings of the 8th USENIX conference on System administration
LISA '98 Proceedings of the 12th USENIX conference on System administration
PoDIM: a language for high-level configuration management
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Devolved management of distributed infrastructures with Quattor
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Authorisation and delegation in the machination configuration system
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Federated access control and workflow enforcement in systems configuration
LISA'09 Proceedings of the 23rd conference on Large installation system administration
CIMDIFF: advanced difference tracking tool for CIM compliant devices
LISA'09 Proceedings of the 23rd conference on Large installation system administration
A survey of system configuration tools
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Hi-index | 0.00 |
All security and non-security equipment in a IT infrastructure has to be consistent with the configuration of the entire IT infrastructure. System management tools are used to manage contemporary IT infrastructures in an efficient and secure manner, and ensure its configuration is consistent and correct. System configuration tools achieve this by using a central configuration model from which all configuration is derived. The central configuration model determines the configuration of the infrastructure and needs to be protected against unauthorised access and changes. In large IT infrastructures there are multiple administrators. Each manages an aspect of the infrastructure and thus requires access to the central model. We propose an approach that enforces access control on the changes that are made to the configuration model. Our approach also includes a method to enforce complex authorisation workflows on configuration model updates in federated infrastructures. We developed a prototype that transforms low level textual updates, to updates to the model. This transformation enables access control at the same abstraction level as the configuration model. The first results of this work have been evaluated and published. In this position paper we argue for further research on securing configuration models and applying access control on updates to the configuration model.