Fig 4 - uploaded by Joao Porto De Albuquerque
Content may be subject to copyright.
Source publication
The security mechanisms employed in today's networked en- vironments are increasingly complex and their configuration manage- ment has an important role for the protection of these environments. Especially in large scale networks, security administrators are faced with the challenge of designing, deploying, maintaining, and monitoring a huge number...
Contexts in source publication
Context 1
... the highest level in our model is based on RBAC concepts (Sect. 2), the designer starts the development process by mapping the abstract policies, ex- pressed in natural language, to the more formal syntax of RBAC. The top of Fig. 4 shows the resulting model at the RO level for our considered scenario. The basic objects are: the Roles "Company's Worker" and "Anonymous Inter- net User", and the Objects "Internal e-mail", "Website", "Internet e-mail" and "Internet WWW". These objects are associated to AccesModes by means of five AccessPermissions (at the top, on the ...
Context 2
... 4 shows the resulting model at the RO level for our considered scenario. The basic objects are: the Roles "Company's Worker" and "Anonymous Inter- net User", and the Objects "Internal e-mail", "Website", "Internet e-mail" and "Internet WWW". These objects are associated to AccesModes by means of five AccessPermissions (at the top, on the right of Fig. 4), each of the latter corre- sponding to one of the abstract policy statements of the previous section. Thus, for instance, the AccessPermission "allow Internet surfing" models the policy statement P1, associating the role "Company's Worker" to "surfing" and "In- ternet WWW". The other policy statements are analogously modeled by the ...
Context 3
... the User "Anonymous" and the Subject- Type "@Internet" are defined in association with the role "Anonymous Internet User". For the role "Company's Worker", several User objects are grouped in the TypedFolder (Sect. 3.1) "Internal Users", and three SubjectTypes are de- fined: "@main office", "@branch office" and "@remote access" (at the bottom of Fig. 4). These objects map the three types of session that can be established by an employee in the considered scenario, depending on his physical ...
Similar publications
Os mecanismos de segurança empregados em ambientes de redes atuais são de crescente complexidade e o gerenciamento de suas configurações adquire, portanto, um papel fundamental para proteção desses ambientes. Particularmente em redes de computadores de larga escala, os administradores de segurança vêem-se confrontados com o desafio de projetar, imp...
Citations
... This access shall be performed using a VPN connection. Having as input the abstract policy statements and the described network scenario, the configuration development process exemplified here follows a top-down approach [11], evolving through the following steps: ...
... Furthermore, the tool prototype also implements focus & context techniques, substantially improving the navigation and visualization of large models. This topic was further elaborated in [11], which shows how these techniques were associated to the modelling framework developed here to improve the navigation and visualization of large system models. As for future work, the scope of the high-level policies proposed here could be broadened to include other requirements, such as reliability and performance. ...
Security administrators face the challenge of designing, deploying and maintaining a variety of configuration files related to security systems, especially in large-scale networks. These files have heterogeneous syntaxes and follow differing semantic concepts. Nevertheless, they are interdependent due to security services having to cooperate and their configuration to be consistent with each other, so that global security policies are completely and correctly enforced. To tackle this problem, our approach supports a comfortable definition of an abstract high-level security policy and provides an automated derivation of the desired configuration files. It is an extension of policy-based management and policy hierarchies, combining model-based management (MBM) with system modularization. MBM employs an object-oriented model of the managed system to obtain the details needed for automated policy refinement. The modularization into abstract subsystems (ASs) segment the system—and the model—into units which more closely encapsulate related system components and provide focused abstract views. As a result, scalability is achieved and even comprehensive IT systems can be modelled in a unified manner. The associated tool MoBaSeC (Model-Based-Service-Configuration) supports interactive graphical modelling, automated model analysis and policy refinement with the derivation of configuration files. We describe the MBM and AS approaches, outline the tool functions and exemplify their applications and results obtained. Copyright © 2010 John Wiley & Sons, Ltd.
