Are you Martin Wimmer?

Claim your profile

Publications (14)0 Total impact

  • Alfons Kemper, Martin Wimmer
    01/2009; Oldenbourg., ISBN: 978-3-486-59001-2
  • [show abstract] [hide abstract]
    ABSTRACT: In the past, enterprise resource planning systems were designed as monolithic software systems running on centralized mainframes. Today, these systems are (re-)designed as a repository of enterprise services that are distributed throughout the available computing infrastructure. These service oriented architectures (SOAs) require advanced automatic and adaptive management concepts in order to achieve a high quality of service level in terms of, for example, availability, responsiveness, and throughput. The adaptive management has to allocate service instances to computing resources, adapt the resource allocation to unforeseen load fluctuations, and intelligently schedule individual requests to guarantee negotiated service level agreements (SLAs). Our AutoGlobe platform provides such a comprehensive adaptive service management comprising —static service-to-server allocation based on automatically detected service utilization patterns, —adaptive service management based on a fuzzy controller that remedies exceptional situations by automatically initiating, for example, service migration, service replication (scale-out), and —adaptive scheduling of individual service requests that prioritizes requests depending on the current degree of service level conformance. All three complementary control components are described in detail, and their effectiveness is analyzed by means of realistic business application scenarios.
    TWEB. 01/2008; 2.
  • Source
    Datenbanksysteme in Business, Technologie und Web (BTW 2007), 12. Fachtagung des GI-Fachbereichs "Datenbanken und Informationssysteme" (DBIS), Proceedings, 7.-9. März 2007, Aachen, Germany; 01/2007
  • Source
    [show abstract] [hide abstract]
    ABSTRACT: To ensure the operability and reliability of large scale Enterprise Resource Planning Systems (ERP) and enterprise services, a peak-load oriented hardware sizing is often used, which results in low average utilization. The evaluation of historical load data revealed that many applications show cyclical resource consumption. The identification of load patterns can be used for static as well as dynamic allocation optimization. In this paper we show the extraction of load patterns and present self-organizing service alloca- tion concepts. This practical evaluation of theoretical adaptive computing concepts is of particu- lar importance for the configuration of emerging service oriented architectures (SOA).
    eOrganisation: Service-, Prozess-, Market-Engineering: 8. Internationale Tagung Wirtschaftsinformatik - Band 2, WI 2007, Karlsruhe, Germany, February 28 - March 2, 2007; 01/2007
  • Source
    [show abstract] [hide abstract]
    ABSTRACT: Complex business processes are usually realized by specifying the integration and interaction of smaller modular software components. For example, hitherto monolithic enterprise resource planning systems (ERP) are decomposed into Web services which are then again orchestrated in terms of Web service workflows, bringing about higher levels of flexibility and adaptability. In general, such services constitute autonomous software components with their own dedicated security requirements. In this paper we present our approach for consolidating the access control of (Web service) workflows. The proposed security engineering method allows, first, to determine for whom workflows are executable from a privileges point of view, second, to assess compliance with the principle of least privilege, and, third, helps to reduce policy enforcement costs.
    05/2006: pages 30-44;
  • Source
    [show abstract] [hide abstract]
    ABSTRACT: To ensure the operability and reliability of large scale enterprise resource planning systems (ERP), a peak-load oriented hardware sizing is often used. Better utilization can be achieved by employing an adaptive infrastructure based on smaller computational units in combination with an intelligent allocation management. The SAP University Competence Center (German SAP HCC) at the Technische Universitat Munchen provides support for 55 ERP training systems. The evaluation of the historical load data revealed that many applications exhibit cyclical resource consumption. In this paper we show the extraction of load patterns and present self-organizing controlling concepts in the context of the SAP HCC
    E-Commerce Technology, 2006. The 8th IEEE International Conference on and Enterprise Computing, E-Commerce, and E-Services, The 3rd IEEE International Conference on; 02/2006
  • Source
    [show abstract] [hide abstract]
    ABSTRACT: The need for enterprise application integration projects leads to complex composite applications. For the sake of security and e-ciency, consolidated access control policies for composite applications should be provided. Such a policy is based on the policies of the corresponding autonomous sub-applications and has the following properties: On the one hand, it needs to be as restrictive as possible to block requests which do not comply with the integrated sub-applications' policies. Thereby, unsuccessful executions of requests are prevented at an early stage. On the other hand, the composite policy must grant all necessary privileges in order to make the intended functionality available to legitimate users. In this paper, we present our formal model and respective algorithmic solutions for consolidating the access control of composite applications. The generated policies conform to the presented requirements of the least privileges paradigm and, thus, allow to revise and optimize the access control of composite applications. We demonstrate this by means of Web service work∞ows that constitute the state of the art for the realization of business processes.
