SlideShare ist ein Scribd-Unternehmen logo

On managing risk in service-oriented information systems

Torsten Eymann
Torsten Eymann

Vortrag im Rahmen des HPI-Kolloquiums, 18. März 2010, Potsdam

1 von 36
On managing risk in service-oriented information systems Prof. Dr. Torsten Eymann University of Bayreuth Chairof Information Systems Management
Agenda
The Internet of Services – A Vision 1 Software as a Service 3 2 Complex Services Infrastructure as a Service Basic Services Storage Service Computation Service Database Service Virtualization Resources In Anlehnung an : T. Eymann (2008): Cloud Computing. In: Kurbel, K., Becker, J., Gronau, N., Sinz, E.J., Suhl, L.: Enzyklopädie der Wirtschaftsinformatik, http://www.wi-lexikon.de. Oldenbourg Verlag, München, 2008.
IoS – Applicationsand Potentials Decreasedproductioncoststhroughcentralization Increasedverticaldesintegrationandspecialization Increasedutilizationthrougheconomiesofscale Increasedflexibilitythrough on-demandprocurement Increasedinteroperabilitybycommoditization
IoS – what will be different? A Transition from Centralizedcontrolof a closed, yetdistributedcomputingsystem To Automated, self-organizingallocationofloosely-coupledservices W. Abramowicz, T. Eymann (Ed.): Special Issue on Service-Oriented Architectures and Web Services, WIRTSCHAFTSINFORMATIK, 2008, Volume 50, Number 1. http://dx.doi.org/10.1007/s11576-007-0010-0
IoS – The challenge „In a Grid, resource failure is the rule rather than the exception.“ Baker, M.; Buyya, R.; Laforenza, D.: “Grids and grid technologies for wide area distributed computing”. In: Softw. Pract. Exper., Vol. 32(15) W. Abramowicz, T. Eymann (Ed.): Special Issue on Service-Oriented Architectures and Web Services, WIRTSCHAFTSINFORMATIK, 2008, Volume 50, Number 1. http://dx.doi.org/10.1007/s11576-007-0010-0
Whichmeansthatwe still need… A Transition from Centralizedcontrolof a closed, yetdistributedcomputingsystem To Automated, self-organizingallocationofloosely-coupledservices W. Abramowicz, T. Eymann (Ed.): Special Issue on Service-Oriented Architectures and Web Services, WIRTSCHAFTSINFORMATIK, 2008, Volume 50, Number 1. http://dx.doi.org/10.1007/s11576-007-0010-0
Whichmeansthatwe still need… control In Automated, self-organizingallocationofloosely-coupledservices W. Abramowicz, T. Eymann (Ed.): Special Issue on Service-Oriented Architectures and Web Services, WIRTSCHAFTSINFORMATIK, 2008, Volume 50, Number 1. http://dx.doi.org/10.1007/s11576-007-0010-0
Whichmeansthatwe still need… control loosely-coupled W. Abramowicz, T. Eymann (Ed.): Special Issue on Service-Oriented Architectures and Web Services, WIRTSCHAFTSINFORMATIK, 2008, Volume 50, Number 1. http://dx.doi.org/10.1007/s11576-007-0010-0
Whichmeansthatwe still need… control loosely-coupled W. Abramowicz, T. Eymann (Ed.): Special Issue on Service-Oriented Architectures and Web Services, WIRTSCHAFTSINFORMATIK, 2008, Volume 50, Number 1. http://dx.doi.org/10.1007/s11576-007-0010-0
… as in … © TIME Magazine, WikimediaCommons
Is that a technicalquestion?
Physical World Control CentralizedControl (past) DecentralizedControl (today)
IT Services World Control CentralizedControl (past) Distributed Control
IT Services World: will companies enter? 15 J. Westhoff, R. Matros: IST-FP6-034286 SORMA, D1.1b Requirements Survey, February 26, 2008, http://www.sorma-project.org
In searchfor TRUST
Is centralizedcontrolpossible?
No. Reason #1 Participants (agents) have different interests in the Internet of Services Server: Loadbalancedprovisioning Client: Immediateresponse
No. Reason #2 A natural person can not be held responsible for actions of its agents (no legislation yet) Balke, Tina; Eymann, Torsten (2008): The ConclusionofContractsby Software Agents in the Eyes ofthe Law. In: Padgham, Lin; Parker, David; Müller, Jörg; Parsons, Simon (Hg.): 7th. Intl. Conf. on AutonomousAgentsand Multiagent Systems (AAMAS). Estoril, Portugal, May 12-16, 2008. UK: Lightning Source UK Ltd (2), S. 771–778.
Can weproposesomething?
Yes. Option #1 Start with a fundamental understanding of an open Cloud/Grid environment Define policies and norms for participants Focus on technology and policies Focus on technology Eymann T., König S., Matros R.: A Framework for Trust and Reputation in Grid Environments. Journal of Grid Computing, Vol. 6, Nr. 4, pp. 225-237, 2008.
Yes. Option #2 Construct a reciprocal principal/agent relationship to increase system reliability Use contracts  Service Level Agreements Eymann T., König S., Matros R.: A Framework for Trust and Reputation in Grid Environments. Journal of Grid Computing, Vol. 6, Nr. 4, pp. 225-237, 2008.
Yes. Option #3 Allowpropagationofpastexperiencestootherstoenforcegoodbehaviour in thefuture
Yes. Option #4 Outsource riskto an Internet insuranceinstitution
Option #5: Enforce Compliance …
In general: introduceinstitutions "Institutionsarefrictionswhich, likefrictions in mechanicalsystems, byrestrictingmovementmaymakecontrolledmovementpossible.“ Restrict (De-Incentivice) principalsandagents not tocheat = Manage Risk! [Brian J. Loasby, 2000]
Howtoresearch?
Reputation in the Internet of Services J. Westhoff, R. Matros: IST-FP6-034286 SORMA, D1.1b Requirements Survey, February 26, 2008, http://www.sorma-project.org
The research question in a context Unregulated coordination In the Internet of Services… …will lead to Principal/ Agent problems Solution Proposal: Reputation Mechanisms to control reliable services Evaluation by Simulation
SimIS Open Source Simulation Environment Based on Repast Simphony 1.2 For more information: http://simis.sourceforge.net
Simulation Scenario: Service Markets 1 2 Services Market Complex Services CS Resource Market Basic Services Storage Service Computation Service BS Resources RS
Simulation Scenario: Network Topology 32 Host # 2 Host # 1 RS2 500 Mbit/s RS1 CS2 BS3 BS1 0,35 Probabilityofsystemsfailure 0,01 1 Gbit/s 500 Mbit/s 200 Mbit/s Host # 3 Host # 4 RS3 BS1 BS3 BS2 CS1 CS2 100 Mbit/s Streitberger, W.; Hudert, S.; Eymann, T.; Schnizler, B.; Zini, F.; Catalano, M.: “On the Simulation of Grid Market Coordination Approaches”. In: Journal ofGrid Computing, Vol. 6(3), Springer Netherlands, doi:10.1007/s10723-007-9092-6, ISSN 1570-7873 (Print) 1572-9814 (Online), September 2008. 67, 285 0,1 0,3
Reputation reducesuncertainty S. König, T. Balke, W. Quattrociocchi, M. Paolucci, T. Eymann: On the Effects of Reputation in the Internet of Services. International Conference on Reputation, March 2009, Gargonza, Italy. 33
ResultsandDiscussion Managing risk (Realiability) in theIoSis a basicrequirementforacceptance Centralizedmanagementisimpossible Decentralizedmanagementmeansintroducinginstitutions Example: introducereputationtracking Question: whohasthe power tointroduce?
Backup
Side remark: Security vs. Reputation Security Ex ante knowledge Apply in build time Define “trusted” code Reputation Ex post knowledge Apply during run-time Define policies react on events Enforce behavior in future