... The approach has shown its practical relevance in a series of case studies [7,8,10] . A supporting tool was implemented and has been employed for the integrated configuration management of packet filters and VPN gateways of realistic network environments, with different number of network elements and growing security policy complexity . ...
... Back-end functions were implemented for the generation of configuration files of the corresponding mechanisms of the OpenBSD operating system (pf and isakmpd), successfully covering the basic functionalities of these mecha- nisms. A comprehensive covering of these application cases lies outside the scope of the present paper as it is done else- where [7,8,10]. To give a flavour of the results achieved, though,Fig. ...
... This paper introduces a formal approach to the validation of policy hierarchies for the model-based management (MBM) of the configuration of network security systems. This validation builds upon a formalism for the modelling framework that appeared in previous works [7,8], in order to establish general conditions that a given system and policy model must uphold to assure the correctness of the policy refinement, i.e. general validation conditions for ensuring that the generated lower-level policies uphold the abstract policies defined by the user. The conditions were based on the general criteria of completeness and consistency, so that the normative meaning conveyed by policies and system model in MBM (analysed in Sect. ...
Policy hierarchies and automated policy refinement are powerful approaches to simplify administration of security services
in complex network environments. A crucial issue for the practical use of these approaches is to ensure the validity of the
policy hierarchy, i.e. since the policy sets for the lower levels are automatically derived from the abstract policies (defined
by the modeller), we must be sure that the derived policies uphold the high-level ones. This paper builds upon previous work
on Model-based Management, particularly on the Diagram of Abstract Subsystems approach, and goes further to propose a formal
validation approach for the policy hierarchies yielded by the automated policy refinement process. We establish general validation
conditions for a multi-layered policy model, i.e. necessary and sufficient conditions that a policy hierarchy must satisfy
so that the lower-level policy sets are valid refinements of the higher-level policies according to the criteria of consistency
and completeness. Relying upon the validation conditions and upon axioms about the model representativeness, two theorems
are proved to ensure compliance between the resulting system behaviour and the abstract policies that are modelled.
... It is a good example of a focus & context interface, which encompasses visualiza- tion techniques that allow a user to center his view on a part of the screen that is displayed in full detail (focus), while at the same time perceiving the wider screen surroundings in a less detailed manner (context). The major advantage of using these techniques is the improved space-time efficiency for the user, i.e. the information displayed per screen area unit is more useful and, consequently, the time required to find an item of interest is reduced as it is more likely to be already displayed [4]. shows an example of interaction. ...
It is common practice nowadays to find, assess and explore the Web by groping scattered information presented through many search results. Browsing interfaces and query sug-gestion techniques attempt to guide the user by providing term recommendations and query phrases. In this paper, we introduce the browsing interface of Kolline, a commu-nity search engine under development. Two case studies are described and two distinct web browsing interfaces are analyzed. Based on this analysis, we present a new brows-ing interface, describing our design decisions and providing directions for future work.
... Para evitar a criação de mais um modelo, nós escolhemos como ponto de partida a abordagem de Gerenciamento Baseado em Modelos (Model-Based Management -MBM) [Lück et al. 2002], uma vez que ele foi aplicado com sucesso para o contexto de redes [Porto de Albuquerque et al. 2005b] e provê ferramentas que auxiliam no projeto de políticas para ambientes de rede grandes e complexos [Porto de Albuquerque et al. 2005a]. Este modelo possui um conjunto interessante de características: ele suporta o projeto de políticas de segurança em diferentes níveis de abstração; utiliza refinamento e validação automática entre níveis de abstração auxiliando no processo de especificação; e utiliza uma representação gráfica que permite a manutenção de uma política consistente em todos os níveis de abstração. ...
O gerenciamento da configuração de mecanismos de segurança em ambientes computacionais está se tornando cada vez mais complexo, especialmente em redes de computadores de larga escala. Administradores de segurança encaram o desafio de projetar e manter políticas de segurança para um enorme número de mecanismos heterogêneos e diferentes sistemas operacionais para garantir a proteção desses ambientes. Para permitir o gerenciamento de configurações de segurança de sistemas operacionais e de rede em um único modelo, este trabalho apresenta uma extensão da abordagem de Gerenciamento Baseado em Modelos aplicado a redes de computadores que inclui gerenciamento de políticas de sistemas operacionais.