    Data and Applications Security XX, 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31-August 2, 2006, Proceedings; 01/2006
  • Alfons Kemper, Martin Wimmer
    01/2006; Oldenbourg., ISBN: 978-3-486-57967-3
  • Source
    [show abstract] [hide abstract]
    ABSTRACT: Derzeit lasst sich ein Trend weg von monolithischen Systemen hin zu Service Oriented Architectures (SOAs) beobachten. Dieser Paradigmen- wechsel erfordert neue Administrationstechniken, um die auf SOAs basieren- den verteilten Datenbankanwendungen zuverlassig und kostengunstig betrei- ben zu konnen. Zu diesem Zweck entwickeln wir neue Selbstadministrierungs- konzepte. Die Grundlage hierf¨ ur bilden die Virtualisierung von Hardware und Diensten, sowie ein kontinuierliches Monitoring. Dadurch ist es moglich, die Verteilung der Dienste auf die zur Verfugung stehende Hardware durch statische und dynamische Allokationstechniken zu optimieren. Statische Al- lokationsalgorithmen liefern eine optimierte a priori Verteilung der Dienste auf die Hardware. Dazu werden Dienste mit komplementaren Ressourcenan- forderungen moglichst gemeinsam auf einem Rechner ausgefuhrt. Eine rein statische Optimierung kann allerdings nicht zeitnah auf unvorhersagbare Er- eignisse, wie etwa ¨ Uberlast- oder Fehlersituationen, reagieren. Deshalb setzen wir zusatzlich eine auf Fuzzy-Logik basierende Kontrollkomponente ein, die zur Laufzeit dynamisch Anpassungen der Dienstallokation vornimmt. Bei- spielsweise werden abgesturzte Dienste neu gestartet und ¨ Uberlastsituatio- nen durch Hinzunahme weiterer Instanzen oder den Umzug einer Instanz auf einen leistungsfahigeren Rechner behoben. Die vorgestellten Technologi- en stellen damit einen ersten Schritt in Richtung eines durchgangigen Quality of Service-Managements (QoS-Management) in einer derartigen Infrastruktur dar. AutoGlobe ist die prototypische Umsetzung der in diesem Beitrag be- schriebenen Konzepte f¨ ur eine adaptive Infrastruktur, die sich durch Selbst- konfiguration, Selbstoptimierung und eigenstandige Fehlerbehebung auszeich- net.
    Datenbanksysteme in Business, Technologie und Web, 11. Fachtagung des GI-Fachbereichs "Datenbanken und Informationssysteme" (DBIS), Karlsruhe, 2.-4. März 2005; 01/2005
  • Source
    [show abstract] [hide abstract]
    ABSTRACT: Future database application systems will be designed as Ser- vice Oriented Architectures (SOAs), in contrast to today's monolithic architectures. The decomposition in many small services allows the us- age of hardware clusters and a flexible service-to-server allocation but also increases the complexity of administration. Thus, new adminis- tration techniques like our self-organizing infrastructure are necessary. It monitors the system, reacts automatically on exceptional situations, e.g., overload of a server, and features self-optimizing capabilities. In the context of distributed services it takes some time until the reac- tion on an exceptional situation becomes effective. During this time the server stays overloaded which leads to a poor performance of services running on this server. In this paper, we present a novel concept to improve self-organizing infrastructures to react proactively. For this pur- pose we present two techniques: Short-term load forecasting for services with periodic behavior and exploitation of hints from administrators, e.g., resource consumptions, for irregular events. With these techniques our system reacts proactively on imminent overload situations before they actually appear, thus avoiding overload situations. The quality of higher-level services, like enterprise resource planning (ERP) systems, can be improved by running on this proactive platform. We used our prototype implementation to perform comprehensive simulation studies, which demonstrate the effectiveness of our approaches.
