Scalable model-based configuration management of security services in complex enterprise networks

Security administrators face the challenge of designing, deploying and maintaining a variety of configuration files related to security systems, especially in large-scale networks. These files have heterogeneous syntaxes and follow differing semantic concepts. Nevertheless, they are interdependent due to security services having to cooperate and their configuration to be consistent with each other, so that global security policies are completely and correctly enforced. To tackle this problem, our approach supports a comfortable definition of an abstract high-level security policy and provides an automated derivation of the desired configuration files. It is an extension of policy-based management and policy hierarchies, combining model-based management (MBM) with system modularization. MBM employs an object-oriented model of the managed system to obtain the details needed for automated policy refinement. The modularization into abstract subsystems (ASs) segment the system-and the model-into units which more closely encapsulate related system components and provide focused abstract views. As a result, scalability is achieved and even comprehensive IT systems can be modelled in a unified manner. The associated tool MoBaSeC (Model-Based-Service-Configuration) supports interactive graphical modelling, automated model analysis and policy refinement with the derivation of configuration files. We describe the MBM and AS approaches, outline the tool functions and exemplify their applications and results obtained. Copyright (C) 2010 John Wiley & Sons, Ltd.

Formal validation of automated policy refinement in the management of network security systems

Policy hierarchies and automated policy refinement are powerful approaches to simplify administration of security services in complex network environments. A crucial issue for the practical use of these approaches is to ensure the validity of the policy hierarchy, i.e. since the policy sets for the lower levels are automatically derived from the abstract policies (defined by the modeller), we must be sure that the derived policies uphold the high-level ones. This paper builds upon previous work on Model-based Management, particularly on the Diagram of Abstract Subsystems approach, and goes further to propose a formal validation approach for the policy hierarchies yielded by the automated policy refinement process. We establish general validation conditions for a multi-layered policy model, i.e. necessary and sufficient conditions that a policy hierarchy must satisfy so that the lower-level policy sets are valid refinements of the higher-level policies according to the criteria of consistency and completeness. Relying upon the validation conditions and upon axioms about the model representativeness, two theorems are proved to ensure compliance between the resulting system behaviour and the abstract policies that are modelled.

Women's satisfaction with childbirth's experience in different models of care: a descriptive study

Com o objetivo de comparar a satisfação das mulheres com a experiência do parto em três modelos assistenciais, foi realizada pesquisa descritiva, com abordagem quantitativa, em dois hospitais públicos de São Paulo, um promovendo o modelo "Típico" e o outro com um centro de parto intra-hospitalar (modelo "CPNIH") e um peri-hospitalar (modelo "CPNPH"). A amostra foi constituída por 90 puérperas, 30 de cada modelo. A comparação entre os resultados referentes à satisfação das mulheres com o atendimento prestado pelos profissionais de saúde, com a qualidade da assistência e os motivos de satisfação e insatisfação, com a indicação ou recomendação dos serviços recebidos, com a sensação de segurança no processo e com as sugestões de melhorias, mostrou que o modelo CPHPH foi o melhor avaliado, vindo em seguida o CPNIH e por último o Típico. Conclui-se que o modelo peri-hospitalar de assistência ao parto deveria receber maior apoio do SUS, por se constituir em serviço em que as mulheres se mostram satisfeitas com a atenção recebida

The role of heritage in revalorization politicos of urban space

Certain areas of the city of Sao Paulo, as many others around the world, including in Lisbon, Barcelona and Buenos Aires, have been going through a process of requalification, in special the ones commonly known as old and/or traditional city. Regarding Sao Paulo, some exceptional actions have been taken downtown with investments in rehabilitation/requalification of areas that concentrated the historical, urbanistic and cultural heritages, such as Praca da S and its cathedral, as well as the revaluation/rehabilitation projects of other squares like Praca da Republica, other areas as the previously called Cracolandia (due to high consumption/deal of crack), known today as Nova Luz, besides propositions to reevaluate areas already modified, such as Vale do Anhangabau. In all propositions to modify sites, it is firstly underlined its deterioration, litter and the presence of low-income populations (passer-bys, street vendors or residents), generally stigmatized as ""potential suspects"", emphasizing danger and lack of security in those places. This belief, which has become consensual, results in that: public as well as private companies promote the rehabilitation of the areas basing their reasoning in the necessity of adding value to the existing urban heritage, although, as it will be discussed in this paper, part of this heritage might be destroyed in this very process, under the allegation that upon completion, the action would allow the social, cultural and economical revaluation/requalification of the area. This paper is intended to provide a contribution to this discussion.

A family of implementation-friendly BN elliptic curves

For the last decade, elliptic curve cryptography has gained increasing interest in industry and in the academic community. This is especially due to the high level of security it provides with relatively small keys and to its ability to create very efficient and multifunctional cryptographic schemes by means of bilinear pairings. Pairings require pairing-friendly elliptic curves and among the possible choices, Barreto-Naehrig (BN) curves arguably constitute one of the most versatile families. In this paper, we further expand the potential of the BN curve family. We describe BN curves that are not only computationally very simple to generate, but also specially suitable for efficient implementation on a very broad range of scenarios. We also present implementation results of the optimal ate pairing using such a curve defined over a 254-bit prime field. (C) 2001 Elsevier Inc. All rights reserved.

