A model for the analysis of security policies in service function chains

Two emerging architectural paradigms, i.e., Software Defined Networking (SDN) and Network Function Virtualization (NFV), enable the deployment and management of Service Function Chains (SFCs). A SFC is an ordered sequence of abstract Service Functions (SFs), e.g., firewalls, VPN-gateways,traffic monitors, that packets have to traverse in the route from source to destination. While this appealing solution offers significant advantages in terms of flexibility, it also introduces new challenges such as the correct configuration and ordering of SFs in the chain to satisfy overall security requirements. This paper presents a formal model conceived to enable the verification of correct policy enforcements in SFCs. Software tools based on the model can then be designed to cope with unwanted network behaviors (e.g., security flaws) deriving from incorrect interactions of SFs in the same SFC

Policy Conflict Analysis in Distributed System Management

Accepted versio

Policy based roles for distributed systems security

Distributed systems are increasingly being used in commercial environments necessitating the development of trustworthy and reliable security mechanisms. There is often no clear informal or formal specification of enterprise authorisation policies and no tools to translate policy specifications to access control implementation mechanisms such as capabilities or Access Control Lists. It is thus difficult to analyse the policy to detect conflicts or flaws and it is difficult to verify that the implementation corresponds to the policy specification. We present in this paper a framework for the specification of management policies. We are concerned with two types of policies: obligations which specify what activities a manager or agent must or must not perform on a set of target objects and authorisations which specify what activities a subject (manager or agent) can or can not perform on the set of target objects. Management policies are then grouped into roles reflecting the organisation..

Harmonizing Climate Change Mitigation and Adaptation in Transportation and Land-Use Planning in California Cities

Abstract: Recent extreme weather events in California—wildfires, drought, and flooding—make abundantly clear the need to plan effective responses to both the causes and the consequences of climate change. A central challenge for climate planning efforts has been identifying transportation and land-use (TLU) strategies that simultaneously reduce greenhouse gas emissions (“mitigation”) and adapt communities so that they will be less affected by the adverse impacts of climate change (“adaptation”). Sets of policies that collectively address both mitigation and adaptation are known as “integrated actions.” This study explores municipal climate planning in California to determine whether cities incorporate integrated actions into their plans, assess the potential drivers of conflict between mitigation and adaptation in municipal plans, and identify ways the State of California can help cities more effectively incorporate integrated actions. The study methods consisted of a detailed analysis of climate planning documents from 23 California cities with particularly long histories of climate planning, plus interviews with 25 local, regional, and state officials who work on municipal climate planning. The authors found that some cities did adopt packages of integrated actions, and, promisingly, two cities with recently updated climate plans explicitly focused on the need for integrated actions. However, most cities addressed climate mitigation and adaptation in separate efforts, potentially reducing synergies between the two types of action and even creating conflicts. Since the first generation of climate action plans focused primarily on mitigation of greenhouse gases (GHGs), adaptation strategies have not yet been effectively or fully combined into mitigation plans in many cities. Also, a cross-comparison of plan content and interview data suggests that cities often had sets of policies that could potentially create conflicts—mitigation policies that would undermine adaptation capacity, and vice versa. In addition, where a city did adopt integrated actions, these efforts are typically not labeled as such, nor do the policies appear within the same policy document. The study findings suggest promising steps that both municipal and state governments can take to support integrated TLU actions at the local level. For example, cities can proactively link the content in climate mitigation and adaptation plans—a process that will require building the capacity for cross-collaboration between the various departments in charge of developing, implementing, and monitoring climate-related plans. As for the state government, it can provide funding specifically for planning and implementing integrated actions, offer technical support to help municipalities adopt programs and projects that produce integrated mitigation and adaptation benefits, and fund research in the area of integrated actions

Modeling and Reasoning over Distributed Systems using Aspect-Oriented Graph Grammars

Aspect-orientation is a relatively new paradigm that introduces abstractions to modularize the implementation of system-wide policies. It is based on a composition operation, called aspect weaving, that implicitly modifies a base system by performing related changes within the system modules. Aspect-oriented graph grammars (AOGG) extend the classic graph grammar formalism by defining aspects as sets of rule-based modifications over a base graph grammar. Despite the advantages of aspect-oriented concepts regarding modularity, the implicit nature of the aspect weaving operation may also introduce issues when reasoning about the system behavior. Since in AOGGs aspect weaving is characterized by means of rule-based rewriting, we can overcome these problems by using known analysis techniques from the graph transformation literature to study aspect composition. In this paper, we present a case study of a distributed client-server system with global policies, modeled as an aspect-oriented graph grammar, and discuss how to use the AGG tool to identify potential conflicts in aspect weaving

Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

Aligning a Service Provisioning Model of a Service-Oriented System with the ITIL v.3 Life Cycle

Bringing together the ICT and the business layer of a service-oriented system (SoS) remains a great challenge. Few papers tackle the management of SoS from the business and organizational point of view. One solution is to use the well-known ITIL v.3 framework. The latter enables to transform the organization into a service-oriented organizational which focuses on the value provided to the service customers. In this paper, we align the steps of the service provisioning model with the ITIL v.3 processes. The alignment proposed should help organizations and IT teams to integrate their ICT layer, represented by the SoS, and their business layer, represented by ITIL v.3. One main advantage of this combined use of ITIL and a SoS is the full service orientation of the company.Comment: This document is the technical work of a conference paper submitted to the International Conference on Exploring Service Science 1.5 (IESS 2015

Semantic-based policy engineering for autonomic systems

This paper presents some important directions in the use of ontology-based semantics in achieving the vision of Autonomic Communications. We examine the requirements of Autonomic Communication with a focus on the demanding needs of ubiquitous computing environments, with an emphasis on the requirements shared with Autonomic Computing. We observe that ontologies provide a strong mechanism for addressing the heterogeneity in user task requirements, managed resources, services and context. We then present two complimentary approaches that exploit ontology-based knowledge in support of autonomic communications: service-oriented models for policy engineering and dynamic semantic queries using content-based networks. The paper concludes with a discussion of the major research challenges such approaches raise