Scalable model-based configuration management of security services in complex enterprise networks

Security administrators face the challenge of designing, deploying and maintaining a variety of configuration files related to security systems, especially in large-scale networks. These files have heterogeneous syntaxes and follow differing semantic concepts. Nevertheless, they are interdependent due to security services having to cooperate and their configuration to be consistent with each other, so that global security policies are completely and correctly enforced. To tackle this problem, our approach supports a comfortable definition of an abstract high-level security policy and provides an automated derivation of the desired configuration files. It is an extension of policy-based management and policy hierarchies, combining model-based management (MBM) with system modularization. MBM employs an object-oriented model of the managed system to obtain the details needed for automated policy refinement. The modularization into abstract subsystems (ASs) segment the system-and the model-into units which more closely encapsulate related system components and provide focused abstract views. As a result, scalability is achieved and even comprehensive IT systems can be modelled in a unified manner. The associated tool MoBaSeC (Model-Based-Service-Configuration) supports interactive graphical modelling, automated model analysis and policy refinement with the derivation of configuration files. We describe the MBM and AS approaches, outline the tool functions and exemplify their applications and results obtained. Copyright (C) 2010 John Wiley & Sons, Ltd.

An Architectural Description Language for Enterprise Computing

Architectural description languages (ADLs) are used to specify high-level, compositional view of a software application. ADLs usually come equipped with a rigourous state-transition style semantics, facilitating specification and analysis of distributed and event-based systems. However, enterprise system architectures built upon newer middleware (implementations of Java’s EJB specification, or Microsoft’s COM+/ .NET) require additional expressive power from an ADL. The TrustME ADL is designed to meet this need. In this paper, we describe several aspects of TrustME that facilitate specification and anlysis of middleware-based architectures for the enterprise.

Organizations redesign and building of information systems

Develop software is still a risky business. After 60 years of experience, this community is still not able to consistently build Information Systems (IS) for organizations with predictable quality, within previously agreed budget and time constraints. Although software is changeable we are still unable to cope with the amount and complexity of change that organizations demand for their IS. To improve results, developers followed two alternatives: Frameworks that increase productivity but constrain the flexibility of possible solutions; Agile ways of developing software that keep flexibility with less upfront commitments. With strict frameworks, specific hacks have to be put in place to get around the framework construction options. In time this leads to inconsistent architectures that are harder to maintain due to incomplete documentation and human resources turnover. The main goals of this work is to create a new way to develop flexible IS for organizations, using web technologies, in a faster, better and cheaper way that is more suited to handle organizational change. To do so we propose an adaptive object model that uses a new ontology for data and action with strict normalizing rules. These rules should bound the effects of changes that can be better tested and therefore corrected. Interfaces are built with templates of resources that can be reused and extended in a flexible way. The “state of the world” for each IS is determined by all production and coordination acts that agents performed over time, even those performed by external systems. When bugs are found during maintenance, their past cascading effects can be checked through simulation, re-running the log of transaction acts over time and checking results with previous records. This work implements a prototype with part of the proposed system in order to have a preliminary assessment its feasibility and limitations.

A gestão da informação sob a luz do Enterprise Content Management (ECM): um estudo de caso em uma universidade pública

This work involves the organization and content perspectives on Enterprise Content Management (ECM) framework. The case study at the Federal University of Rio Grande do Norte was based on ECM model to analyse the information management provided by the three main administrative systems: The Integrated Management of Academic Activities (SIGAA), Integrated System of Inheritance, and Contracts Administration (SIPAC) and the Integrated System for Administration and Human Resources (SIGRH). A case study protocol was designed to provide greater reliability to research process. Four propositions were examined in order to reach the specific objectives of identification and evaluation of ECM components from UFRN perspective. The preliminary phase provided the guidelines for the data collection. In total, 75 individuals were interviewed. Interviews with four managers directly involved on systems design were recorded (average duration of 90 minutes). The 70 remaining individuals were approached in random way in UFRN s units, including teachers, administrative-technical employees and students. The results showed the presence of many ECM elements in the management of UFRN administrative information. The technological component with higher presence was "management of web content / collaboration". But initiatives of other components (e.g. email and document management) were found and are in continuous improvement. The assessment made use of eQual 4.0 to examine the effectiveness of applications under three factors: usability, quality of information and offered service. In general, the quality offered by the systems was very good and walk side by side with the obtained benefits of ECM strategy adoption in the context of the whole institution

Uma análise de aspectos relacionados ao desenvolvimento e adoção de Enterprise Resources Planning livre de código aberto