A survey on key management mechanisms for distributed Wireless Sensor Networks

Wireless Sensor Networks (WSNs) have a vast field of applications, including deployment in hostile environments. Thus, the adoption of security mechanisms is fundamental. However, the extremely constrained nature of sensors and the potentially dynamic behavior of WSNs hinder the use of key management mechanisms commonly applied in modern networks. For this reason, many lightweight key management solutions have been proposed to overcome these constraints. In this paper, we review the state of the art of these solutions and evaluate them based on metrics adequate for WSNs. We focus on pre-distribution schemes well-adapted for homogeneous networks (since this is a more general network organization), thus identifying generic features that can improve some of these metrics. We also discuss some challenges in the area and future research directions. (C) 2010 Elsevier B.V. All rights reserved.

Providing Integrity and Authenticity in DICOM Images: A Novel Approach

The increasing adoption of information systems in healthcare has led to a scenario where patient information security is more and more being regarded as a critical issue. Allowing patient information to be in jeopardy may lead to irreparable damage, physically, morally, and socially to the patient, potentially shaking the credibility of the healthcare institution. Medical images play a crucial role in such context, given their importance in diagnosis, treatment, and research. Therefore, it is vital to take measures in order to prevent tampering and determine their provenance. This demands adoption of security mechanisms to assure information integrity and authenticity. There are a number of works done in this field, based on two major approaches: use of metadata and use of watermarking. However, there still are limitations for both approaches that must be properly addressed. This paper presents a new method using cryptographic means to improve trustworthiness of medical images, providing a stronger link between the image and the information on its integrity and authenticity, without compromising image quality to the end user. Use of Digital Imaging and Communications in Medicine structures is also an advantage for ease of development and deployment.

FAST, PARALLEL AND SECURE CRYPTOGRAPHY ALGORITHM USING LORENZ`S ATTRACTOR

A novel cryptography method based on the Lorenz`s attractor chaotic system is presented. The proposed algorithm is secure and fast, making it practical for general use. We introduce the chaotic operation mode, which provides an interaction among the password, message and a chaotic system. It ensures that the algorithm yields a secure codification, even if the nature of the chaotic system is known. The algorithm has been implemented in two versions: one sequential and slow and the other, parallel and fast. Our algorithm assures the integrity of the ciphertext (we know if it has been altered, which is not assured by traditional algorithms) and consequently its authenticity. Numerical experiments are presented, discussed and show the behavior of the method in terms of security and performance. The fast version of the algorithm has a performance comparable to AES, a popular cryptography program used commercially nowadays, but it is more secure, which makes it immediately suitable for general purpose cryptography applications. An internet page has been set up, which enables the readers to test the algorithm and also to try to break into the cipher.

Organized Crime and Terrorism: From the Cells Towards Political Communication, A Case Study

During the first half of 2006 the city of Sao Paulo suffered three series of violent attacks against the security forces, civilians, and the government. The violent campaign also included a massive rebellion in prisons and culminated in the kidnapping of a journalist and the broadcast of a manifesto from the criminal organization PCC threatening the police and the government. Right after, the main device used to contain organized crime in the prisons was declared unconstitutional. This episode represents a prototypical example of the use of media-focused terrorism by organized crime for projection into the political communication arena.

Political Parties and Governors as Determinants of Legislative Behavior in Brazil`s Chamber of Deputies, 1988-2006

This article examines the relative importance of regional and national forces in shaping the behavior of Brazilian legislators at the national level. A widely held view is that national legislators respond to state pressures in making decisions, rather than pressures from the national government. Governors not only can influence national debates but also can determine outcomes by exerting control over their states` legislative delegations. This article examines a dataset of all roll-call votes in the Chamber of Deputies between 1989 and 2006 to isolate and evaluate the impact of local pressures on legislative voting. Spanning the terms of five presidents and five different congresses, the data show that the local influence is weaker than the national on the voting decisions of individual legislators and the voting cohesion of state delegations. Alternative institutional resources allow the central government to counteract the centrifugal pressures of federalism and other institutional influences.

Letters that construct limits: intellectual and political projects in the letters of Capistrano de Abreu to Barao do Rio Branco (1886-1903)

The intention of this paper is to analyze the letters from Capistrano de Abreu to Barao do Rio Branco in the years between 1886 and 1903. The focus will be given to the divergences around the notion of territorial formation, a basic concept for these authors who were thinking about the construction of a historical narrative at the end of the 19(th) and beginning of the 20(th) century. Later, the question is the construction of the craft of the historian in the letters of Capistrano de Abreu and his distinction and proximity to the ideas of the Barao do Rio Branco.