Open Source Adoption In Large US Companies

Various organizations increasingly adopt open source software, both on desktop PCs and servers. Since the first movements in open source in the 1960’s its growth has lead to new approaches in software development, licensing, and distribution, as well as in software vendors’ business models. The literature includes very interesting studies regarding prospective benefits, business models and case studies. However, the adoption of open source in large, global companies and its relationship with factors such as profitability, revenues and industry sector has not yet been researched. This study aims to answer these questions based on data we collected from Fortune 1000 companies and provides a method that can be applied in similar contexts

Toward Provenance-Based Security for Configuration Languages

Large system installations are increasingly configured using high-level, mostly-declarative languages. Often, different users contribute data that is compiled centrally and distributed to individual systems. Although the systems themselves have been developed with reliability and availability in mind, the configuration compilation process can lead to unforeseen vulnerabilities because of the lack of access control on the different components combined to build the final configuration. Even if simple change-based access controls are applied to validate changes to the final version, changes can be lost or incorrectly attributed. Based on the growing literature on provenance for database queries and other models of computation, we identify a potential application area for provenance to securing configuration languages.

Utilizing Simple Hacking Techniques to Teach System Security and Hacker Identification

This first half of this paper details the tools and methodologies employed to determine the identity and physical location of a hacker who infiltrated a server and altered a Web page. The second half of this paper recreates the scenario in a laboratory environment, in order to instruct students on system administration, server security, network management, and basic data communications

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

Managing Real-World System Configurations with Constraints

Managing large computing infrastructures in a reliable and efficient way requires system configuration tools which accept higher-level specifications. This paper describes an interface between the established configuration tool LCFG, and the experimental configuration tool PoDIM. The com-bined system is used to generate explicit real-world con-figurations from high-level, constraint-based specifications. The concept is validated using live data from a large pro-duction installation. This demonstrates that a loosely-coupled, multi-layer approach can be used to construct con-figuration tools which translate high-level requirements into deployable production configurations.

Gestion de la Sécurité pour le Cyber-Espace - Du Monitorage Intelligent à la Configuration Automatique

The Internet has become a great integration platform capable of efficiently interconnecting billions of entities, from simple sensors to large data centers. This platform provides access to multiple hardware and virtualized resources (servers, networking, storage, applications, connected objects) ranging from cloud computing to Internet-of-Things infrastructures. From these resources that may be hosted and distributed amongst different providers and tenants, the building and operation of complex and value-added networked systems is enabled. These systems arehowever exposed to a large variety of security attacks, that are also gaining in sophistication and coordination. In that context, the objective of my research work is to support security management for the cyberspace, with the elaboration of new monitoring and configuration solutionsfor these systems. A first axis of this work has focused on the investigation of smart monitoring methods capable to cope with low-resource networks. In particular, we have proposed a lightweight monitoring architecture for detecting security attacks in low-power and lossy net-works, by exploiting different features provided by a routing protocol specifically developed for them. A second axis has concerned the assessment and remediation of vulnerabilities that may occur when changes are operated on system configurations. Using standardized vulnerability descriptions, we have designed and implemented dedicated strategies for improving the coverage and efficiency of vulnerability assessment activities based on versioning and probabilistic techniques, and for preventing the occurrence of new configuration vulnerabilities during remediation operations. A third axis has been dedicated to the automated configuration of virtualized resources to support security management. In particular, we have introduced a software-defined security approach for configuring cloud infrastructures, and have analyzed to what extent programmability facilities can contribute to their protection at the earliest stage, through the dynamic generation of specialized system images that are characterized by low attack surfaces. Complementarily, we have worked on building and verification techniques for supporting the orchestration of security chains, that are composed of virtualized network functions, such as firewalls or intrusion detection systems. Finally, several research perspectives on security automation are pointed out with respect to ensemble methods, composite services and verified artificial intelligence.L’Internet est devenu une formidable plateforme d’intégration capable d’interconnecter efficacement des milliards d’entités, de simples capteurs à de grands centres de données. Cette plateforme fournit un accès à de multiples ressources physiques ou virtuelles, allant des infra-structures cloud à l’internet des objets. Il est possible de construire et d’opérer des systèmes complexes et à valeur ajoutée à partir de ces ressources, qui peuvent être déployées auprès de différents fournisseurs. Ces systèmes sont cependant exposés à une grande variété d’attaques qui sont de plus en plus sophistiquées. Dans ce contexte, l’objectif de mes travaux de recherche porte sur une meilleure gestion de la sécurité pour le cyberespace, avec l’élaboration de nouvelles solutions de monitorage et de configuration pour ces systèmes. Un premier axe de ce travail s’est focalisé sur l’investigation de méthodes de monitorage capables de répondre aux exigences de réseaux à faibles ressources. En particulier, nous avons proposé une architecture de surveillance adaptée à la détection d’attaques dans les réseaux à faible puissance et à fort taux de perte, en exploitant différentes fonctionnalités fournies par un protocole de routage spécifiquement développépour ceux-ci. Un second axe a ensuite concerné la détection et le traitement des vulnérabilités pouvant survenir lorsque des changements sont opérés sur la configuration de tels systèmes. En s’appuyant sur des bases de descriptions de vulnérabilités, nous avons conçu et mis en œuvre différentes stratégies permettant d’améliorer la couverture et l’efficacité des activités de détection des vulnérabilités, et de prévenir l’occurrence de nouvelles vulnérabilités lors des activités de traitement. Un troisième axe fut consacré à la configuration automatique de ressources virtuelles pour la gestion de la sécurité. En particulier, nous avons introduit une approche de programmabilité de la sécurité pour les infrastructures cloud, et avons analysé dans quelle mesure celle-ci contribue à une protection au plus tôt des ressources, à travers la génération dynamique d’images systèmes spécialisées ayant une faible surface d’attaques. De façon complémentaire, nous avonstravaillé sur des techniques de construction automatique et de vérification de chaînes de sécurité, qui sont composées de fonctions réseaux virtuelles telles que pare-feux ou systèmes de détection d’intrusion. Enfin, plusieurs perspectives de recherche relatives à la sécurité autonome sont mises en évidence concernant l’usage de méthodes ensemblistes, la composition de services, et la vérification de techniques d’intelligence artificielle

A promising cfengine Linux router

With the multiplicity usage of computer networking devices called router, it is becoming common practice for everybody who would like to be online making this technology be the most responsible for allowing one of the 20th century’s greatest communications developments, the internet, to exist and become very popular in these days. Network management is important and necessary when dealing with a load of routers from different manufacturers because they have very different configuration languages which are proprietary and completely separate from server configuration. To discover whether these incompatible languages can be unified into a single open standard that can be integrated into servermanagement by using promise theory is our goal. This thesis considers both practical and theoretical parts. It consists of building a linux router, modeling a set of routing configurations using promise theory and designing a set of promises for cfengine 3 which can configure the router directly from the cfengine 3 promise language.Master i nettverks- og systemadministrasjo