Empfohlen

Common protocol to support disparate communication types within industrial Et...
Common protocol to support disparate communication types within industrial Et...Common protocol to support disparate communication types within industrial Et...
Common protocol to support disparate communication types within industrial Et...Maurice Dawson
 
Adopting trust and assurance as indicators for the reassignment of responsibi...
Adopting trust and assurance as indicators for the reassignment of responsibi...Adopting trust and assurance as indicators for the reassignment of responsibi...
Adopting trust and assurance as indicators for the reassignment of responsibi...christophefeltus
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationIJERA Editor
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
9fcfd50a69d9647585
9fcfd50a69d96475859fcfd50a69d9647585
9fcfd50a69d9647585Mowaten Masry
 
Internet service providers responsibilities in botnet mitigation: a Nigerian ...
Internet service providers responsibilities in botnet mitigation: a Nigerian ...Internet service providers responsibilities in botnet mitigation: a Nigerian ...
Internet service providers responsibilities in botnet mitigation: a Nigerian ...IJECEIAES
 
Top cited managing information technology articles
Top cited managing information technology articlesTop cited managing information technology articles
Top cited managing information technology articlesIJMIT JOURNAL
 

Empfohlen

Common protocol to support disparate communication types within industrial Et...
Common protocol to support disparate communication types within industrial Et...Common protocol to support disparate communication types within industrial Et...
Common protocol to support disparate communication types within industrial Et...Maurice Dawson
 
Adopting trust and assurance as indicators for the reassignment of responsibi...
Adopting trust and assurance as indicators for the reassignment of responsibi...Adopting trust and assurance as indicators for the reassignment of responsibi...
Adopting trust and assurance as indicators for the reassignment of responsibi...christophefeltus
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationIJERA Editor
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
9fcfd50a69d9647585
9fcfd50a69d96475859fcfd50a69d9647585
9fcfd50a69d9647585Mowaten Masry
 
Internet service providers responsibilities in botnet mitigation: a Nigerian ...
Internet service providers responsibilities in botnet mitigation: a Nigerian ...Internet service providers responsibilities in botnet mitigation: a Nigerian ...
Internet service providers responsibilities in botnet mitigation: a Nigerian ...IJECEIAES
 
