Dr. Marcel Graf

Research projects

Deploying a private cloud

See the HEIG-VD Cloud Computing blog.

Big data analytics for IT monitoring

Keeping a modern IT infrastructure running smoothly is a challenge. Systems are complex and built from many interdependent components, the load generated by users is highly variable and components are subject to unexpected failures. System administrators typically use a monitoring system that alerts them to problems that helps them in pinpointing the issue, but there is a lot of manual work involved and system administrators are always under pressure to keep downtimes as short as possible. By systematically collecting performance indicators on all levels of the stack and applying big data analytics on them, it becomes possible to algorithmically predict problems before they occur. Additionally in the case of a crisis the algorithm is able to compare the state of the system to previous crises and make suggestions towards its resolution, helping administrators resolve problems more quickly.

Past projects

Identity and Entitlement Analytics

The configuration of Identity Management systems is hard to understand for business users and weaknesses remain undetected. Development of a tool for transforming operational IT data from several sources into a business-oriented multidimensional OLAP data model.

Implementation using an RDF triple store (Sesame) and Cognos Business Intelligence.

Role Engineering

Pre-product development for a tool that supports data-driven top-down and bottom-up role engineering for implementing Role-Based Access Control (RBAC) in corporate identity and entitlement management systems

Development of the methodology, tool concept for data exploration and visualisation, user experience design and implementation. RDF store for integrating identity, access and organizational data. The tool was released to customers in a beta program to obtain feedback for product development.

Data-Centric Security and Policy Design Tool

An approach for managing security policies for access control that bridges the gap between IT and business decision makers. Policies are not specified against IT resources, but rather against business-oriented ontologies, into which the IT resources are mapped by classification. Formal policies become understandable to decision makers, enabling them to participate in their formulation.

Development of the concept, architecture and implementation of a prototype tool. Use of RDF store for resource descriptions, ontologies, classifications and policies. The Eclipse-based Policy Design Tool for data classification and policy authoring was influential for the development of two IBM Tivoli security products.