Platform Architectures for Policy-Based Network Access Control

Tämä diplomityö käsittelee sääntöpohjaisen verkkoon pääsyn hallinnan (NAC) ratkaisuja arkkitehtonisesta näkökulmasta. Työssä käydään läpi Trusted Computing Groupin, Microsoft Corporationin, Juniper Networksin sekä Cisco Systemsin NAC-ratkaisuja. NAC koostuu joukosta uusia sekä jo olemassa olevia teknologioita, jotka auttavat ennalta määriteltyyn sääntökantaan perustuen hallitsemaan suojattuun verkkoon pyrkivien laitteiden tietoliikenneyhteyksiä. Käyttäjän tunnistamisen lisäksi NAC pystyy rajoittamaan verkkoon pääsyä laitekohtaisten ominaisuuksien perusteella, esimerkiksi virustunnisteisiin ja käyttöjärjestelmäpäivityksiin liittyen ja paikkaamaan tietyin rajoituksin näissä esiintyviä puutteita verkkoon pääsyn sallimiseksi. NAC on verraten uusi käsite, jolta puuttuu tarkka määritelmä. Tästä johtuen nykymarkkinoilla myydään ominaisuuksiltaan puutteellisia tuotteita NAC-nimikkeellä. Standardointi eri valmistajien NAC-komponenttien yhteentoimivuuden takaamiseksi on meneillään, minkä perusteella ratkaisut voidaan jakaa joko avoimia standardeja tai valmistajakohtaisia standardeja noudattaviksi. Esitellyt NAC-ratkaisut noudattavat standardeja joko rajoitetusti tai eivät lainkaan. Mikään läpikäydyistä ratkaisuista ei ole täydellinen NAC, mutta Juniper Networksin ratkaisu nousee niistä potentiaalisimmaksi jatkokehityksen ja -tutkimuksen kohteeksi TietoEnator Processing & Networks Oy:lle. Eräs keskeinen ongelma NAC-konseptissa on työaseman tietoverkolle toimittama mahdollisesti valheellinen tietoturvatarkistuksen tulos, minkä perusteella pääsyä osittain hallitaan. Muun muassa tähän ongelmaan ratkaisuna voisi olla jo nykytietokoneista löytyvä TPM-siru, mikä takaa tiedon oikeellisuuden ja koskemattomuuden.

Current United States stem cell policy considerations and a recommendation for an alternative policy based on guidelines from existing international policies

Embryonic stem cell research is a widely debated topic in modern politics and religion. Differing views on the fetal rights conflict with the rights of an embryo. Those who believe an embryo has the same human qualities as a fetus accordingly believe embryonic stem cell research is unethical because it destroys a potential human life. However, scientists advocate the embryo does not have human qualities and should be used for valuable research in the stem cell field. Stem cell research may lead to vast developments in medical treatments, including cancer and brain conditions and injuries that are currently incurable. ^ The current stem cell policy introduced by President Bush in 2001 in an attempt to balance the moral issues with the need for scientific research has broad negative implications on the furthering of stem cell research. There is a limited diversity of available stem cell lines, there may be constitutional issues, there is an increasing disparity between the public and private research spheres, and the U.S. is struggling to maintain its scientific community. The U.S. must develop a new stem cell research policy that will balance the interest of science and public health with the moral issues that concern the public. ^ The United Kingdom allows researchers great liberty in conducting research, permitting the creation of embryos for the sole purpose of research, while Germany is equally conservative in their laws, as their policies support the philosophy that all embryos deserve the protection of full life. The United States should adopt a policy that takes the "middle ground" approach and permit research on excess embryos created for IVF purposes, rather than simply discarding those potentially valuable research tools. ^

American foreign policy, based upon statements of presidents and secretaries of state of the United States and of publicists of the American republics,

Mode of access: Internet.

Methods for conflict resolution in policy-based management systems

While developments in distributed object computing environments, such as the Common Object Request Broker Architecture (CORBA) [17] and the Telecommunication Intelligent Network Architecture (TINA) [16], have enabled interoperability between domains in large open distributed systems, managing the resources within such systems has become an increasingly complex task. This challenge has been considered for several years within the distributed systems management research community and policy-based management has recently emerged as a promising solution. Large evolving enterprises present a significant challenge for policy-based management partly due to the requirement to support both mutual transparency and individual autonomy between domains [2], but also because the fluidity and complexity of interactions occurring within such environments requires an ability to cope with the coexistence of multiple, potentially inconsistent policies. This paper discusses the need of providing both dynamic (run-time) and static (compile-time) conflict detection and resolution for policies in such systems and builds on our earlier conflict detection work [7, 8] to introduce the methods for conflict resolution in large open distributed systems.