Top cited managing information technology articles
Top cited managing information technology articlesTop cited managing information technology articles
Top cited managing information technology articlesIJMIT JOURNAL
 
Atos wp-cyberrisks
Atos wp-cyberrisksAtos wp-cyberrisks
Atos wp-cyberrisksHenk van der Tweel
 
Incident Response & Contingency PlanningCase Journal
Incident Response & Contingency PlanningCase JournalIncident Response & Contingency PlanningCase Journal
Incident Response & Contingency PlanningCase Journalbrittanyjespersen
 
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONS
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONSENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONS
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONSIJMIT JOURNAL
 
An analysis of software aging in cloud environment
An analysis of software aging in cloud environment An analysis of software aging in cloud environment
An analysis of software aging in cloud environment IJECEIAES
 
The Role of Information and Communication Technologies (57)
The Role of Information and Communication Technologies (57)The Role of Information and Communication Technologies (57)
The Role of Information and Communication Technologies (57)Arab Federation for Digital Economy
 
Data Protection Maturity Survey Results 2013
Data Protection Maturity Survey Results 2013 Data Protection Maturity Survey Results 2013
Data Protection Maturity Survey Results 2013 - Mark - Fullbright
 
2015 Global Threat Intelligence Report
2015 Global Threat Intelligence Report2015 Global Threat Intelligence Report
2015 Global Threat Intelligence ReportDImension Data
 
Super convergence of autonomous things
Super convergence of autonomous thingsSuper convergence of autonomous things
Super convergence of autonomous thingsConference Papers
 
A SECURE SCHEMA FOR RECOMMENDATION SYSTEMS
A SECURE SCHEMA FOR RECOMMENDATION SYSTEMSA SECURE SCHEMA FOR RECOMMENDATION SYSTEMS
A SECURE SCHEMA FOR RECOMMENDATION SYSTEMSIJCI JOURNAL
 
A security decision reaction architecture for heterogeneous distributed network
A security decision reaction architecture for heterogeneous distributed networkA security decision reaction architecture for heterogeneous distributed network
A security decision reaction architecture for heterogeneous distributed networkLuxembourg Institute of Science and Technology
 
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...researchinventy
 
Clasificación liga
Clasificación ligaClasificación liga
Clasificación ligaÁlvaro Benítez
 
Semana 15
Semana 15Semana 15
Semana 15Vale Alvarez P
 
Menino jesus
Menino jesusMenino jesus
Menino jesusASMF
 
Entrego o meu dia
Entrego o meu diaEntrego o meu dia
Entrego o meu diaFer Nanda
 
Taller de inglés
Taller de inglésTaller de inglés
Taller de inglésgarciazurita
 
Fisica
FisicaFisica
Fisicadanielgonzalezpsm
 
Naveed's candid view on marketing
Naveed's candid view on marketingNaveed's candid view on marketing
Naveed's candid view on marketingNaveed Asghar
 
Forum naprednih tehnologija 2016 - Agenda
Forum naprednih tehnologija 2016 - AgendaForum naprednih tehnologija 2016 - Agenda
Forum naprednih tehnologija 2016 - AgendaПедагошко друштво информатичара Србије
 
Bahasan 2 klasifikasi dan pemilihan media pembelajaran
Bahasan 2 klasifikasi dan pemilihan media pembelajaranBahasan 2 klasifikasi dan pemilihan media pembelajaran
Bahasan 2 klasifikasi dan pemilihan media pembelajaranekaafriani19
 
Brochure 1
Brochure 1Brochure 1
Brochure 1dporter1965
 
La guerra de vietnam Full
La guerra de vietnam FullLa guerra de vietnam Full
La guerra de vietnam FullPibe Hernandez
 

Weitere ähnliche Inhalte

Was ist angesagt?

Incident Response & Contingency PlanningCase Journal
Incident Response & Contingency PlanningCase JournalIncident Response & Contingency PlanningCase Journal
Incident Response & Contingency PlanningCase Journalbrittanyjespersen
 
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONS
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONSENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONS
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONSIJMIT JOURNAL
 
An analysis of software aging in cloud environment
An analysis of software aging in cloud environment An analysis of software aging in cloud environment
An analysis of software aging in cloud environment IJECEIAES
 
Data Protection Maturity Survey Results 2013
Data Protection Maturity Survey Results 2013 Data Protection Maturity Survey Results 2013
Data Protection Maturity Survey Results 2013 - Mark - Fullbright
 
2015 Global Threat Intelligence Report
2015 Global Threat Intelligence Report2015 Global Threat Intelligence Report
2015 Global Threat Intelligence ReportDImension Data
 
Super convergence of autonomous things
Super convergence of autonomous thingsSuper convergence of autonomous things
Super convergence of autonomous thingsConference Papers
 
A SECURE SCHEMA FOR RECOMMENDATION SYSTEMS
A SECURE SCHEMA FOR RECOMMENDATION SYSTEMSA SECURE SCHEMA FOR RECOMMENDATION SYSTEMS
A SECURE SCHEMA FOR RECOMMENDATION SYSTEMSIJCI JOURNAL
 