Sistemas Integrados de Gestão ou Enterprise Resources Planning - ERP possibilitam o processamento das informações necessárias em uma empresa usando um único banco de dados. Muito tem se escrito sobre este tipo de software, abordando questões como o alto custo da aquisição de licenças, e a dependência de consultoria para a sua adaptação e implantação nas empresas. Atualmente vem crescendo o desenvolvimento e uso de ERP Livre de Código Aberto (FOS-ERP). Porém verifica-se que este tipo de sistema ainda não é suficientemente explorado, mesmo no meio acadêmico. Este artigo relata alguns trabalhos publicados sobre o assunto e levanta questões que devem ser tratadas por pesquisadores e demais interessados para adequar e viabilizar o uso desses sistemas conforme a realidade nacional. Assim, após uma introdução ao tema, são apresentadas algumas diferenças entre o FOS-ERP e seus equivalentes proprietários (Proprietary ERP ou P-ERP) em termos de modelos de negócios, seleção, customização e evolução. em seguida são elencados alguns desafios e oportunidades que o FOS-ERP pode oferecer a usuários, fornecedores, pesquisadores e colaboradores individuais. Concluindo, este artigo busca ampliar a discussão sobre FOS-ERP, destacando fatores tais como seu potencial de inovação tecnológica e estratégias de negócios.

The application of distributed virtual machines for enterprise computer management: A two-tier network file system for image provisioning and management

In order to simplify computer management, several system administrators are adopting advanced techniques to manage software configuration of enterprise computer networks, but the tight coupling between hardware and software makes every PC an individual managed entity, lowering the scalability and increasing the costs to manage hundreds or thousands of PCs. Virtualization is an established technology, however its use is been more focused on server consolidation and virtual desktop infrastructure, not for managing distributed computers over a network. This paper discusses the feasibility of the Distributed Virtual Machine Environment, a new approach for enterprise computer management that combines virtualization and distributed system architecture as the basis of the management architecture. © 2008 IEEE.

Utilizing cross-domain SOAP Web services using client-side languages in an enterprise mashup platform

Service oriented architectures (SOA) based on Simple Object Access Protocol (SOAP) Web services have attracted the attention of enterprises mainly for business-to-business integration and to create composite applications that execute business processes. An existing problem is the lack of preoccupation with non technical users due to the fact that to create a composite application to fulfill users needs, it is necessary to be in contact with IT staff. To overcome this issue, enterprises can take advantage of web 2.0, 'introducing in the development stage some technologies like mashups and some concepts like user empowerment, collaborative work and collective intelligence. Some results [3] [13] have shown how web 2.0 concepts can help non technical users to produce relative complex business processes. However, traditional enterprise requirements goes beyond typical web 2.0 solutions in several aspects: (1) traditional enterprise systems are based on heterogeneous stack of technologies that are not directly exploitable from a web-based client (where SOAP web services play an important role); (2) web browsers set some cross-domain security constraints making difficult to integrate services from diverse domains. In this paper, a contribution to two web 2.0 research projects [14] [15] partially solves the problems described: provide a way to invoke cross-domain backend services (based on SOAP technologies) directly only using clientside languages, without a need for any adaptation layer. © 2010 ACM.

The infuence of production systems in postponement make-to-stock compagny in the graphic industry

The supply chain management, postponement and demand management operations are of strategic importance to the economic success of organizations because they directly influence the production process. The aim of this paper is to analyze the influence of the postponement in an enterprise production system with make-to-stock and with seasonal demand. The research method used was a case study, the instruments of data collection were semi-structured interviews, document analysis and site visits. The research is based on the following issues: Demand Management which can be understood as a practice that allows you to manage and coordinate the supply chain in reverse, in which consumers trigger actions for the delivery of products. The Supply Chain Management is able to allow the addition of value, exceeding the expectations of consumers, developing a relationship with suppliers and customer's win-win. The Postponement strategy must fit the characteristics of markets that require variety of customized products and services, lower cost and higher quality, aiming to support decision making. The production system make-to-stock shows enough interest to organizations that are operating in markets with high demand variability. © 2011 IEEE.

Drivers of change in animal protein production systems: changes from 'traditional' to 'modern' beef cattle production systems in Brazil

Until 1990, beef cattle production in Brazil was recognized as an enterprise of low investment, low cost of production, as well as an extensive production system that used large land areas to be economically feasible. The situation changed for the Brazilian beef market when the economy stabilized in 1994 and all sectors involved in the beef supply chain were able to predict their associated costs and profits. During the same period, purchasing power of the Brazilian population grew, and as a consequence, consumers began to demand higher quality beef products. This new scenario in the late 1990s and early 2000s has led to more intensive beef production systems in Brazil as well as the need for a greater understanding of how technologies might be applied. As consequence of this evolution, in the last five years, a necessity to increase beef production has occurred. The quality of Brazilian beef has improved compared with beef produced 15 years ago, but continued improvements are needed to achieve excellence in terms of large-scale production of high quality beef, be sustainable over a long period of time, and increase our contribution to global food security.