Interoperable resource brokering with policy-based provisioning and job allocation

The increasing needs for computational power in areas such as weather simulation, genomics or Internet applications have led to sharing of geographically distributed and heterogeneous resources from commercial data centers and scientific institutions. Research in the areas of utility, grid and cloud computing, together with improvements in network and hardware virtualization has resulted in methods to locate and use resources to rapidly provision virtual environments in a flexible manner, while lowering costs for consumers and providers. ^ However, there is still a lack of methodologies to enable efficient and seamless sharing of resources among institutions. In this work, we concentrate in the problem of executing parallel scientific applications across distributed resources belonging to separate organizations. Our approach can be divided in three main points. First, we define and implement an interoperable grid protocol to distribute job workloads among partners with different middleware and execution resources. Second, we research and implement different policies for virtual resource provisioning and job-to-resource allocation, taking advantage of their cooperation to improve execution cost and performance. Third, we explore the consequences of on-demand provisioning and allocation in the problem of site-selection for the execution of parallel workloads, and propose new strategies to reduce job slowdown and overall cost.^

A framework for policy based coordinated adaptation in mobile systems

Adaptation is an important requirement for mobile applications due to the varying levels of resource availability that characterizes mobile environments. However without proper control, multiple applications can each adapt independently in response to a range of different adaptive stimuli, causing conflicts or sub optimal performance. In this thesis we presented a framework, which enables multiple adaptation mechanisms to coexist on one platform. The key component of this framework was the 'Policy Server', which has all the system policies and governs the rules for adaptation. We also simulated our framework and subjected it to various adaptation scenarios to demonstrate the working of the system as a whole. With the help of the simulation it was shown that our framework enables seamless adaptation of multiple applications.

A PHR system with policy-based fine-grained access control and revocation mechanism

Collaborative sharing of information is becoming much more needed technique to achieve complex goals in today's fast-paced tech-dominant world. Personal Health Record (PHR) system has become a popular research area for sharing patients informa- tion very quickly among health professionals. PHR systems store and process sensitive information, which should have proper security mechanisms to protect patients' private data. Thus, access control mechanisms of the PHR should be well-defined. Secondly, PHRs should be stored in encrypted form. Cryptographic schemes offering a more suitable solution for enforcing access policies based on user attributes are needed for this purpose. Attribute-based encryption can resolve these problems, we propose a patient-centric framework that protects PHRs against untrusted service providers and malicious users. In this framework, we have used Ciphertext Policy Attribute Based Encryption scheme as an efficient cryptographic technique, enhancing security and privacy of the system, as well as enabling access revocation. Patients can encrypt their PHRs and store them on untrusted storage servers. They also maintain full control over access to their PHR data by assigning attribute-based access control to selected data users, and revoking unauthorized users instantly. In order to evaluate our system, we implemented CP-ABE library and web services as part of our framework. We also developed an android application based on the framework that allows users to register into the system, encrypt their PHR data and upload to the server, and at the same time authorized users can download PHR data and decrypt it. Finally, we present experimental results and performance analysis. It shows that the deployment of the proposed system would be practical and can be applied into practice.

Interoperable Resource Brokering with Policy-based Provisioning and Job Allocation

The increasing needs for computational power in areas such as weather simulation, genomics or Internet applications have led to sharing of geographically distributed and heterogeneous resources from commercial data centers and scientific institutions. Research in the areas of utility, grid and cloud computing, together with improvements in network and hardware virtualization has resulted in methods to locate and use resources to rapidly provision virtual environments in a flexible manner, while lowering costs for consumers and providers. However, there is still a lack of methodologies to enable efficient and seamless sharing of resources among institutions. In this work, we concentrate in the problem of executing parallel scientific applications across distributed resources belonging to separate organizations. Our approach can be divided in three main points. First, we define and implement an interoperable grid protocol to distribute job workloads among partners with different middleware and execution resources. Second, we research and implement different policies for virtual resource provisioning and job-to-resource allocation, taking advantage of their cooperation to improve execution cost and performance. Third, we explore the consequences of on-demand provisioning and allocation in the problem of site-selection for the execution of parallel workloads, and propose new strategies to reduce job slowdown and overall cost.

Service Management in IP Networks

IP-verkoissa tarjottavat palvelut ovat lisääntyneet, on tullut uusia kanavia, jotka tarjoavat IP-pohjaisia palveluja. Internet-palvelujen tarjonta on tullut mukaan kaapelitelevisio- ja matkapuhelinverkkoihin. Lisääntynyt palvelujen tarjonta ja kysyntä ovat lisänneet palvelujen hallinnan merkitystä. IP-verkoissa on ilmennyt turvallisuuteen, skaalattavuuteen ja palvelun laatuun liittyviä ongelmia. Palvelun laadun tärkeys painottuu reaaliaikaisuutta ja suurta kapasiteettia vaativissa sovelluksissa. Tulevaisuudessa IP-liikenteen on ennustettu kasvavan yli satakertaiseksi nykyisestä tasosta kolmen vuoden kuluessa. Tämän vuoksi on kehitetty uusi verkon ja palvelun hallintamenetelmiä, joista tässä työssä on tutkittu sääntöpohjaista verkon hallintaa.

Public policy and foreign-based enterprises in Britain prior to the Second World War

This article examines the early evolution of British policy, prior to the Second World War. The British government adopted an ‘open’ policy towards foreign direct investment (FDI), despite periodic fears that some foreign acquisitions of UK firms in key sectors might be detrimental to the national interest, and a few ad hoc attempts to deal with particular instances of this kind. During the 1930s, when the inflow of foreign firms accelerated following Britain's adoption of general tariff protection, the government developed a sophisticated admissions policy, based on an assessment of the likely net benefit of each applicant to the British economy. Its limited regulatory powers were used to maximize the potential of immigrant firms for technology transfer, enhanced competition, industrial diversification, and employment creation (particularly in the depressed regions), while protecting British industries suffering from excess capacity.

Modelos de avaliação da qualidade do atendimento na prestação de serviços públicos: aplicação da metodologia de scoping review à tomada de decisão com base na evidência (evidence-based management), na Administração Pública.

Dissertação apresentada como requisito parcial para obtenção do grau de Mestre em Estatística e Gestão de Informação