Master Thesis MSTR-2021-58

BibliographyHeldwein, Elena: Automated compliance management of heterogeneous application infrastructures at runtime.
University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology, Master Thesis No. 58 (2021).
82 pages, english.

The automation of currently manual processes is a common goal in enterprises today, with the purpose of making processes less error prone, more efficient and less costly. Compliance management in information technology (IT) is a business process that has the goal of ensuring that IT components adhere to a set of rules. Rules can stem from many sources, such as laws, regulations and enterprise-internal requirements. These rules can for example affect applications, application runtimes, or infrastructure components that enable the hosting of applications. The process of compliance management consists of multiple steps. When manually executed, these steps are error-prone and costly, as human operators tend to have a high risk of committing errors. Existing research already proposes solutions for enabling compliance management automation at different stages of an IT component's life-cycle, such as design-time, deployment-time or runtime. Research also covers different types of compliance rules, such as behavioural and structural rules. However, a generic approach for compliance management of application infrastructures at runtime was found to be missing. Rules that affect application infrastructures are structural in nature, affecting components and their relations. It cannot be assumed that infrastructures which were compliant when they were initially designed or deployed, will remain compliant during their runtime. One reason for this could be user interactions with the components, which cause changes in the components. This master thesis introduces a solution concept for a generic framework that aims to enable the automated management of currently running infrastructure. The concept takes a model-based approach, representing the currently running components through a graph-based instance model, which uses the Essential Deployment Metamodel (EDMM). Using this model, sets of compliance rules, also described as models, can be evaluated. The method of instance model retrieval, as well as the method of compliance rule description and evaluation, are designed in an extensible way. By providing a metamodel for the generic description of compliance rules, the solution concept introduced by this thesis can be used for many methods of compliance rule description. The output of an execution of the conceptualised framework is an extension of the EDMM, the Issue-Extended EDMM (I-EDMM). It allows the representation of compliance issues in a graph-based manner, by extending a given instance model, and shows which instance model elements are affected by detected issues. Furthermore, a prototype of the solution concept is described, and verified by comparing the prototype architecture and functionality to that of the proposed solution concept. Finally, an outlook consisting of future research challenges is provided.

Full text and
other links
Department(s)University of Stuttgart, Institute of Architecture of Application Systems
Superviser(s)Leymann, Prof. Frank; Breitenbücher, Dr. Uwe; Falazi, Ghareeb; Becker, Martin
Entry dateFebruary 7, 2022
   Publ. Institute   Publ. Computer Science