... These results are revised and further developed in the formal validation approach presented in [7]. On the other hand, [8] elaborates on the practical use of DAS in large-scale environments, presenting also the diagram visualization and manipulation techniques that were implemented in MoBaSeC to improve the handling of large models. The doctoral thesis summarized in the present paper [7] consolidates and extends the previous works. ...
... These results are revised and further developed in the formal validation approach presented in [7]. On the other hand, [8] elaborates on the practical use of DAS in large-scale environments, presenting also the diagram visualization and manipulation techniques that were implemented in MoBaSeC to improve the handling of large models. The doctoral thesis summarized in the present pa- per [7] consolidates and extends the previous works. ...
... During the modeling, the tool checks the consistency rules defined in the meta-model in order to ensure that the model instance is valid. Furthermore, the tool prototype also implements focus & context techniques in order to substantially improve the navigation and visualization of large models (for further details see [8]). Through a combined use of the techniques fisheye view and semantic zooming associated to the modeling framework developed here, a larger focused area is made possible even if the context of the model is still visible, which leads to an optimization of the screen space. ...
The security mechanisms employed in current networked environments are increasingly complex, and their configuration management has an important role for the protection of these environments. Especially in large scale networks, security administrators are faced with the challenge of designing, deploying, maintaining and monitoring a huge number of mechanisms, most of which have complicated and heterogeneous configuration syntaxes. Consequently, configuration errors are nowadays a frequent cause of security vulnerabilities. This paper summarizes results from a doctoral thesis that offers an approach to the configuration management of network security systems specially suited to the needs of the complex environments of today's organizations. The approach relies upon policy-based management and model-based management, extending these approaches with a modeling framework that allows the design of security systems to be performed in a modular fashion. The model is segmented into logical units (so-called Abstract Subsystems) that enclose a group of security mechanisms and other relevant system entities, offering a more abstract representation of them. In this manner, the administrator is able to design a security system-including its different mechanism types and their mutual relations-by means of an abstract and uniform modeling technique. A software tool supports the approach, offering a diagram editor for models. After the model is complete, the tool performs an automated policy refinement, deriving configuration parameters for each security mechanism in the system.
... These models define policies in a higher level of abstraction relying upon roles. Policies at this level are defined by object manipulation in a graphical interface, similar to the one used by [4], [5]. The next section presents the conceptual models in which our approach is based. ...
... In this paper, policies are based in an object-oriented model which can be divided conceptually into two levels of abstraction—in the sense of a policy hierarchy [6]—as depicted inFig. 1. Policies in the abstract level are more stable and their construction is supported by a graphical tool called MoBaSec, which was also used in other policy-based management applications such as [4], [5]. The abstract level is based on the role-based access control (RBAC) concepts [2] and on one of its extensions, the GRBAC [3]. ...
... This approach employs an object-oriented layered model that aims at providing a smooth transition from an abstract view of the system to be managed and the policies that apply to it down to reaching a detailed system representation at the most inferior layer. It was already applied to the management of different security mechanism types, such as Virtual Private Networks [12], and to the integrated management of a number of network security mechanisms in large-scale, complex network environments [13], [5]. Furthermore, the SIRENA project [4] shows that the MBM approach can be profitably used with the GRBAC to address requirements of dynamic environment conditions. ...
Through the past years, several digital rights man-agement (DRM) solutions for controlled dissemination of dig-ital information have been developed using cryptography and other technologies. Within so many different solutions, however, interoperability problems arise, which increase the interest on integrated design and management of these technologies. Pursu-ing these goals, this paper presents a framework which aims at promoting interoperability among DRM systems, using a service-oriented architecture (SOA) and a high-level policy modeling approach.
