Change design and planning in networked systems based on reuse of knowledge and automation
Proper management of Information Technology (IT) resources and services has become imperative for the success of modern organizations. The IT Infrastructure Library (ITIL) represents, in this context, the most widely accepted framework to help achieve this end. Among the processes that compose ITIL, change management has an important role in defining best practices and processes for the efficient and prompt handling of IT changes. In practice, however, such changes are usually described and documented in an ad hoc fashion, due to the lack of proper support to assist the design process.
This hampers knowledge acquired when specifying, planning, and carrying out previous changes to be reused in subsequent requests, even though such reuse may result in fewer incidents and faster specification of change plans. To address this problem, in this paper we present a conceptual solution to support the design and planning of IT changes and explore the concept of change templates as a mechanism to formalize, preserve, and (re)use knowledge in the specification of (recurrent and similar) IT changes.
To prove concept and technical feasibility of the proposed solution, we have developed a prototypical implementation of a change management system called ChangeLedge and used it to carry out a set of experiments, considering typical IT changes. The results obtained indicate the effectiveness and efficiency of the system, which is able to generate accurate and actionable change plans in substantially less time than would be spent by a skilled human operator.
Tag : sciencedirect.com
7.25.2009
7.23.2009
Firewall Policy Verification and Troubleshooting
Firewall Policy Verification and Troubleshooting
Firewalls are important elements of enterprise security and have been the most widely adopted technology for protecting private networks. The quality of protection provided by a firewall mainly depends on the quality of its policy (i.e., configuration). However, due to the lack of tools for verifying and troubleshooting firewall policies, most firewalls on the Internet have policy errors.
A firewall policy can error either create security holes that will allow malicious traffic to sneak into a private network or block legitimate traffic disrupting normal traffic, which in turn could lead to diestrous consequences. We propose a firewall verification and troubleshooting tool in this paper. Our tool takes as input a firewall policy and a given property, then outputs whether the policy satisfies the property.
Furthermore, in the case that a firewall policy does not satisfy the property, our tool outputs which rules cause the verification failure. This provides firewall administrators a basis for how to fix the policy errors. Despite of the importance of verifying firewall policies and finding troublesome rules, they have not been explored in previous work. Due to the complex nature of firewall policies, designing algorithms for such a verification and troubleshooting tool is challenging.
In this paper, we designed and implemented a verification and troubleshooting algorithm using decision diagrams, and tested it on both real-life firewall policies and synthetic firewall policies of large sizes. The performance of the algorithm is sufficiently high that they can practically be used in the iterative process of firewall policy design, verification, and maintenance. The firewall policy troubleshooting algorithm proposed in this paper is not limited to firewalls. Rather, they can be potentially applied to other rule-based systems as well.
Tag : sciencedirect.com
Firewalls are important elements of enterprise security and have been the most widely adopted technology for protecting private networks. The quality of protection provided by a firewall mainly depends on the quality of its policy (i.e., configuration). However, due to the lack of tools for verifying and troubleshooting firewall policies, most firewalls on the Internet have policy errors.
A firewall policy can error either create security holes that will allow malicious traffic to sneak into a private network or block legitimate traffic disrupting normal traffic, which in turn could lead to diestrous consequences. We propose a firewall verification and troubleshooting tool in this paper. Our tool takes as input a firewall policy and a given property, then outputs whether the policy satisfies the property.
Furthermore, in the case that a firewall policy does not satisfy the property, our tool outputs which rules cause the verification failure. This provides firewall administrators a basis for how to fix the policy errors. Despite of the importance of verifying firewall policies and finding troublesome rules, they have not been explored in previous work. Due to the complex nature of firewall policies, designing algorithms for such a verification and troubleshooting tool is challenging.
In this paper, we designed and implemented a verification and troubleshooting algorithm using decision diagrams, and tested it on both real-life firewall policies and synthetic firewall policies of large sizes. The performance of the algorithm is sufficiently high that they can practically be used in the iterative process of firewall policy design, verification, and maintenance. The firewall policy troubleshooting algorithm proposed in this paper is not limited to firewalls. Rather, they can be potentially applied to other rule-based systems as well.
Tag : sciencedirect.com
7.21.2009
A Distributed Addressing and Routing System for Large Scale Wireless Sensor and Actor Networks
A Distributed Addressing and Routing System for Large Scale Wireless Sensor and Actor Networks
Wireless Sensor and Actor Networks (WSANs) are made up of a large number of sensing devices which are resource-impoverished nodes and powerful actuation devices: both are equipped with computation and communication capabilities. These devices cooperate to manage sensing and perform acting tasks. Numerous work conducted in the field of WSANs assumes the existence of addresses and routing infrastructure to validate their proposals.
However, assigning addresses and delivering detected events in these networks remains highly challenging, specifically due to the sheer number of nodes. To address these issues, this paper proposes SubCast, a novel distributed address assignment and routing scheme based on a Topic Clustering System and fractal theory Iterated Function Systems.
In order to minimize data delivery costs among actors, the proposed architecture first builds an actor overlay network before allocating addresses to network nodes. Location information in the allocated addresses allows establishing data delivery paths. Simulation results confirm that the proposed system efficiently guarantees the allocation of unique addresses and performs efficient data delivery while reducing communication costs, delays as well as the impact of imprecise locations.
Tag : sciencedirect.com
Wireless Sensor and Actor Networks (WSANs) are made up of a large number of sensing devices which are resource-impoverished nodes and powerful actuation devices: both are equipped with computation and communication capabilities. These devices cooperate to manage sensing and perform acting tasks. Numerous work conducted in the field of WSANs assumes the existence of addresses and routing infrastructure to validate their proposals.
However, assigning addresses and delivering detected events in these networks remains highly challenging, specifically due to the sheer number of nodes. To address these issues, this paper proposes SubCast, a novel distributed address assignment and routing scheme based on a Topic Clustering System and fractal theory Iterated Function Systems.
In order to minimize data delivery costs among actors, the proposed architecture first builds an actor overlay network before allocating addresses to network nodes. Location information in the allocated addresses allows establishing data delivery paths. Simulation results confirm that the proposed system efficiently guarantees the allocation of unique addresses and performs efficient data delivery while reducing communication costs, delays as well as the impact of imprecise locations.
Tag : sciencedirect.com
Subscribe to:
Posts (Atom)