System Architecture Design

pSHIELDSystem Architecture DesignPU• secure service discovery• service composition• service orchestrationSecure service discovery allows any pSHIELD Middleware Adapter to discover in a secure manner theavailable SPD functionalities and services over heterogeneous environment, networks and technologiesthat are achievable by the pSHIELD Embedded System Device (pS-ESD) where it is running. Indeed thepSHIELD secure service discovery uses a variety of discovery protocols (such as SLP 1 , SSDP 2 , NDP 3 ,DNS 4 , SDP 5 , UDDI 6 ) to harvest over the interconnected Embedded System Devices (ESDs) all theavailable SPD services, functionalities, resources and information that can be composed to improve theSPD level of the whole system. In order to properly work, a discovery process must tackle also a secureand dependable service registration, service description and service filtering. The service registrationconsists in advertising in a secure and trusted manner the available SPD services. The advertisement ofeach service is represented by its formal description and it is known in literature as service description.The registered services are discovered whenever their description matches with the query associated tothe discovery process, the matching process is also known in literature as service filtering. On the light ofthe above an SPD services discovery framework is needed as a core SPD functionality of a pSHIELDMiddleware Adapter. Once the available SPD services have been discovered, they must be prepared tobe executed, assuring that the dependencies and all the services preconditions are validated. In order tomanage this phase, a service composition process is needed.Service composition is in charge to select those atomic SPD services that, once composed, provide acomplex and integrated SPD functionality that is essential to guarantee the required SPD level. Theservice composition is a pSHIELD Middleware Adapter functionality that cooperates with the pSHIELDOverlay in order to apply the configuration strategy decided by the Control Algorithms residing in thepSHIELD Security Agent. While the Overlay works on a technology independent fashion composing thebest configuration of aggregated SPD functionalities, the service composition takes into account moretechnology dependent SPD functionalities at Node, Network and Middleware layers. If the Overlaydecides that a specific SPD configuration of the SPD services must be executed, on the basis of theservices’ description, capabilities and requirements, the service composition process ensures that all thedependencies, configuration and pre-conditions associated to that service are validated in order to makeall the atomic SPD services to work properly once composed.When the SPD services have been discovered and a feasible service composition has been identified,those services must be deployed, executed and continuously monitored. This is part of the serviceorchestration pSHIELD Middleware Adapter functionality. While service composition works “off-line”triggered by an event or by the pSHIELD Overlay, service orchestration works “on-line” and iscontinuously operating in background to monitor the SPD status of the running services.1IETF Service Location Protocol V2 - http://www.ietf.org/rfc/rfc2608.txt2UPnP Simple Service Discovery Protocol - http://upnp.org/sdcps-and-certification/standards/3IETF Neighbour Discovery Protocol - http://tools.ietf.org/html/rfc48614IETF Domain Name Specification - http://www.ietf.org/rfc/rfc1035.txt5Bluetooth Service Discovery Protocol6OASIS Universal Description Discovery and Integration - http://www.uddi.org/pubs/uddi_v3.htmPUD2.3.2Issue 5 Page 44 of 122