A Unified Framework for e-Commerce Systems Development : Business Process Pattern Perspective

In electronic commerce, systems development is based on two fundamental types of models, business models and process models. A business model is concerned with value exchanges among business partners, while a process model focuses on operational and procedural aspects of business communication. Thus, a business model defines the what in an e-commerce system, while a process model defines the how. Business process design can be facilitated and improved by a method for systematically moving from a business model to a process model. Such a method would provide support for traceability, evaluation of design alternatives, and seamless transition from analysis to realization. This work proposes a unified framework that can be used as a basis to analyze, to interpret and to understand different concepts associated at different stages in e-Commerce system development. In this thesis, we illustrate how UN/CEFACT’s recommended metamodels for business and process design can be analyzed, extended and then integrated for the final solutions based on the proposed unified framework. Also, as an application of the framework, we demonstrate how process-modeling tasks can be facilitated in e-Commerce system design. The proposed methodology, called BP3 stands for Business Process Patterns Perspective. The BP3 methodology uses a question-answer interface to capture different business requirements from the designers. It is based on pre-defined process patterns, and the final solution is generated by applying the captured business requirements by means of a set of production rules to complete the inter-process communication among these patterns.

Meta-models, environment and layers: agent-oriented engineering of complex systems

Traditional software engineering approaches and metaphors fall short when applied to areas of growing relevance such as electronic commerce, enterprise resource planning, and mobile computing: such areas, in fact, generally call for open architectures that may evolve dynamically over time so as to accommodate new components and meet new requirements. This is probably one of the main reasons that the agent metaphor and the agent-oriented paradigm are gaining momentum in these areas. This thesis deals with the engineering of complex software systems in terms of the agent paradigm. This paradigm is based on the notions of agent and systems of interacting agents as fundamental abstractions for designing, developing and managing at runtime typically distributed software systems. However, today the engineer often works with technologies that do not support the abstractions used in the design of the systems. For this reason the research on methodologies becomes the basic point in the scientific activity. Currently most agent-oriented methodologies are supported by small teams of academic researchers, and as a result, most of them are in an early stage and still in the first context of mostly \academic" approaches for agent-oriented systems development. Moreover, such methodologies are not well documented and very often defined and presented only by focusing on specific aspects of the methodology. The role played by meta- models becomes fundamental for comparing and evaluating the methodologies. In fact a meta-model specifies the concepts, rules and relationships used to define methodologies. Although it is possible to describe a methodology without an explicit meta-model, formalising the underpinning ideas of the methodology in question is valuable when checking its consistency or planning extensions or modifications. A good meta-model must address all the different aspects of a methodology, i.e. the process to be followed, the work products to be generated and those responsible for making all this happen. In turn, specifying the work products that must be developed implies dening the basic modelling building blocks from which they are built. As a building block, the agent abstraction alone is not enough to fully model all the aspects related to multi-agent systems in a natural way. In particular, different perspectives exist on the role that environment plays within agent systems: however, it is clear at least that all non-agent elements of a multi-agent system are typically considered to be part of the multi-agent system environment. The key role of environment as a first-class abstraction in the engineering of multi-agent system is today generally acknowledged in the multi-agent system community, so environment should be explicitly accounted for in the engineering of multi-agent system, working as a new design dimension for agent-oriented methodologies. At least two main ingredients shape the environment: environment abstractions - entities of the environment encapsulating some functions -, and topology abstractions - entities of environment that represent the (either logical or physical) spatial structure. In addition, the engineering of non-trivial multi-agent systems requires principles and mechanisms for supporting the management of the system representation complexity. These principles lead to the adoption of a multi-layered description, which could be used by designers to provide different levels of abstraction over multi-agent systems. The research in these fields has lead to the formulation of a new version of the SODA methodology where environment abstractions and layering principles are exploited for en- gineering multi-agent systems.

Recovery and Analysis of Transaction Scope from Scattered Information in Java Enterprise Applications

Java Enterprise Applications (JEAs) are large systems that integrate multiple technologies and programming languages. Transactions in JEAs simplify the development of code that deals with failure recovery and multi-user coordination by guaranteeing atomicity of sets of operations. The heterogeneous nature of JEAs, however, can obfuscate conceptual errors in the application code, and in particular can hide incorrect declarations of transaction scope. In this paper we present a technique to expose and analyze the application transaction scope in JEAs by merging and analyzing information from multiple sources. We also present several novel visualizations that aid in the analysis of transaction scope by highlighting anomalies in the specification of transactions and violations of architectural constraints. We have validated our approach on two versions of a large commercial case study.