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...researchinventy
 

Was ist angesagt? (11)

Atos wp-cyberrisks
Atos wp-cyberrisksAtos wp-cyberrisks
Atos wp-cyberrisks
 
Incident Response & Contingency PlanningCase Journal
Incident Response & Contingency PlanningCase JournalIncident Response & Contingency PlanningCase Journal
Incident Response & Contingency PlanningCase Journal
 
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONS
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONSENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONS
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONS
 
An analysis of software aging in cloud environment
An analysis of software aging in cloud environment An analysis of software aging in cloud environment
An analysis of software aging in cloud environment
 
The Role of Information and Communication Technologies (57)
The Role of Information and Communication Technologies (57)The Role of Information and Communication Technologies (57)
The Role of Information and Communication Technologies (57)
 
Data Protection Maturity Survey Results 2013
Data Protection Maturity Survey Results 2013 Data Protection Maturity Survey Results 2013
Data Protection Maturity Survey Results 2013
 
2015 Global Threat Intelligence Report
2015 Global Threat Intelligence Report2015 Global Threat Intelligence Report
2015 Global Threat Intelligence Report
 
Super convergence of autonomous things
Super convergence of autonomous thingsSuper convergence of autonomous things
Super convergence of autonomous things
 
A SECURE SCHEMA FOR RECOMMENDATION SYSTEMS
A SECURE SCHEMA FOR RECOMMENDATION SYSTEMSA SECURE SCHEMA FOR RECOMMENDATION SYSTEMS
A SECURE SCHEMA FOR RECOMMENDATION SYSTEMS
 
A security decision reaction architecture for heterogeneous distributed network
A security decision reaction architecture for heterogeneous distributed networkA security decision reaction architecture for heterogeneous distributed network
A security decision reaction architecture for heterogeneous distributed network
 
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
 

Andere mochten auch

Menino jesus
Menino jesusMenino jesus
Menino jesusASMF
 
Entrego o meu dia
Entrego o meu diaEntrego o meu dia
Entrego o meu diaFer Nanda
 
Naveed's candid view on marketing
Naveed's candid view on marketingNaveed's candid view on marketing
Naveed's candid view on marketingNaveed Asghar
 
Bahasan 2 klasifikasi dan pemilihan media pembelajaran
Bahasan 2 klasifikasi dan pemilihan media pembelajaranBahasan 2 klasifikasi dan pemilihan media pembelajaran
Bahasan 2 klasifikasi dan pemilihan media pembelajaranekaafriani19
 
La guerra de vietnam Full
La guerra de vietnam FullLa guerra de vietnam Full
La guerra de vietnam FullPibe Hernandez
 
EL SIGLO XVIII EN ESPAÑA
EL SIGLO XVIII EN ESPAÑAEL SIGLO XVIII EN ESPAÑA
EL SIGLO XVIII EN ESPAÑACarlos
 
Uso de la c ximena uquillas
Uso de la c ximena uquillasUso de la c ximena uquillas
Uso de la c ximena uquillasXimena Uquillas
 
España: siglos XV a XVII
España: siglos XV a XVIIEspaña: siglos XV a XVII
España: siglos XV a XVIIAntonio
 
Orientación Vocacional
Orientación VocacionalOrientación Vocacional
Orientación Vocacionalgarciazurita
 

Andere mochten auch (18)

Clasificación liga
Clasificación ligaClasificación liga
Clasificación liga
 
Semana 15
Semana 15Semana 15
Semana 15
 
Menino jesus
Menino jesusMenino jesus
Menino jesus
 
Entrego o meu dia
Entrego o meu diaEntrego o meu dia
Entrego o meu dia
 
Taller de inglés
Taller de inglésTaller de inglés
Taller de inglés
 
Fisica
FisicaFisica
Fisica
 
Naveed's candid view on marketing
Naveed's candid view on marketingNaveed's candid view on marketing
Naveed's candid view on marketing
 
Forum naprednih tehnologija 2016 - Agenda
Forum naprednih tehnologija 2016 - AgendaForum naprednih tehnologija 2016 - Agenda
Forum naprednih tehnologija 2016 - Agenda
 
Bahasan 2 klasifikasi dan pemilihan media pembelajaran
Bahasan 2 klasifikasi dan pemilihan media pembelajaranBahasan 2 klasifikasi dan pemilihan media pembelajaran
Bahasan 2 klasifikasi dan pemilihan media pembelajaran
 
Brochure 1
Brochure 1Brochure 1
Brochure 1
 
La guerra de vietnam Full
La guerra de vietnam FullLa guerra de vietnam Full
La guerra de vietnam Full
 
089yyu8g
089yyu8g089yyu8g
089yyu8g
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentation
 
EL SIGLO XVIII EN ESPAÑA
EL SIGLO XVIII EN ESPAÑAEL SIGLO XVIII EN ESPAÑA
EL SIGLO XVIII EN ESPAÑA
 
Uso de la c ximena uquillas
Uso de la c ximena uquillasUso de la c ximena uquillas
Uso de la c ximena uquillas
 
