Modelling and Analysis of Network Security Policies

Nowadays, computers and network communications have a pervasive presence in all our daily activities. Their correct configuration in terms of security is becoming more and more complex due to the growing number and variety of services present in a network. Generally, the security configuration of a computer network is dictated by specifying the policies of the security controls (e.g. firewall, VPN gateway) in the network. This implies that the specification of the network security policies is a crucial step to avoid errors in network configuration (e.g., blocking legitimate traffic, permitting unwanted traffic or sending insecure data). In the literature, an anomaly is an incorrect policy specification that an administrator may introduce in the network. In this thesis, we indicate as policy anomaly any conflict (e.g. two triggered policy rules enforcing contradictory actions), error (e.g. a policy cannot be enforced because it requires a cryptographic algorithm not supported by the security controls) or sub-optimization (e.g. redundant policies) that may arise in the policy specification phase. Security administrators, thus, have to face the hard job of correctly specifying the policies, which requires a high level of competence. Several studies have confirmed, in fact, that many security breaches and breakdowns are attributable to administrators’ responsibilities. Several approaches have been proposed to analyze the presence of anomalies among policy rules, in order to enforce a correct security configuration. However, we have identified two limitations of such approaches. On one hand, current literature identifies only the anomalies among policies of a single security technology (i.e., IPsec, TLS), while a network is generally configured with many technologies. On the other hand, existing approaches work on a single policy type, also named domain (i.e., filtering, communication protection). Unfortunately, the complexity of real systems is not self-contained and each network security control may affect the behavior of other controls in the same network. The objective of this PhD work was to investigate novel approaches for modelling security policies and their anomalies, and formal techniques of anomaly analysis. We present in this dissertation our contributions to the current policy analysis state of the art and the achieved results. A first contribution was the definition of a new class of policy anomalies, i.e. the inter-technology anomalies, which arises in a set of policies of multiple security technologies. We provided also a formal model able to detect these new types of anomalies. One of the results achieved by applying the inter-technology analysis to the communication protection policies was to categorize twelve new types of anomalies. The second result of this activity was derived from an empirical assessment that proved the practical significance of detecting such new anomalies. The second contribution of this thesis was the definition of a newly-defined type of policy analysis, named inter-domain analysis, which identifies any anomaly that may arise among different policy domains. We improved the state of the art by proposing a possible model to detect the inter-domain anomalies, which is a generalization of the aforementioned inter-technology model. In particular, we defined the Unified Model for Policy Analysis (UMPA) to perform the inter-domain analysis by extending the analysis model applied for a single policy domain to comprehensive analysis of anomalies among many policy domains. The result of this last part of our dissertation was to improve the effectiveness of the analysis process. Thanks to the inter-domain analysis, indeed, administrators can detect in a simple and customizable way a greater set of anomalies than the sets they could detect by running individually any other model

APFIC/FAO Regional Consultative Workshop: Securing sustainable small-scale fisheries: Bringing together responsible fisheries and social development, Windsor Suites Hotel, Bangkok, Thailand 68 October 2010

In the Global Overview, we attempt to view reefs in terms of the poor who are dependent on reefs for their livelihoods, how the reefs benefit the poor, how changes in the reef have impacted the lives of the poor and how the poor have responded and coped with these changes. It also considers wider responses to reef issues and how these interventions have impacted on the lives of the poor

Vulnerability reduction of infrastructure reconstruction projects

Various infrastructure segments of numerous countries have been repeatedly subjected to natural and man-made disasters. The potential reason of damaging infrastructure facilities and their services is resultant disaster risks due to natural or man-made hazards connect with vulnerable infrastructure facilities and vulnerable communities. The simplest way to prevent or mitigate disaster losses is addressing vulnerabilities. The main study based on which this paper was compiled aimed at exploring and investigating the vulnerabilities of infrastructures and communities benefited from infrastructures and possible solutions to overcome them. This paper presents the literature review conducted on vulnerabilities of infrastructures and empirical evidence collated on best possible DRR strategies to overcome such vulnerabilities of infrastructures. The main study was conducted using case study strategy and the expert interviews. This paper is entirely based on the data collated from the expert interviews conducted in Sri Lanka and United Kingdom. The expert interviews discovered various DRR strategies to overcome the vulnerabilities of the infrastructure project

Analysis of Intergenerational Policy Models

Contemporary demographic processes forcing increasing attention to the problems of relationships and dependencies between the different age groups. The ageing of the population in each society leads to changes in the contacts between young people, adults and the elderly. It is reasonable to undertake research on the concept of "solidarity of generations". Maintaining relationships without generational conflict requires actions in the field of social policy known as intergenerational policy. Aim of this article is to present some of its models, which allow not only to analyze the changes in the various communities, but also to create recommendations for public intervention. Description will include activities at the international, national, regional and local levels

The Court, FCC and Internet Policy: Partly with

The paper aims to explore the contour of internet regulation with a thread of Brand X , which navigates through constitutionalism, separation of powers, as well as business and economic or political implications enshrined behind it. An exemplary insight with the Korean case was adverted that could lead to the comparative perspective of internet law and regulation for the future research. The research was conducted by employing qualitative investigation, mainly relying on textual analysis and documentary examination. The outcome of research generally corroborates with our assumption that i) the increasing administrative state will variegate the traditional interplay of three branches, ii) expert bureaucracy stands at the core of policy shaping because of the necessary new concept of market and policy specialization, iii) the role of US government is not only pioneering, but also influential as a regulator, but comparatively with differing national jurisdictions if not a negligible implications on the international competition or even conflict

Ecosystem Approach to Fisheries and Aquaculture: Implementing the FAO Code of Conduct for Responsible Fisheries

This publication provides guidance on how to implement the FAO Code of Conduct for Responsible Fisheries (CCRF) using an ecosystem approach to fisheries and aquaculture. The CCRF is a voluntary code covering all aspects of the management and development of fisheries and is designed to ensure sustainable development without adversely affecting the livelihoods of local communities that share the same resources as the fisheries. The authors outline the basic principles of the CCRF, describe concrete steps to be taken to use the ecosystem approach effectively, and recommend certain institutional changes and reforms that will be necessary if the potential of the ecosystem approach is to be realized in the Asia-Pacific region. The most significant reform needed is a paradigm shift in policy from one that is production oriented to one that is benefits oriented (social and economic). There is evidence that this is already being undertaken in the region with efforts being made to limit access, reduce the number of fishing vessels and introduce community-based rights systems. Stakeholder participation is essential and existing legal instruments and practices that interact with or impact fisheries may also need to be reconsidered, and adjustments made where necessary. In the future, it may even be necessary to regulate the inter-sectoral interactions and impacts through primary legislation. To promote broader adoption and implementation of the ecosystem approach by member countries, a wide range of regional activities is suggested by the authors including a media campaign, the building of fishery alliances among countries and capacity building in fishery agencies

Framing the UK’s counter-terrorism policy within the context of a wicked problem

Terrorist attacks can be seen as the ultimate wicked problem. After 9/11, terrorists moved from so-called ‘spectacular’ events to relatively low-intensity attacks against individuals and groups. The emergence of what has become known as the ‘home-grown’ terrorist has added a further dimension to the ‘wicked’ nature of the problem. This paper considers the UK’s CONTEST and PREVENT strategies as a policy response to the threats from terrorism and the impact that the policies themselves can have on the radicalization of individuals. The author highlights some of the limitations of the PREVENT strand of the overall strategy and the constraints that are imposed on government policies by failing to take a holistic perspective on the nature of the problem