Model-Based Development of firewall rule sets: Diagnosing model inconsistencies

The design and management of firewall rule sets is a very difficult and error-prone task because of the difficulty of translating access control requirements into complex low-level firewall languages. Although high-level languages have been proposed to model firewall access control lists, none has been widely adopted by the industry. We think that the main reason is that their complexity is close to that of many existing low-level languages. In addition, none of the high-level languages that automatically generate firewall rule sets verifies the model prior to the code-generation phase. Error correction in the early stages of the development process is cheaper compared to the cost associated with correcting errors in the production phase. In addition, errors generated in the production phase usually have a huge impact on the reliability and robustness of the generated code and final system.In this paper, we propose the application of the ideas of Model-Based Development to firewall access control list modelling and automatic rule set generation. First, an analysis of the most widely used firewall languages in the industry is conducted. Next, a Platform-Independent Model for firewall ACLs is proposed. This model is the result of exhaustive analysis and of a discussion of different alternatives for models in a bottom-up methodology. Then, it is proposed that a verification stage be added in the early stages of the Model-Based Development methodology, and a polynomial time complexity process and algorithms are proposed to detect and diagnose inconsistencies in the Platform-Independent Model. Finally, a theoretical complexity analysis and empirical tests with real models were conducted, in order to prove the feasibility of our proposal in real environments.     

AN ACL FOR SPECIFYING FAULT-TOLERANT PROTOCOLS

Agent communication languages (ACLs) should allow the developer to adopt human-like communication mechanisms in agent programming, facilitating the development of distributed protocols in multi-agent systems (MASs). However, to implement robust protocols, ACLs should provide a way to deal with the failures of agents, as MASs are prone to the same failures that can occur in any distributed software system. In this paper, we address this issue showing how an asynchronous ACL that provides high-level mechanisms to deal with crash failures of agents can be effectively used to specify fault tolerant protocols.     

An Observation Approach to the Semantics of Agent Communication Languages

We show how a formal framework for the observation issue in computer systems can be used for the specification of an agent behavior, abstracting away from agent inner details while focusing on its interactive behavior. This model can also be used as a specification of agent communication languages (ACLs), providing the proper abstraction level to represent the conditions causing an agent to send a message, as well as its effect on the receiving agent. In particular, this approach generalizes upon existing ACL semantics, such as FIPA ACL, that relate agent communicative acts to the agent mental state. Since the observation framework induces a more abstract architecture than other known approaches, our semantics are likely to be applicable to a wider set of agent architectures, thus better supporting standardization aims. Some application examples are shown, describing how various aspects of ACL semantics can be specified within our framework.     

Negotiating language barriers – a methodology for cross-organisational conceptual modelling

In common scenarios conceptual modelling is a methodology that – using semi-formal languages – has a high degree of freedom and is used to visualise certain aspects of a problem domain. However, especially in cross-organisational or international scenarios this freedom leads to many inconsistencies and conflicts. Therefore the restriction of the freedom of modelling is often discussed in the literature to counter the missing standardisation and to enhance the comparability of models. However, to be able to express certain concepts embedded within some distinguished environment (purpose, culture, infrastructure, language, terminology) models have to be domain-specific on the one hand, but comparable to models in other domains on the other hand. In this article a new approach is presented that offers a framework for restricted modelling without destroying the adaptability to certain different domains. The methodology includes an algorithm for comparing models in different domains and is therefore capable to not only dissolve certain standard comparability conflicts but also the domain conflict.     

Agent通信语言综述

作为Agent间通信的关键,Agent通信语言(AgentCommunicationLanguage,ACL)已经得到学术界和企业界的广泛研究。在综合分析国内外有关ACL文献的基础上,总结了ACL的起源和发展,设计了ACL的基本框架;并在此框架基础上,分析比较了各种ACL,尤其对两种主流ACL:KQML(KnowledgeQueryandManagementLanguage)和FIPAACL(TheFoundationforIntelligentPhysicalAgentsACL)进行比较分析,最后对ACL研究热点做了总结,概括了可能的进一步研究方向。     

