IPSec Algorithm Implementation

  • Status: [accepted ]

  • Deciders: Lukas Harzenetter

  • Date: 2019-02-07

Context and Problem Statement

In the problem detection and solving approach by Saatkamp et al., detected problems in a topology are solved by specific algorithms. These algorithms must know some semantics in order to perform correctly.

Concretely: The IPSec algorithm must know some kind of abstract Virtual Machine (VM) Node Type, since it replaces unsecure VMs with secure VMs that open a secure connection on the IP level.

Considered Options for VM Nodes

  • VMs collected in a special namespace

  • Abstract VM Node Type

Decision Outcome for VM Nodes

Chosen option: “Abstract VM Node Type” since TOSCA allows inheritance and inheritance creates mor semantic meaning.

Considered Option for Secure VMs

  • Secure VMs collected in a special namespace

  • Abstract Secure VM Node Type

  • Annotate Secure Types with a Tag

Decision Outome for Secure VMs

Chosen option: “Secure VMs collected in a special namspace” since they are special kinds of the “normal” VMs, they should inherit from them (and consequently from the abstract VM type mentioned above) to create a meaningful semantics. However, instead of creating a special namespace, this should be changed to “Annotate Secure Types with a Tag” in near future.

License

Copyright (c) 2019 Contributors to the Eclipse Foundation

See the NOTICE file(s) distributed with this work for additional information regarding copyright ownership.

This program and the accompanying materials are made available under the terms of the Eclipse Public License 2.0 which is available at http://www.eclipse.org/legal/epl-2.0, or the Apache Software License 2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0.

SPDX-License-Identifier: EPL-2.0 OR Apache-2.0