España: siglos XV a XVII
España: siglos XV a XVIIEspaña: siglos XV a XVII
España: siglos XV a XVII
 
Orientación Vocacional
Orientación VocacionalOrientación Vocacional
Orientación Vocacional
 
El Barroco
El BarrocoEl Barroco
El Barroco
 

Ähnlich wie On managing risk in service-oriented information systems

Capstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid SecurityCapstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid Securityreuben_mathew
 
Quantum Computing – A Tech Story
Quantum Computing – A Tech StoryQuantum Computing – A Tech Story
Quantum Computing – A Tech StoryIRJET Journal
 
Sgd itm-soft-computing-11-march -11
Sgd itm-soft-computing-11-march -11Sgd itm-soft-computing-11-march -11
Sgd itm-soft-computing-11-march -11Sanjeev Deshmukh
 
Architecture Framework for Resolution of System Complexity in an Enterprise
Architecture Framework for Resolution of System Complexity in an EnterpriseArchitecture Framework for Resolution of System Complexity in an Enterprise
Architecture Framework for Resolution of System Complexity in an EnterpriseIOSR Journals
 
An Agent Future For Network Control
An Agent Future For Network ControlAn Agent Future For Network Control
An Agent Future For Network ControlSara Alvarez
 
IRJET- ESBA based Privacy Protection in OSCS
IRJET- ESBA based Privacy Protection in OSCSIRJET- ESBA based Privacy Protection in OSCS
IRJET- ESBA based Privacy Protection in OSCSIRJET Journal
 
Cyber Physical System
Cyber Physical SystemCyber Physical System
Cyber Physical SystemGRD Journals
 
A Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTA Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTIJEACS
 
A Special Report on Infrastructure Futures: Keeping Pace in the Era of Big Da...
A Special Report on Infrastructure Futures: Keeping Pace in the Era of Big Da...A Special Report on Infrastructure Futures: Keeping Pace in the Era of Big Da...
A Special Report on Infrastructure Futures: Keeping Pace in the Era of Big Da...IBM India Smarter Computing
 
From Stand Alone Computers to Big Data Technology: Proposing a New Model for ...
From Stand Alone Computers to Big Data Technology: Proposing a New Model for ...From Stand Alone Computers to Big Data Technology: Proposing a New Model for ...
From Stand Alone Computers to Big Data Technology: Proposing a New Model for ...CrimsonpublishersMedical
 
IRJET - Social Network Message Credibility: An Agent-based Approach
IRJET - Social Network Message Credibility: An Agent-based ApproachIRJET - Social Network Message Credibility: An Agent-based Approach
IRJET - Social Network Message Credibility: An Agent-based ApproachIRJET Journal
 
IRJET- Social Network Message Credibility: An Agent-based Approach
IRJET- Social Network Message Credibility: An Agent-based ApproachIRJET- Social Network Message Credibility: An Agent-based Approach
IRJET- Social Network Message Credibility: An Agent-based ApproachIRJET Journal
 
TOP CITED 2 ARTICLES IN 2017 - INTERNATIONAL JOURNAL OF MANAGING INFORMATION ...
TOP CITED 2 ARTICLES IN 2017 - INTERNATIONAL JOURNAL OF MANAGING INFORMATION ...TOP CITED 2 ARTICLES IN 2017 - INTERNATIONAL JOURNAL OF MANAGING INFORMATION ...
TOP CITED 2 ARTICLES IN 2017 - INTERNATIONAL JOURNAL OF MANAGING INFORMATION ...IJMIT JOURNAL
 
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...ijccsa
 
Operational technology threats in developing countries and possible solution
Operational technology threats in developing countries and possible solutionOperational technology threats in developing countries and possible solution
Operational technology threats in developing countries and possible solutionFaysal Ghauri
 
22348972.2017.1348890
22348972.2017.134889022348972.2017.1348890
22348972.2017.1348890RaheelAnjum19
 
Management Structures for IT Security
Management Structures for IT SecurityManagement Structures for IT Security
Management Structures for IT Securityzohraz
 

Ähnlich wie On managing risk in service-oriented information systems (20)

Capstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid SecurityCapstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid Security
 
Quantum Computing – A Tech Story
Quantum Computing – A Tech StoryQuantum Computing – A Tech Story
Quantum Computing – A Tech Story
 
Sgd itm-soft-computing-11-march -11
Sgd itm-soft-computing-11-march -11Sgd itm-soft-computing-11-march -11
Sgd itm-soft-computing-11-march -11
 
Architecture Framework for Resolution of System Complexity in an Enterprise
Architecture Framework for Resolution of System Complexity in an EnterpriseArchitecture Framework for Resolution of System Complexity in an Enterprise
Architecture Framework for Resolution of System Complexity in an Enterprise
 
An Agent Future For Network Control
An Agent Future For Network ControlAn Agent Future For Network Control
An Agent Future For Network Control
 
G1803044045
G1803044045G1803044045
G1803044045
 
IRJET- ESBA based Privacy Protection in OSCS
IRJET- ESBA based Privacy Protection in OSCSIRJET- ESBA based Privacy Protection in OSCS
IRJET- ESBA based Privacy Protection in OSCS
 
Cyber Physical System
Cyber Physical SystemCyber Physical System
Cyber Physical System
 
A Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTA Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOT
 
A Special Report on Infrastructure Futures: Keeping Pace in the Era of Big Da...
A Special Report on Infrastructure Futures: Keeping Pace in the Era of Big Da...A Special Report on Infrastructure Futures: Keeping Pace in the Era of Big Da...
A Special Report on Infrastructure Futures: Keeping Pace in the Era of Big Da...
 