一种基于元模型的访问控制策略描述语言

为了保护云资源的安全,防止数据泄露和非授权访问,必须对云平台的资源访问实施访问控制.然而,目前主流云平台通常采用自己的安全策略语言和访问控制机制,从而造成两个问题:(1)云用户若要使用多个云平台,则需要学习不同的策略语言,分别编写安全策略;(2)云服务提供商需要自行设计符合自己平台的安全策略语言及访问控制机制,开发成本较高.对此,提出一种基于元模型的访问控制策略描述语言PML及其实施机制PML-EM.PML支持表达BLP、RBAC、ABAC等访问控制模型.PML-EM实现了3个性质:策略语言无关性、访问控制模型无关性和程序设计语言无关性,从而降低了用户编写策略的成本与云服务提供商开发访问控制机制的成本.在OpenStack云平台上实现了PML-EM机制.实验结果表明,PML策略支持从其他策略进行自动转换,在表达云中多租户场景时具有优势.性能方面,与OpenStack原有策略相比,PML策略的评估开销为4.8%.PML-EM机制的侵入性较小,与云平台原有代码相比增加约0.42%.     

Crash failure detection in asynchronous agent communication languages

Agent Communication Languages (ACLs) have been developed to provide a way for agents to communicate with each other supporting cooperation in Multi-Agent Systems (MAS). In the past few years many ACLs have been proposed for MAS and new standards are emerging such as the ACL developed by the Foundation for Intelligent Physical Agents (FIPA). Despite these efforts, an important issue in the research on ACLs is still open and concerns how these languages should deal with failures of agents in asynchronous MAS. The Fault Tolerant Agent Communication Language ( - ) presented in this paper addresses this issue dealing with crash failures of agents. - provides high-level communication primitives which support a fault-tolerant anonymous interaction protocol designed for open MAS. We present a formal semantics for - and a formal specification of the underlying agent architecture. This formal framework allows us to prove that the ACL satisfies a set of well defined knowledge-level programming requirements. To illustrate the language features we show how - can be effectively used to write high-level executable specifications of fault tolerant protocols, such as the Contract Net one.     

On the reuse and recommendation of model refactoring specifications

Refactorings can be used to improve the structure of software artefacts while preserving the semantics of the encapsulated information. Various types of refactorings have been proposed and implemented for programming languages (e.g., Java or C#). With the advent of (MDSD), a wealth of modelling languages rises and the need for restructuring models similar to programs has emerged. Since parts of these modelling languages are often very similar, we consider it beneficial to reuse the core transformation steps of refactorings across languages. In this sense, reusing the abstract transformation steps and the abstract participating elements suggests itself. Previous work in this field indicates that refactorings can be specified generically to foster their reuse. However, existing approaches can handle certain types of modelling languages only and solely reuse refactorings once per language. In this paper, a novel approach based on role models to specify generic refactorings is presented. Role models are suitable for this problem since they support declaration of roles which have to be played in a certain context. Assigned to generic refactoring, contexts are different refactorings and roles are the participating elements. We discuss how this resolves the limitations of previous works, as well as how specific refactorings can be defined as extensions to generic ones. The approach was implemented in our tool Refactory based on the (EMF) and evaluated using multiple modelling languages and refactorings. In addition, this paper investigates on the recommendation of refactoring specifications. This is motivated by the fact that language designers have many possibilities to enable refactorings in their modelling languages with regard to the language structures. To overcome this problem and to support language designers in deciding which refactorings to enable, we propose a solution and a prototypical implementation.     