... In this manner, a small policy set is sufficient to manage a large and complex system. Thus, policies in the abstract level are relatively static and their construction is supported by a graphical tool, similar to the one used in other policy-based management applications [3]. DRM permissions, however, commonly associate conditions and restrictions to a right (e.g. ...
... The conceptual division of policies in two layers allows for a system view with an appropriate abstraction level. The high-level policy design is also supported by a graphical editor, to be developed using Java and applying the visualization improvements used in [3]. ...
Through the past years, several digital rights management (DRM) solutions for controlled dissemination of digital information
have been developed using cryptography and other technologies. Within so many different solutions, however, interoperability
problems arise, which increase the interest on integrated design and management of these technologies. Pursuing these goals,
this paper presents a framework which aims at promoting interoperability among DRM systems, using a service-oriented architecture
(SOA) and a high-level policy modeling approach.
... Em vez de associar permissões para cada usuário, elas são atribuídas a papéis (subjectroles ), de maneira que um pequeno conjunto de políticaspolíticas´políticasé suficiente para gerenciar um sistema complexo. Por essa razão, políticas no nível abstrato são relativamente estáticas e elaboradas com a ajuda de uma ferramenta gráfica, semelhante a que foi utilizada em outras aplicaçaplicaç˜aplicações de gerenciamento baseado em políticas [Porto de Albuquerque et al. 2005]. O GRBAC, por sua vez, auxilia na criaçcriaç˜criação de políticas de DRM através da introduçintroduç˜introdução dos object e environment-roles. ...
... A separaçseparaç˜separação conceitual das políticas em uma camada abstrata e outra concreta permite uma visão do sistema com um apropriado grau de abstraçabstraç˜abstração. A elaboraçelaboraç˜elaboração das políticas abstrataséabstratas´abstratasé, ainda, auxiliada por um editor gráfico que está em desenvolvimento nos moldes daquele utilizado em [Porto de Albuquerque et al. 2005]. ...
Ao longo dos últimos anos, diversas soluções na área do Gerenciamento de Direitos Digitais, visando a disseminação controlada de informação, têm sido desenvolvidas usando criptografia e outras tecnologias. Diante de tantas soluções diferentes, entretanto, problemas de interoperabilidade surgem, o que aumenta o interesse no gerenciamento integrado daquelas tecnologias. Norteado por esse objetivo, o presente artigo apresenta um framework que busca promover interoperabilidade entre sistemas de DRM, usando uma arquitetura orientada a serviços e uma abordagem para modelagem de políticas em alto nível de abstração.
... Para evitar a criação de mais um modelo, nós escolhemos como ponto de partida a abordagem de Gerenciamento Baseado em Modelos (Model-Based Management -MBM) [Lück et al. 2002], uma vez que ele foi aplicado com sucesso para o contexto de redes [Porto de Albuquerque et al. 2005b] e provê ferramentas que auxiliam no projeto de políticas para ambientes de rede grandes e complexos [Porto de Albuquerque et al. 2005a]. Este modelo possui um conjunto interessante de características: ele suporta o projeto de políticas de segurança em diferentes níveis de abstração; utiliza refinamento e validação automática entre níveis de abstração auxiliando no processo de especificação; e utiliza uma representação gráfica que permite a manutenção de uma política consistente em todos os níveis de abstração. ...
Managing the configuration of security mechanisms of today's com- puters environment is becoming increasingly complex, especially with large scale networks. Security administrators face the challenge of designing and maintaining security policies for a huge number of heterogeneous mechanisms and operating systems to ensure the protection of these environments. To sup- port the configuration of both network and operating system security in one single model, this work presents an extension to the Model-Based Management applied to networks that include operating system policy management.
The importance of intelligent network (IN) obliges each organism to secure continuously and efficient manner all equipment and data flowing in the network. This document proposes recommendations for telecommunications companies to improve the security level of its Intelligent Networks. These recommendations are justified by tests made by appropriate tools and implemented in an application in order to manage user’s traceability. Therefore, the authors develop a traceability management solution to fight against inappropriate changes in network equipment and monitored.
