An Architecture for Self-Protecting Autonomic Systems

Autonomic computing is the concept of designing complex information technology environments with the ability to perform management tasks on their own without human support. These systems have been defined by their ability to self-configure, self-optimize, self-heal, and self-protect. Administrators would only be required to specify the high level requirements of the system, rather than the mundate configuration of individual componts, greatly reducing the human requirements for administration of large systems. Self-protection refers to the ability of an autonomic computing system to secure itself against intrusions, and react to protect itself when it detects that an intruder has successfully circumvented the security policy on the system. While many of the individual elements that would be required for such abilities exist, very little research has been performed on how one would combine these elements to create an autonomic security system to meet this criteria of self-protection. A structure for autonomic computing security systems is proposed by mapping responsibilities that such a system would have to fulfil onto a basic architecture for an autonomic computing system as described by IBM. This hierarchy is divided up into three layers. The highest layer deals with policy inputs from the administrators themselves, both as generic system-wide security policy, and as policies inherent in the requirements for each application to be run on the system. The middle layer translates these into applicable policies for collections of elements and coordinates the actions of individual autonomic elements at the bottom layer. In the bottom layer reside the autonomic elements that provide the services of the system, and are ultimately responsible for detecting and responding to intrusions. Many components of such a system currently exist, and have been researched for many years, such as policy specification, intrusion detection systems, and rational agents. Other components, such as intrusion response and management technologies, are more recent research topics, and not often explored in the context of autonomic computing. It is proposed that an environment be designed to allow for experimentation into autonomic security structures. This could be based on a future release of autonomic computing technology, on a new system created using existing distributed communication technologies, or a simulation for experimental purposes. Once such an environment is available, research can be done into autonomic computing security structures and components. One interesting area is that of intrusion response, and more specifically that of a security through diversity approach; where the autonomic computing environment can respond to threats by replacing components with differing implementations.