A service dependency modeling framework for policy-based response enforcement

International audienceThe use of dynamic access control policies for threat response adapts local response decisions to high level system constraints. However, security policies are often carefully tightened during system design-time, and the large number of service dependencies in a system architecture makes their dynamic adaptation di±cult. The enforcement of a single re- sponse rule requires performing multiple con¯guration changes on multi- ple services. This paper formally describes a Service Dependency Frame- work (SDF) in order to assist the response process in selecting the pol- icy enforcement points (PEPs) capable of applying a dynamic response rule. It automatically derives elementary access rules from the generic access control, either allowed or denied by the dynamic response pol- icy, so they can be locally managed by local PEPs. SDF introduces a requires/provides model of service dependencies. It models the service architecture in a modular way, and thus provides both extensibility and reusability of model components. SDF is de¯ned using the Architecture Analysis and Design Language, which provides formal concepts for mod- eling system architectures. This paper presents a systematic treatment of the dependency model which aims to apply policy rules while minimizing con¯guration changes and reducing resource consumption

SDN based Network Function Parallelism in Cloud

Network function virtualization (NFV) based service function chaining (SFC) allows the provisioning of various security and traffic engineering applications in a cloud network. Inefficient deployment of network functions can lead to security violations and performance overhead. In an OpenFlow enabled cloud, the key problem with current mechanisms is that several packet field match and flow rule action sets associated with the network functions are non-overlapping and can be parallelized for performance enhancement. We introduce Network Function Parallelism (NFP) SFC-NFP for OpenFlow network. Our solution utilizes network function parallelism over the OpenFlow rules to improve SFC performance in the cloud network. We have utilized the DPDK platform with an OpenFlow switch (OVS) for experimental analysis. Our solution achieves a 1.40-1.90x reduction in latency for SFC in an OpenStack cloud network managed by the SDN framework.Comment: 5 page

Indirect Internationalization of New Ventures: A Development And Test of Two Theories

This paper develops resource dependency and institutional theory arguments for explaining SME involvement in direct and indirect (via intermediaries) export activity. Based on resource dependency theory, we argue that a desire to leverage resources in a favorable home market may explain SME direct and indirect export activity. Building on institutional theory, we argue that SMEs operating in an organization field that is perceived as becoming more international will be more likely to export, either directly or indirectly. The theory arguments are tested using a sample of 871 Dutch SMEs. Results from binomial and multinomial logit regressions indicate the following: firms in the production industry are most likely to use export intermediaries, as are firm that face favorable home-country access to investors and banks and favorable home-country government regulations for businesses. In line with institutional theory arguments, firms are most likely to export, directly or indirectly, when the organization field is characterized by domestic competitors and customers who increasingly operate abroad and by an increased use of foreign suppliers. Compared to the direct mode, firms pursuing indirect modes are more likely to perceive favorable national finance market access and less likely to perceive favorable national production costs

Towards an aspect weaving BPEL engine

This position paper proposes the use of dynamic aspects and the visitor design pattern to obtain a highly configurable and extensible BPEL engine. Using these two techniques, the core of this infrastructural software can be customised to meet new requirements and add features such as debugging, execution monitoring, or changing to another Web Service selection policy. Additionally, it can easily be extended to cope with customer-specific BPEL extensions. We propose the use of dynamic aspects not only on the engine itself but also on the workflow in order to tackle the problems of Web Service hot deployment and hot fixes to long running processes. In this way, composing aWeb Service "on-the-fly" means weaving its choreography interface into the workflow