23,611 research outputs found

    A service dependency modeling framework for policy-based response enforcement

    Get PDF
    International audienceThe use of dynamic access control policies for threat response adapts local response decisions to high level system constraints. However, security policies are often carefully tightened during system design-time, and the large number of service dependencies in a system architecture makes their dynamic adaptation di±cult. The enforcement of a single re- sponse rule requires performing multiple con¯guration changes on multi- ple services. This paper formally describes a Service Dependency Frame- work (SDF) in order to assist the response process in selecting the pol- icy enforcement points (PEPs) capable of applying a dynamic response rule. It automatically derives elementary access rules from the generic access control, either allowed or denied by the dynamic response pol- icy, so they can be locally managed by local PEPs. SDF introduces a requires/provides model of service dependencies. It models the service architecture in a modular way, and thus provides both extensibility and reusability of model components. SDF is de¯ned using the Architecture Analysis and Design Language, which provides formal concepts for mod- eling system architectures. This paper presents a systematic treatment of the dependency model which aims to apply policy rules while minimizing con¯guration changes and reducing resource consumption

    SDN based Network Function Parallelism in Cloud

    Full text link
    Network function virtualization (NFV) based service function chaining (SFC) allows the provisioning of various security and traffic engineering applications in a cloud network. Inefficient deployment of network functions can lead to security violations and performance overhead. In an OpenFlow enabled cloud, the key problem with current mechanisms is that several packet field match and flow rule action sets associated with the network functions are non-overlapping and can be parallelized for performance enhancement. We introduce Network Function Parallelism (NFP) SFC-NFP for OpenFlow network. Our solution utilizes network function parallelism over the OpenFlow rules to improve SFC performance in the cloud network. We have utilized the DPDK platform with an OpenFlow switch (OVS) for experimental analysis. Our solution achieves a 1.40-1.90x reduction in latency for SFC in an OpenStack cloud network managed by the SDN framework.Comment: 5 page

    Indirect Internationalization of New Ventures: A Development And Test of Two Theories

    Get PDF
    This paper develops resource dependency and institutional theory arguments for explaining SME involvement in direct and indirect (via intermediaries) export activity. Based on resource dependency theory, we argue that a desire to leverage resources in a favorable home market may explain SME direct and indirect export activity. Building on institutional theory, we argue that SMEs operating in an organization field that is perceived as becoming more international will be more likely to export, either directly or indirectly. The theory arguments are tested using a sample of 871 Dutch SMEs. Results from binomial and multinomial logit regressions indicate the following: firms in the production industry are most likely to use export intermediaries, as are firm that face favorable home-country access to investors and banks and favorable home-country government regulations for businesses. In line with institutional theory arguments, firms are most likely to export, directly or indirectly, when the organization field is characterized by domestic competitors and customers who increasingly operate abroad and by an increased use of foreign suppliers. Compared to the direct mode, firms pursuing indirect modes are more likely to perceive favorable national finance market access and less likely to perceive favorable national production costs
    • 

    corecore