Probabilistic Polling System Approach for IoT Secure Routing
Probabilistic Polling System Approach for IoT Secure RoutingProbabilistic Polling System Approach for IoT Secure Routing
Probabilistic Polling System Approach for IoT Secure Routing
 
Probabilistic Polling System Approach for IoT Secure Routing
Probabilistic Polling System Approach for IoT Secure RoutingProbabilistic Polling System Approach for IoT Secure Routing
Probabilistic Polling System Approach for IoT Secure Routing
 
From Stand Alone Computers to Big Data Technology: Proposing a New Model for ...
From Stand Alone Computers to Big Data Technology: Proposing a New Model for ...From Stand Alone Computers to Big Data Technology: Proposing a New Model for ...
From Stand Alone Computers to Big Data Technology: Proposing a New Model for ...
 
IRJET - Social Network Message Credibility: An Agent-based Approach
IRJET - Social Network Message Credibility: An Agent-based ApproachIRJET - Social Network Message Credibility: An Agent-based Approach
IRJET - Social Network Message Credibility: An Agent-based Approach
 
IRJET- Social Network Message Credibility: An Agent-based Approach
IRJET- Social Network Message Credibility: An Agent-based ApproachIRJET- Social Network Message Credibility: An Agent-based Approach
IRJET- Social Network Message Credibility: An Agent-based Approach
 
TOP CITED 2 ARTICLES IN 2017 - INTERNATIONAL JOURNAL OF MANAGING INFORMATION ...
TOP CITED 2 ARTICLES IN 2017 - INTERNATIONAL JOURNAL OF MANAGING INFORMATION ...TOP CITED 2 ARTICLES IN 2017 - INTERNATIONAL JOURNAL OF MANAGING INFORMATION ...
TOP CITED 2 ARTICLES IN 2017 - INTERNATIONAL JOURNAL OF MANAGING INFORMATION ...
 
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
 
Operational technology threats in developing countries and possible solution
Operational technology threats in developing countries and possible solutionOperational technology threats in developing countries and possible solution
Operational technology threats in developing countries and possible solution
 
22348972.2017.1348890
22348972.2017.134889022348972.2017.1348890
22348972.2017.1348890
 
Management Structures for IT Security
Management Structures for IT SecurityManagement Structures for IT Security
Management Structures for IT Security
 

Mehr von Torsten Eymann

Schöpfen und Zerstören - wie Unternehmen Innovation überleben können (und wie...
Schöpfen und Zerstören - wie Unternehmen Innovation überleben können (und wie...Schöpfen und Zerstören - wie Unternehmen Innovation überleben können (und wie...
Schöpfen und Zerstören - wie Unternehmen Innovation überleben können (und wie...Torsten Eymann
 
Electronic Signatures - Technical Foundations
Electronic Signatures - Technical FoundationsElectronic Signatures - Technical Foundations
Electronic Signatures - Technical FoundationsTorsten Eymann
 
Digitale Transformation: Chancen und Risiken
Digitale Transformation: Chancen und RisikenDigitale Transformation: Chancen und Risiken
Digitale Transformation: Chancen und RisikenTorsten Eymann
 
Wirtschaftsflinderer 2016 Digitale Transformation Chancen und Herausforderungen
Wirtschaftsflinderer 2016 Digitale Transformation Chancen und HerausforderungenWirtschaftsflinderer 2016 Digitale Transformation Chancen und Herausforderungen
Wirtschaftsflinderer 2016 Digitale Transformation Chancen und HerausforderungenTorsten Eymann
 
Philosophy of Science for Engineers at UPC Barcelona - Overview
Philosophy of Science for Engineers at UPC Barcelona - OverviewPhilosophy of Science for Engineers at UPC Barcelona - Overview
Philosophy of Science for Engineers at UPC Barcelona - OverviewTorsten Eymann
 
2010 Karlsruhe Nachwuchs
2010 Karlsruhe Nachwuchs2010 Karlsruhe Nachwuchs
2010 Karlsruhe NachwuchsTorsten Eymann
 
Einführung von Ubiquitous Computing - Treiber und Hemmnisse im Blickfeld skep...
Einführung von Ubiquitous Computing - Treiber und Hemmnisse im Blickfeld skep...Einführung von Ubiquitous Computing - Treiber und Hemmnisse im Blickfeld skep...
Einführung von Ubiquitous Computing - Treiber und Hemmnisse im Blickfeld skep...Torsten Eymann
 

Mehr von Torsten Eymann (7)

Schöpfen und Zerstören - wie Unternehmen Innovation überleben können (und wie...
Schöpfen und Zerstören - wie Unternehmen Innovation überleben können (und wie...Schöpfen und Zerstören - wie Unternehmen Innovation überleben können (und wie...
Schöpfen und Zerstören - wie Unternehmen Innovation überleben können (und wie...
 
