Towards a Framework for Automatic Firewalls Configuration via Argumentation Reasoning

Firewalls have been widely used to protect not only small and local networks but also large enterprise networks. The configuration of firewalls is mainly done by network administrators, thus, it suffers from human errors. This paper aims to solve the network administrators' problem by introducing a formal approach that helps to configure centralized and distributed firewalls and automatically generate conflict-free firewall rules. We propose a novel framework, called ArgoFiCo, which is based on argumentation reasoning. Our framework automatically populates the firewalls of a network, given the network topology and the high-level requirements that represent how the network should behave. ArgoFiCo provides two strategies for firewall rules distribution

Reasoning techniques for analysis and refinement of policies for service management

The work described in this technical report falls under the general problem of developing methods that would allow us to engineer software systems that are reliable and would offer a certain acceptable level of quality in their operation. This report shows how the analysis and refinement of policies for Quality of Service can be carried out within logic by exploiting forms of abductive and argumentative reasoning. In particular, it provides two main contributions. The first is an extension of earlier work on the use of abductive reasoning for automatic policy refinement by exploiting the use of integrity constraints within abduction and its integration with constraint solving. This has allowed us to enhance this refinement process in various ways, e.g. supporting parameter values derivation to quantify abstract refinement to specific policies ready to be put in operation, and calculating utility values to determine optimal refined policies. The second contribution is a new approach for modelling and formulating Quality of Service policies, and more general policies for software requirements, as preference policies within logical frameworks of argumentation. This is shown to be a flexible and declarative approach to the analysis of such policies through high-level semantic queries of argumentation, demonstrated here for the particular case of network firewall policies where the logical framework of argumentation allows us to detect anomalies in the firewalls and facilitates the process of their resolution. To our knowledge this is the first time that the link between argumentation and the specification and analysis of requirement policies has been studied

Network Security Automation

L'abstract è presente nell'allegato / the abstract is in the attachmen

The IACS Cybersecurity Certification Framework (ICCF). Lessons from the 2017 study of the state of the art.

The principal goal of this report is to present the experiments of the IACS component Cybersecurity Certification Framework (ICCF) performed in 2017 by the NETs (National Exercise Teams) of several Member States, namely France, Poland and Spain. Based on real life use cases and simulations of ICCF activities, this report documents the current practices of these countries and NET members’ views in relation to IACS products cybersecurity certification. These studies have led to a series of findings that will be useful for the future of the ICCF in the context of the European Cybersecurity Certification Framework. In conclusion, a plan of action is proposed for the 2018-2019 period.JRC.E.2-Technology Innovation in Securit

Evolution of security engineering artifacts: a state of the art survey

Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security engineering artifacts. The article covers the state of the art on evolution of security requirements, security architectures, secure code, security tests, security models, and security risks as well as security monitoring. For each of these artifacts the authors give an overview of evolution and security aspects and discuss the state of the art on its security evolution in detail. Based on this comprehensive survey, they summarize key issues and discuss directions of future research

A framework for implementing bring your own device in higher education institutions in South Africa

Although the concept of Bring Your Own Device (BYOD) was only first introduced in 2009, organisations and higher education institutions have shown an increasing interest in and tolerance for employees and students using their own mobile devices for work and academic purposes, to such an extent that it is predicted that BYOD will become the leading practice for all educational environments by the year 2017. Although mobile device usage is increasing in higher education institutions, it has been found that currently no generally recognised framework exists to aid South African higher education institutions with the implementation of BYOD. The problem is further worsened as research suggests that the number of new mobile vulnerabilities reported each year has increased. The primary objective of this study is to develop a framework for implementing BYOD in higher education institutions in South Africa. This primary objective is divided into several secondary objectives, which collectively aim to address the proposed problem. Therefore, the secondary objectives are to understand BYOD in organisations and the challenges it brings; to determine how BYOD challenges differ in higher education institutions; to determine the key components for implementing BYOD in higher education institutions; to determine the extent to which the BYOD key components relate to a higher education institution in South Africa; and to validate the proposed BYOD framework, verifying its quality, efficacy and utility. At first, a comprehensive literature study is used to determine and understand the benefits, challenges and key components for the implementation of BYOD in both organisations and higher education institutions. Thereafter, a case study is used to determine the extent to which the components, identified in the literature study, relate to an educational institution in South Africa. The findings from the case study, in combination with the key components, are then triangulated and a preliminary framework for implementing BYOD in higher education institutions in South Africa is argued. Furthermore, elite interviews are used to determine the quality, efficacy and utility of the proposed BYOD framework. To address the proposed problem, this research proposes a stepby- step holistic framework to aid South African higher education institutions with the implementation of BYOD. This framework adds a significant contribution to the work on this topic, as it provides a foundation upon which further such research can build. It is believed that such a framework would be useful for higher education institutions in South Africa and would result in the improved implementation of BYOD

Computer Science and Technology Series : XV Argentine Congress of Computer Science. Selected papers

CACIC'09 was the fifteenth Congress in the CACIC series. It was organized by the School of Engineering of the National University of Jujuy. The Congress included 9 Workshops with 130 accepted papers, 1 main Conference, 4 invited tutorials, different meetings related with Computer Science Education (Professors, PhD students, Curricula) and an International School with 5 courses. CACIC 2009 was organized following the traditional Congress format, with 9 Workshops covering a diversity of dimensions of Computer Science Research. Each topic was supervised by a committee of three chairs of different Universities. The call for papers attracted a total of 267 submissions. An average of 2.7 review reports were collected for each paper, for a grand total of 720 review reports that involved about 300 different reviewers. A total of 130 full papers were accepted and 20 of them were selected for this book.Red de Universidades con Carreras en Informática (RedUNCI

Specifying and verifying communities of Web services using argumentative agents

This thesis includes two main contributions: the first one is specifying the use of argumentative agents in the design and development of communities of Web services; the second is using a formal technique to verify communication protocols against given properties for these communities. Web services that provide a similar functionality are gathered into a single community, independently of their origins, locations, and ways of doing. Associating Web services with argumentative agents that are able to persuade and negotiate with others organizes these Web services in a better way so that they can achieve the goals they set in an efficient way. A community is led by a master component, which is responsible among others for attracting new Web services to the community, retaining existing Web services in the community, and identifying the Web services in the community that will participate in composite scenarios. Besides FIPA-ACL, argumentative dialogue games are also used for agent interaction. In this thesis, we use tableau-based model checking algorithm to verify our argumentative agent-base community of Web services negotiation protocol. This algorithm aims at verifying systems designed as a set of autonomous interacting agents. We provide the soundness, completeness, termination and complexity results. We also simulate our specification with Jadex BDI programming language and implement our verification with a modified and enhanced version of CWB-NC model checker. Keywords. Multi-agent systems, BDI agent architecture, model checking, agent oriented programming, FIPA-ACL, dialogue game, agent-based negotiation protocol, Jadex, CWB-NC