Scalable model-based configuration management of security services in complex enterprise networks

Security administrators face the challenge of designing, deploying and maintaining a variety of configuration files related to security systems, especially in large-scale networks. These files have heterogeneous syntaxes and follow differing semantic concepts. Nevertheless, they are interdependent due to security services having to cooperate and their configuration to be consistent with each other, so that global security policies are completely and correctly enforced. To tackle this problem, our approach supports a comfortable definition of an abstract high-level security policy and provides an automated derivation of the desired configuration files. It is an extension of policy-based management and policy hierarchies, combining model-based management (MBM) with system modularization. MBM employs an object-oriented model of the managed system to obtain the details needed for automated policy refinement. The modularization into abstract subsystems (ASs) segment the system-and the model-into units which more closely encapsulate related system components and provide focused abstract views. As a result, scalability is achieved and even comprehensive IT systems can be modelled in a unified manner. The associated tool MoBaSeC (Model-Based-Service-Configuration) supports interactive graphical modelling, automated model analysis and policy refinement with the derivation of configuration files. We describe the MBM and AS approaches, outline the tool functions and exemplify their applications and results obtained. Copyright (C) 2010 John Wiley & Sons, Ltd.

Perception of eating practices and stages of change among Brazilian adolescents

Objective. To evaluate the perception of eating practices and the stages of change among adolescents. Methods. Cross-sectional study involving a representative sample of 390 adolescents from 11 public schools in the city of Piracicaba, Brazil, in 2004. Food consumption was identified by a food frequency questionnaire and the perception of eating practices evaluation was conducted by comparing food consumption and individual classification of healthy aspects of the diet. The participants were classified within stages of change by means of a specific algorithm. A reclassification within new stages of change was proposed to identify adolescents with similar characteristics regarding food consumption and perception. Results. Low consumption of fruit and vegetables and high consumption of sweets and fats were identified. More than 44% of the adolescents had a mistaken perception of their diet. A significant relationship between the stages of change and food consumption was observed. The reclassification among stages of change, through including the pseudo-maintenance and non-reflective action stages was necessary, considering the high proportion of adolescents who erroneously classified their diets as healthy. Conclusion. Classification of the adolescents into stages of change, together with consumption and perception data, enabled identification of groups at risk, in accordance with their inadequate dietary habits and non-recognition of such habits. (C) 2009 Elsevier Inc. All rights reserved.

The perception of accessibility in Web development by academy, industry and government: a survey of the Brazilian scenario

Accessibility has become a serious issue to be considered by various sectors of the society. However, what are the differences between the perception of accessibility by academy, government and industry? In this paper, we present an analysis of this issue based on a large survey carried out with 613 participants involved with Web development, from all of the 27 Brazilian states. The paper presents results from the data analysis for each sector, along with statistical tests regarding the main different issues related to each of the sectors, such as: government and law, industry and techniques, academy and education. The concern about accessibility law is poor even amongst people from government sector. The analyses have also pointed out that the academy has not been addressing accessibility training accordingly. The knowledge about proper techniques to produce accessible contents is better than other sectors`, but still limited in industry. Stronger investments in training and in the promotion of consciousness about the law may be pointed as the most important tools to help a more effective policy on Web accessibility in Brazil.

Formal validation of automated policy refinement in the management of network security systems

Policy hierarchies and automated policy refinement are powerful approaches to simplify administration of security services in complex network environments. A crucial issue for the practical use of these approaches is to ensure the validity of the policy hierarchy, i.e. since the policy sets for the lower levels are automatically derived from the abstract policies (defined by the modeller), we must be sure that the derived policies uphold the high-level ones. This paper builds upon previous work on Model-based Management, particularly on the Diagram of Abstract Subsystems approach, and goes further to propose a formal validation approach for the policy hierarchies yielded by the automated policy refinement process. We establish general validation conditions for a multi-layered policy model, i.e. necessary and sufficient conditions that a policy hierarchy must satisfy so that the lower-level policy sets are valid refinements of the higher-level policies according to the criteria of consistency and completeness. Relying upon the validation conditions and upon axioms about the model representativeness, two theorems are proved to ensure compliance between the resulting system behaviour and the abstract policies that are modelled.