A novel three-tiered visualization approach for firewall rule validation

Firewall is one of the most critical elements of the current Internet, which can protect the entire network against attacks and threats. While configuring the firewalls, rule configuration has to conform to, or say be consistent with, the demands of the network security policies such that the network security would not be flawed. For the security consistency, firewall rule editing, ordering, and distribution must be done very carefully on each of the cooperative firewalls, especially in a large-scale and multifirewall-equipped network. Nevertheless, a network operator is prone to incorrectly configure the firewalls because there are typically thousands or hundreds of filtering/admission rules (i.e., rules in the Access Control List file, or ACL for short), which could be set up in a firewall; not mentioning these rules among firewalls affect mutually and can make the matter worse. Under this situation, the network operator would hardly know his/her misconfiguration until the network functions beyond the expectation. For this reason, our work is to build a visualized validation system for facilitating the check of security consistency between the rule configuration of firewalls and the demands of network security policies. To do so, the developed validation system utilizes a three-tiered visualization hierarchy along with different compound viewpoints to provide users with a complete picture of firewalls and relationships among them for error debugging and anomaly removal. In addition, in this paper, we also enumerate the source of security inconsistency while setting ACLs and make use of it as a basis of the design of our visualization model. Currently, part of the firewall configuration of our campus network has been used as our system's input to demonstrate our system's implementation.     

Linux下基于Netfilter/iptables防火墙的构建

随着Internet的普及,网络的安全显得尤为重要。Linux提供的基于Netfilter/iptables的防火墙,具有通用性和可扩展的特点,实现了一种性价比较高的安全方案,可以有效地阻止恶意攻击,成为很多网络管理员的选择。该文首先阐述了Netfilter/iptables防火墙的工作原理,然后详细介绍了iptables的用法和各规则链的作用,最后用实例说明如何利用iptables建立功能强大的防火墙,有效防范外部攻击,保护内部网络安全。     

Representation and analysis of enterprise models with semantic techniques: an application to ArchiMate,e3value and business model canvas

Enterprise models assist the governance and transformation of organizations through the specification, communication and analysis of strategy, goals, processes, information, along with the underlying application and technological infrastructure. Such models cross-cut different concerns and are often conceptualized using domain-specific modelling languages. This paper explores the application of graph-based semantic techniques to specify, integrate and analyse multiple, heterogeneous enterprise models. In particular, the proposal described in this paper (1) specifies enterprise models as ontological schemas, (2) uses transformation mapping functions to integrate the ontological schemas and (3) analyses the integrated schemas with graph querying and logical inference. The proposal is evaluated through a scenario that integrates three distinct enterprise modelling languages: the business model canvas, e3value, and the business layer of the ArchiMate language. The results show, on the one hand, that the graph-based approach is able to handle the specification, integration and analysis of enterprise models represented with different modelling languages and, on the other, that the integration challenge resides in defining appropriate mapping functions between the schemas.     

On function languages and parallel computers

This paper is a discussion of functional languages and parallel computers. It is aimed at an audience that has a background in computer architecture, but not necessarily in the area of functional languages. It therefore constitutes an introductory survey of functional languages, on the one hand, and a non-introductory discussion of parallel computers, on the other. The aim is to highlight some important issues regarding the use of adequacy of these languages and also on the design of parallel computers to interpret them. The concluding thesis of put forth is twofold: one, that to widen their scope of applicability, functional languages need to include more features of nondeterminism and may need to be integrated with features from conventional languages; two, that the right sort of architectures for such extended languages may well be less-specialised ones with a von Neumann flavour.     

Capability-based egress network access control by using DNS server

In conventional egress network access control (NAC) based on access control lists (ACLs), modifying the ACLs is a heavy task for administrators. To enable configuration without a large amount of administrators’ effort, we introduce capabilities to egress NAC. In our method, a user can transfer his/her access rights (capabilities) to other persons without asking administrators. To realize our method, we use a DNS cache server and a router. A resolver of the client sends the user name, domain name, and service name to the DNS cache server. The DNS server issues capabilities according to a policy and sends them to the client. The client puts these capabilities into the IP options of packets and sends them to the router. The router verifies the capabilities, and determines whether to pass or block the packets. In this paper, we describe the design and implementation of our method in detail. Experimental results show that our method does not reduce the router's performance.     

Web服务环境中的业务过程建模语言比较框架

基于Web服务的价值链集成越来越受到人们的重视,相应的业务过程建模语言成为研究的焦点,各具特色的业务过程建模语言不断出现,对语言的研究、分析和比较已经成为基于Web服务的信息系统集成研究和开发中的一个重要问题。该文在分析Web服务环境下系统集成的体系结构模型基础上,提出了一个Web服务环境下业务过程建模语言比较框架,作为验证,对常见的建模语言进行了比较分析和评述。