    Advanced Information Systems Engineering, 17th International Conference, CAiSE 2005, Porto, Portugal, June 13-17, 2005, Proceedings of the CAiSE'05 Workshops, Vol. 2; 01/2005
  • Source
    Martin Wimmer, Pia Ehrnlechner, Alfons Kemper
    [show abstract] [hide abstract]
    ABSTRACT: Die Web Service-Technologie stellt die Grundlage fur Service Ori- ented Architectures (SOAs) dar. Dabei ist eine SOA im Wesentlichen ein Zusammenschluss von interagierenden Diensten. Neben dem einfachen Aus- tausch von Daten bedeutet Interaktion insbesondere die Bildung hoherwerti- ger Dienste aus elementareren. In diesem Beitrag stellen wir ein auf XACML basierendes Autorisierungssystem fur SOAs vor. Es kann zum einen fur die Zugrifiskontrolle einzelner Dienste eingesetzt werden. Dienste sind zur Be- reitstellung ihrer Funktionalitat hauflg auf weitere Betriebsmittel wie Daten- banken angewiesen. Da Datenbanksysteme meist eine eigenstandige, von der der Dienste unabhangige Autorisierung durchfuhren, erfolgt dann eine mehr- stuflge Autorisierung. In diesem Beitrag werden Verfahren fur die Abstim- mung dieser Autorisierungsschritte vorgestellt. Zum anderen stellt das Sys- tem Techniken fur die organisations˜ ubergreifende Weitergabe von Privilegien bereit. Dieser Delegationsmechanismus bildet die Grundlage sowohl fur den Aufbau von schwach wie auch stark gekoppelten Web Service-Foderationen. Schwach gekoppelte Zusammenschl˜ usse basieren oft auf ad-hoc Interaktio- nen, wohingegen bei stark gekoppelten in der Regeln eine so genannte Trus- ted Third Party eine Vermittlerrolle einnimmt. Besondere Anforderungen ergeben sich in Bezug auf die E-zienz verteilter Autorisierung. Die Skalier- barkeit des vorgestellten Ansatzes wird durch den Einsatz von rollenbasier- ter Zugrifiskontrolle (RBAC) und Caching-Techniken gewahrleistet: Mittels RBAC wird der Verwaltungsaufwand fur Rechtezuweisungen verringert. Ca- ching von Autorisierungspfaden reduziert den Kommunikationsaufwand f˜ ur die verteilte Autorisierungsuberprufung.
    Datenbanksysteme in Business, Technologie und Web, 11. Fachtagung des GI-Fachbereichs "Datenbanken und Informationssysteme" (DBIS), Karlsruhe, 2.-4. März 2005; 01/2005
  • Source
    Martin Wimmer, Alfons Kemper
    [show abstract] [hide abstract]
    ABSTRACT: In this paper we present our authorization framework that supports the dynamic set-up of Web service federations for sharing data within virtual federations. Building on previous work, where we showed how the access control of Web services can be consolidated with the access control of the underlying database systems, we focus on the del- egation of trust across administrative boundaries, thus enabling inter- organizational collaboration. In order to restrict the ∞ow of (possibly sensitive) access control information, authorization proceeds as an inter- play of local and distributed policy enforcement. Scalability and perfor- mance of distributed policy enforcement are provided through caching techniques, which have to ensure strong cache consistency.
    Secure Data Management, Second VLDB Workshop, SDM 2005, Trondheim, Norway, September 2-3, 2005, Proceedings; 01/2005
  • [show abstract] [hide abstract]
    ABSTRACT: Die plattformunabhängige und organisationsübergreifende Web Services-Interoperabilität setzt ein leistungsfähiges und flexibles Autorisierungssystem voraus. In diesem Beitrag wird ein Zugriffskontrollsystem vorgestellt, welches sich durch das Zusammenspiel lokaler und verteilter Autorisierung auszeichnet. Im Zusammenhang mit lokaler Zugriffskontrolle, bei der Rechte innerhalb einer Organisation ausgewertet werden, stellt sich insbesondere die Herausforderung, Autorisierungsregeln zu konsolidieren: Da die Funktionalität von Web Services häufig auf weitere Anwendungen und Betriebsmittel wie Datenbanksystemen aufsetzt, ergeben sich Abhängigkeiten bezüglich der Autorisierung, die überprüft und eingehalten werden müssen. Über eine verteilte Zugriffskontrolle wird der Aufbau von Kollaborationsnetzwerken ermöglicht. Der Augenmerk liegt im Folgenden auf schwach gekoppelten Zusammenschlüssen, die die Autonomie der beteiligten Organisationen beibehält. Skalierbarkeit und Effizenz werden durch den Einsatz von rollenbasierter Zugriffskontrolle einerseits und dem Caching ähnlicher, wiederkehrender Autorisierungen andererseits erreicht.
    Informatik Forschung und Entwicklung 01/2005; 20:167-181.
  • Source
    [show abstract] [hide abstract]
    ABSTRACT: The situation in engineering security for Web services that access databases is as follows: On the one hand, specifications like WS-Security are concerned with the security management for Web services, while on the other hand there exist well established mechanisms for access control in the area of commercial database systems. In handling security for services that rely on database systems, two extreme approaches can currently be observed: The more database-centric one, where the access control decisions are left to the DBMS, and the service-centric authorization approach. The service-centric approach requires a Web service to run under control of the database system provider as operations like queries and updates have to be executed with comprehensive privileges. Authorization has to be enforced by the service itself. In case access control policies of a service are defined independently with regard to the database policies, authorization mismatches are likely to be induced. In our new approach we bridge this gap between DBMS authorization and access control of Web services by supporting reliable and adaptable access control engineering. The policies of the DBMS constitute the basis for the authorization of Web services. These are therefore automatically extracted before they are refined by additional conditions. As a final step, it must be verified that service policies do not grant more permissions than database policies do, thus ensuring reliable service execution.
    07/2004: pages 765-765;