Location aware self-adapting firewall policies

Private access to corporate servers from Internet can be achieved using various security mechanisms. This article presents a network access control mechanism that employs a policy management architecture empowered with dynamic firewalls. With the existence of such an architecture, system and/or network administrators do not need to reconfigure firewalls when there is a location change in user settings, reconfiguration will be automatic and seamless. The proposed architecture utilizes dynamic firewalls, which adapt their policies according to user locations through the guidance of a policy server. This architecture is composed of a VPN client at user site, a domain firewall with VPN capabilities, a policy server containing a policy decision engine, and policy agents residing in dynamic firewalls, which map policy server decisions to firewall policy rules, at server site

Distribuição de políticas de gerenciamento de redes com ênfase em qualidade de serviço

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Ciência da Computação.O gerenciamento redes tem com finalidade conservar o funcionamento da rede como um todo, desde os serviços apresentados aos usuários à transmissão dos dados. Conforme a evolução das redes, o gerenciamento assumiu papel cada vez mais destacado, onde os administradores de rede aprendem que adicionar largura de banda não é capaz de resolver problemas relacionados ao tráfego. Logo, reservar ou diferenciar recursos não é garantir qualidade de serviços. Neste contexto desenvolver novas formas de gerenciamento de rede é fundamentalmente importante

Mécanismes d'allocation de ressources et fiabilité dans les réseaux coeur de prochaines générations

Définitions et concepts de bases -- Éléments de problématique -- Objectifs de recherche -- Principales contributions -- Revue de littérature -- Modèles de services -- Routage avec Qualité de Service -- Ingénierie de traffic -- Contrôle d'admission avec Qualité de Service -- Fiabilité des réseaux -- A novel admission control mechanism in GMPLS- BASED IP over optical networks -- Problem statement -- Numerical results -- Joint routing and admission control problem under statistical delay and jitter constraints in MPLS networks -- Simulation results -- A survivable multicast routing mechanism in WDM optical networks -- Survivable routing under SRLG constraints -- GR-SMRS : Greedy heuristic for survivable multicast routing under SRLG constraints -- simulation results

Policy analysis for DiffServ quality of service management

EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Service level agreements in spatial data infrastructures

Die vorliegende Arbeit entwickelt ein Konzept für die Integration von Service Level Agreements (SLAs) in Geodateninfrastrukturen (GDIs). Der ausgewählten mehrstufigen Ansatz beinhaltet die Entwicklung eines abstrakten SLA-Modells und einer web-basierten SLA-Management-Architektur. Das Ziel des abstrakten SLA-Modells ist die konzeptionelle Beschreibung der Struktur und des Inhaltes von SLAs speziell für die ausgewählten Anwendungsbereiche. Der Zweck der web-basierten SLA-Management-Architektur ist es, die (Online-) Aushandlung von SLAs in bereits existierenden GDIs zu ermöglichen, ohne dass eine vorherige (Offline-) Kommunikation zwischen Dienstanbieter und Dienstnutzer vonnöten ist. Der gewählte Policy-basierte Ansatz deckt nicht nur die Aushandlung von SLAs und die eigentliche Dienstnutzung ab, es wird der vollständige Lebenszyklus von SLAs unterstützt. Dazu gehört sowohl die permanente Überwachung der angebotenen Dienste als auch die permanente Evaluierung aller aktiven SLAs.This thesis develops a concept for the integration of Service Level Agreements (SLAs) in Spatial Data Infrastructure (SDIs). The selected multi-step approach involves the development of an abstract SLA model and a web-based SLA management architecture. The aim of the abstract SLA model is to describe the domain-specific structure and content of SLAs that can be applied in SDIs from a conceptual point of view. The purpose of the web-based SLA management architecture is to enable the on-demand and online negotiation of SLAs in established SDIs without the need of prior offline communication between service providers and service consumers. The selected policy-based approach covers not only agreement negotiation and service consumption, but also the complete agreement life cycle including service monitoring and agreement evaluation.<br/

Design and implementation of a policy-based resource management architecture

Policy-based management can guide the behavior of a network or distributed system through high-level declarative directives that are dynamically introduced, checked for consistency, refined and evaluated, resulting typically in a series of low-level actions. We actually view policies as a means of extending the functionality of management systems dynamically, in conjunction with pre-existing "hard-wired" management logic. In this paper, we first discuss the policy management aspects of a resource management architecture for IP Differentiated Services networks and we focus on the functionality of the network dimensioning component. We then present a detailed description of the design and implementation of the components of the policy management sub-system needed to be deployed in order to make our system policy-driven. Finally, we present examples of network dimensioning policies describing their transformation from their definition by the operator until their enforcement