Future Internet (FI) applications will see dynamic compositions of services providing a broad diversity of functions, starting with business functionality down to infrastructure services. Their progress crucially depends on the service providers' ability to deal with two interdependent challenges: (1) to achieve, maintain and prove compliance with security requirements stemming from internal needs, 3rd party demands and international regulations and (2) to cost-efficiently manage policies and security configuration in operating conditions. The deficiencies of current processes and tools force service providers to trade off profitability against security and compliance. Major causes are ignorance or manual resolution of policy and configuration dependencies, caused by distinct terminologies and languages of security domains, and the complexity of large-scale distributed systems, constant evolution of requirements and regulations as well as service compositions and configurations, and the number of stakeholders involved in security management and requirement definition. These problems can be resolved by establishing a traceable and sustainable link between high-level requirements and low-level configuration settings. Operations will be supported by self-managed features and decision support systems.
The main contribution of the thesis concerns system verification and audit, as well as the assessment and resolution of discovered mis-configurations, i.e., discrepancies between the planned and the actual security configuration of an IT system, hereby addressing the following aspects, each one building on the results of the previous: (1) The static and dynamic verification of systems in order to ensure the effectiveness and correctness of models as such, the correct implementation of such models, and the observation of runtime behavior. (2) The analysis and assessment of any discrepancies that became apparent during the verification, with regard to their impact on security, compliance, and business. (3) The identification and analysis of potential corrective measures to overcome such discrepancies, followed by the deployment to standards-based change management processes.