Electronic Signatures - Technical Foundations
Electronic Signatures - Technical FoundationsElectronic Signatures - Technical Foundations
Electronic Signatures - Technical Foundations
 
Digitale Transformation: Chancen und Risiken
Digitale Transformation: Chancen und RisikenDigitale Transformation: Chancen und Risiken
Digitale Transformation: Chancen und Risiken
 
Wirtschaftsflinderer 2016 Digitale Transformation Chancen und Herausforderungen
Wirtschaftsflinderer 2016 Digitale Transformation Chancen und HerausforderungenWirtschaftsflinderer 2016 Digitale Transformation Chancen und Herausforderungen
Wirtschaftsflinderer 2016 Digitale Transformation Chancen und Herausforderungen
 
Philosophy of Science for Engineers at UPC Barcelona - Overview
Philosophy of Science for Engineers at UPC Barcelona - OverviewPhilosophy of Science for Engineers at UPC Barcelona - Overview
Philosophy of Science for Engineers at UPC Barcelona - Overview
 
2010 Karlsruhe Nachwuchs
2010 Karlsruhe Nachwuchs2010 Karlsruhe Nachwuchs
2010 Karlsruhe Nachwuchs
 
Einführung von Ubiquitous Computing - Treiber und Hemmnisse im Blickfeld skep...
Einführung von Ubiquitous Computing - Treiber und Hemmnisse im Blickfeld skep...Einführung von Ubiquitous Computing - Treiber und Hemmnisse im Blickfeld skep...
Einführung von Ubiquitous Computing - Treiber und Hemmnisse im Blickfeld skep...
 

