Scalable model-based configuration management of security services in complex enterprise networks

Security administrators face the challenge of designing, deploying and maintaining a variety of configuration files related to security systems, especially in large-scale networks. These files have heterogeneous syntaxes and follow differing semantic concepts. Nevertheless, they are interdependent due to security services having to cooperate and their configuration to be consistent with each other, so that global security policies are completely and correctly enforced. To tackle this problem, our approach supports a comfortable definition of an abstract high-level security policy and provides an automated derivation of the desired configuration files. It is an extension of policy-based management and policy hierarchies, combining model-based management (MBM) with system modularization. MBM employs an object-oriented model of the managed system to obtain the details needed for automated policy refinement. The modularization into abstract subsystems (ASs) segment the system-and the model-into units which more closely encapsulate related system components and provide focused abstract views. As a result, scalability is achieved and even comprehensive IT systems can be modelled in a unified manner. The associated tool MoBaSeC (Model-Based-Service-Configuration) supports interactive graphical modelling, automated model analysis and policy refinement with the derivation of configuration files. We describe the MBM and AS approaches, outline the tool functions and exemplify their applications and results obtained. Copyright (C) 2010 John Wiley & Sons, Ltd.

Landscape and farm scale management to enhance biodiversity conservation in the cocoa producing region of southern Bahia, Brazil

In southern Bahia, Brazil, large land areas are used for the production of cocoa (Theobroma cacao), which is predominantly grown under the shade of native trees in an agroforestry system locally known as cabruca. As a dominant forest-like landscape element of the cocoa region, the cabrucas play an important role in the conservation of the region`s biodiversity. The purpose of this review is to provide the scientific basis for an action plan to reconcile cocoa production and biodiversity conservation in southern Bahia. The available research collectively highlights the diversity of responses of different species and biological groups to both the habitat quality of the cabrucas themselves and to the general characteristics of the landscape, such as the relative extent and spatial configuration of different vegetation types within the landscape mosaic. We identify factors that influence directly or indirectly the occurrence of native species in the cabrucas and the wider landscape of the cocoa region and develop recommendations for their conservation management. We show that the current scientific knowledge already provides a good basis for a biodiversity friendly management of the cocoa region of southern Bahia, although more work is needed to refine some management recommendations, especially on shade canopy composition and density, and verify their economic viability. The implementation of our recommendations should be accompanied by appropriate biological and socioeconomic monitoring and the findings should inform a broad program of adaptive management of the cabrucas and the wider cocoa landscape.

Formal validation of automated policy refinement in the management of network security systems

Policy hierarchies and automated policy refinement are powerful approaches to simplify administration of security services in complex network environments. A crucial issue for the practical use of these approaches is to ensure the validity of the policy hierarchy, i.e. since the policy sets for the lower levels are automatically derived from the abstract policies (defined by the modeller), we must be sure that the derived policies uphold the high-level ones. This paper builds upon previous work on Model-based Management, particularly on the Diagram of Abstract Subsystems approach, and goes further to propose a formal validation approach for the policy hierarchies yielded by the automated policy refinement process. We establish general validation conditions for a multi-layered policy model, i.e. necessary and sufficient conditions that a policy hierarchy must satisfy so that the lower-level policy sets are valid refinements of the higher-level policies according to the criteria of consistency and completeness. Relying upon the validation conditions and upon axioms about the model representativeness, two theorems are proved to ensure compliance between the resulting system behaviour and the abstract policies that are modelled.

Software maintenance project delays prediction using Bayesian Networks

Managing software maintenance is rarely a precise task due to uncertainties concerned with resources and services descriptions. Even when a well-established maintenance process is followed, the risk of delaying tasks remains if the new services are not precisely described or when resources change during process execution. Also, the delay of a task at an early process stage may represent a different delay at the end of the process, depending on complexity or services reliability requirements. This paper presents a knowledge-based representation (Bayesian Networks) for maintenance project delays based on specialists experience and a corresponding tool to help in managing software maintenance projects. (c) 2006 Elsevier Ltd. All rights reserved.