On managing risk in service-oriented information systems

  • 1. On managing risk in service-oriented information systems Prof. Dr. Torsten Eymann University of Bayreuth Chairof Information Systems Management
  • 3. The Internet of Services – A Vision 1 Software as a Service 3 2 Complex Services Infrastructure as a Service Basic Services Storage Service Computation Service Database Service Virtualization Resources In Anlehnung an : T. Eymann (2008): Cloud Computing. In: Kurbel, K., Becker, J., Gronau, N., Sinz, E.J., Suhl, L.: Enzyklopädie der Wirtschaftsinformatik, http://www.wi-lexikon.de. Oldenbourg Verlag, München, 2008.
  • 4. IoS – Applicationsand Potentials Decreasedproductioncoststhroughcentralization Increasedverticaldesintegrationandspecialization Increasedutilizationthrougheconomiesofscale Increasedflexibilitythrough on-demandprocurement Increasedinteroperabilitybycommoditization
  • 5. IoS – what will be different? A Transition from Centralizedcontrolof a closed, yetdistributedcomputingsystem To Automated, self-organizingallocationofloosely-coupledservices W. Abramowicz, T. Eymann (Ed.): Special Issue on Service-Oriented Architectures and Web Services, WIRTSCHAFTSINFORMATIK, 2008, Volume 50, Number 1. http://dx.doi.org/10.1007/s11576-007-0010-0
  • 6. IoS – The challenge „In a Grid, resource failure is the rule rather than the exception.“ Baker, M.; Buyya, R.; Laforenza, D.: “Grids and grid technologies for wide area distributed computing”. In: Softw. Pract. Exper., Vol. 32(15) W. Abramowicz, T. Eymann (Ed.): Special Issue on Service-Oriented Architectures and Web Services, WIRTSCHAFTSINFORMATIK, 2008, Volume 50, Number 1. http://dx.doi.org/10.1007/s11576-007-0010-0
  • 7. Whichmeansthatwe still need… A Transition from Centralizedcontrolof a closed, yetdistributedcomputingsystem To Automated, self-organizingallocationofloosely-coupledservices W. Abramowicz, T. Eymann (Ed.): Special Issue on Service-Oriented Architectures and Web Services, WIRTSCHAFTSINFORMATIK, 2008, Volume 50, Number 1. http://dx.doi.org/10.1007/s11576-007-0010-0
  • 8. Whichmeansthatwe still need… control In Automated, self-organizingallocationofloosely-coupledservices W. Abramowicz, T. Eymann (Ed.): Special Issue on Service-Oriented Architectures and Web Services, WIRTSCHAFTSINFORMATIK, 2008, Volume 50, Number 1. http://dx.doi.org/10.1007/s11576-007-0010-0
  • 9. Whichmeansthatwe still need… control loosely-coupled W. Abramowicz, T. Eymann (Ed.): Special Issue on Service-Oriented Architectures and Web Services, WIRTSCHAFTSINFORMATIK, 2008, Volume 50, Number 1. http://dx.doi.org/10.1007/s11576-007-0010-0
  • 10. Whichmeansthatwe still need… control loosely-coupled W. Abramowicz, T. Eymann (Ed.): Special Issue on Service-Oriented Architectures and Web Services, WIRTSCHAFTSINFORMATIK, 2008, Volume 50, Number 1. http://dx.doi.org/10.1007/s11576-007-0010-0
  • 11. … as in … © TIME Magazine, WikimediaCommons
  • 12. Is that a technicalquestion?
  • 13. Physical World Control CentralizedControl (past) DecentralizedControl (today)
  • 14. IT Services World Control CentralizedControl (past) Distributed Control
  • 15. IT Services World: will companies enter? 15 J. Westhoff, R. Matros: IST-FP6-034286 SORMA, D1.1b Requirements Survey, February 26, 2008, http://www.sorma-project.org
  • 18. No. Reason #1 Participants (agents) have different interests in the Internet of Services Server: Loadbalancedprovisioning Client: Immediateresponse
  • 19. No. Reason #2 A natural person can not be held responsible for actions of its agents (no legislation yet) Balke, Tina; Eymann, Torsten (2008): The ConclusionofContractsby Software Agents in the Eyes ofthe Law. In: Padgham, Lin; Parker, David; Müller, Jörg; Parsons, Simon (Hg.): 7th. Intl. Conf. on AutonomousAgentsand Multiagent Systems (AAMAS). Estoril, Portugal, May 12-16, 2008. UK: Lightning Source UK Ltd (2), S. 771–778.
  • 21. Yes. Option #1 Start with a fundamental understanding of an open Cloud/Grid environment Define policies and norms for participants Focus on technology and policies Focus on technology Eymann T., König S., Matros R.: A Framework for Trust and Reputation in Grid Environments. Journal of Grid Computing, Vol. 6, Nr. 4, pp. 225-237, 2008.
  • 22. Yes. Option #2 Construct a reciprocal principal/agent relationship to increase system reliability Use contracts  Service Level Agreements Eymann T., König S., Matros R.: A Framework for Trust and Reputation in Grid Environments. Journal of Grid Computing, Vol. 6, Nr. 4, pp. 225-237, 2008.
  • 23. Yes. Option #3 Allowpropagationofpastexperiencestootherstoenforcegoodbehaviour in thefuture
  • 24. Yes. Option #4 Outsource riskto an Internet insuranceinstitution
  • 25. Option #5: Enforce Compliance …
  • 26. In general: introduceinstitutions "Institutionsarefrictionswhich, likefrictions in mechanicalsystems, byrestrictingmovementmaymakecontrolledmovementpossible.“ Restrict (De-Incentivice) principalsandagents not tocheat = Manage Risk! [Brian J. Loasby, 2000]
  • 28. Reputation in the Internet of Services J. Westhoff, R. Matros: IST-FP6-034286 SORMA, D1.1b Requirements Survey, February 26, 2008, http://www.sorma-project.org
  • 29. The research question in a context Unregulated coordination In the Internet of Services… …will lead to Principal/ Agent problems Solution Proposal: Reputation Mechanisms to control reliable services Evaluation by Simulation
  • 30. SimIS Open Source Simulation Environment Based on Repast Simphony 1.2 For more information: http://simis.sourceforge.net
  • 31. Simulation Scenario: Service Markets 1 2 Services Market Complex Services CS Resource Market Basic Services Storage Service Computation Service BS Resources RS
  • 32. Simulation Scenario: Network Topology 32 Host # 2 Host # 1 RS2 500 Mbit/s RS1 CS2 BS3 BS1 0,35 Probabilityofsystemsfailure 0,01 1 Gbit/s 500 Mbit/s 200 Mbit/s Host # 3 Host # 4 RS3 BS1 BS3 BS2 CS1 CS2 100 Mbit/s Streitberger, W.; Hudert, S.; Eymann, T.; Schnizler, B.; Zini, F.; Catalano, M.: “On the Simulation of Grid Market Coordination Approaches”. In: Journal ofGrid Computing, Vol. 6(3), Springer Netherlands, doi:10.1007/s10723-007-9092-6, ISSN 1570-7873 (Print) 1572-9814 (Online), September 2008. 67, 285 0,1 0,3
  • 33. Reputation reducesuncertainty S. König, T. Balke, W. Quattrociocchi, M. Paolucci, T. Eymann: On the Effects of Reputation in the Internet of Services. International Conference on Reputation, March 2009, Gargonza, Italy. 33
  • 34. ResultsandDiscussion Managing risk (Realiability) in theIoSis a basicrequirementforacceptance Centralizedmanagementisimpossible Decentralizedmanagementmeansintroducinginstitutions Example: introducereputationtracking Question: whohasthe power tointroduce?
  • 36. Side remark: Security vs. Reputation Security Ex ante knowledge Apply in build time Define “trusted” code Reputation Ex post knowledge Apply during run-time Define policies react on events Enforce behavior in future