Toward provenancebased. configuration languages
|
|
|
- Kelly Turner
- 6 years ago
- Views:
Transcription
1 Toward provenancebased security for configuration languages Paul Anderson James Cheney University of Edinburgh TaPP, June 14, 2012
2 Configuration management Keeping machines updated / upgraded Keeping network access (firewalls, services) correctly configured Increasingly, declarative/high-level languages preferred better maintainability LCFG (Edinburgh), Puppet, several other tools
3 Declarative configurations deploy x number of machines
4 Declarative configurations deploy Problem: Lots of redundancy x number of machines
5 Smarter way deploy x number of machines
6 Smarter way 1000's of site-specific 200 group-specific machine-specific compile deploy x number of machines
7 Smarter way generic 1000's of 1000's of site-specific group-specific machine-specific compile deploy config.com widget.com x number of machines
8 Why is configuration management important? "In his case study on Linux system engineering in air traffic control, Stefan Schimanski showed how scalable Puppet really is and how it can guarantee reliable mass deployment of the Linux-based, mission critical applications needed in air-traffic control centers." Linux Weekly News
9 Security Configuration management can lead to vulnerabilities in the overall system even if individual components are secure Configurations often maintained in a distributed way (across system/control boundaries) and compiled into (large) configuration files leading to potential for mistakes or exploitation
10 widget.com config.com class genericserver { Example timeserver = ts@reliable.com 742 more parameters Alice
11 widget.com config.com class genericserver { Example timeserver = ts@reliable.com 742 more parameters class widgetserver isa genericserver { Alice Bob
12 widget.com config.com class genericserver { Example timeserver = ts@reliable.com 742 more parameters class widgetserver isa genericserver { Prototype-based data Alice (instance) inheritance Bob
13 widget.com config.com class genericserver { Example timeserver = ts@reliable.com 742 more parameters class widgetserver isa genericserver { Alice (instance) inheritance Bob class salesserver isa widgetserver { Carol Prototype-based data
14 widget.com config.com class genericserver { Example timeserver = ts@reliable.com 742 more parameters class widgetserver isa genericserver { Alice (instance) inheritance Bob class salesserver isa widgetserver { Carol node servera isa salesserver { ip = Prototype-based data Dave
15 widget.com config.com class genericserver { Example timeserver = ts@reliable.com 742 more parameters class widgetserver isa genericserver { node Bob servera { ip = timeserver = ts@reliable.com 742 more parameters class salesserver isa widgetserver { Carol node servera isa salesserver { ip = Prototype-based data Alice (instance) inheritance Dave
16 widget.com config.com class genericserver { Example timeserver = ts@reliable.com 742 more parameters class widgetserver isa genericserver { class salesserver isa widgetserver { node servera isa salesserver { ip = Alice Bob Carol Dave
17 widget.com config.com class genericserver { Example timeserver = ts@reliable.com 742 more parameters class widgetserver isa genericserver { class salesserver isa widgetserver { timeserver = sales.widget.com node servera isa salesserver { ip = Alice Carol makes a temporary change Bob Carol Dave
18 widget.com config.com class genericserver { Example timeserver = ts@reliable.com ts@unreliable.com 742 more parameters class widgetserver isa genericserver { Meanwhile, Alice class salesserver isa widgetserver { timeserver = sales.widget.com changes the default node servera isa salesserver { ip = Alice Bob Carol Dave
19 config.com widget.com class genericserver { Example timeserver = ts@reliable.com ts@unreliable.com 742 more parameters class widgetserver isa genericserver { class salesserver isa widgetserver { timeserver = sales.widget.com node servera isa salesserver { ip = Alice node Bob servera { ip = timeserver = ts@sales.widget.com Alice's change is masked by Carol's Carol Dave
20 widget.com config.com class genericserver { Example timeserver = ts@unreliable.com 742 more parameters class widgetserver isa genericserver { class salesserver isa widgetserver { timeserver = ts@sales.widget.com node servera isa salesserver { ip = Alice Bob Carol Dave
21 widget.com config.com class genericserver { Example timeserver = ts@unreliable.com 742 more parameters class widgetserver isa genericserver { class salesserver isa widgetserver { node servera isa salesserver { ip = Alice Later Carol reverts the Bob Carol Dave temporary change
22 config.com widget.com class genericserver { Example timeserver = ts@unreliable.com 742 more parameters class widgetserver isa genericserver { class salesserver isa widgetserver { node servera isa salesserver { ip = Suddenly things break, Carol gets the Alice blame, but the real "culprit" node Bob servera { ip = timeserver = ts@unreliable.com Carol Dave is Alice
23 Workarounds Validation? (e.g. whitelists) Validating final result will catch error earlier But would not help identify cause (and system could get into "stuck" state) Access control? [Vanbrabant et al. 2011] Controlling effects of changes on final product can be unpredictable Stuckness, inversion of privilege can result
24 Alternative Track provenance to understand flow of information through "compilation" Change-history/provenance of source documents is usually available (e.g. SVN blame) Use to audit results or (perhaps) for provenance-aware access control
25 Challenges What is the right provenance model for (configuration language) security? where-prov/"taint" tracking (ad hoc) why-prov/dependency tracking (verbose) override history? finer-grained traces? What is right tradeoff between exactness and utility? How do we measure / verify security guarantees involving provenance?
26 Challenges What is the right provenance model for (configuration language) security? node servera { where-prov/"taint" ip = tracking (ad hoc) why-prov/dependency tracking (verbose) override history? finer-grained traces? timeserver = ts@sales.widget.com What is right tradeoff between exactness and utility? How do we measure / verify security guarantees involving provenance?
27 Challenges What is the right provenance model for (configuration language) security? node servera { where-prov/"taint" ip = tracking (ad hoc) why-prov/dependency tracking (verbose) override history? finer-grained traces? timeserver = ts@sales.widget.com What is right tradeoff between exactness and utility? Alice How do we measure / verify security guarantees involving provenance?
28 Challenges What is the right provenance model for (configuration language) security? node servera { where-prov/"taint" ip = tracking (ad hoc) why-prov/dependency tracking (verbose) override history? finer-grained traces? timeserver = ts@sales.widget.com What is right tradeoff between exactness and utility? How do we measure / verify security guarantees involving provenance? Alice Bob Carol Dave
29 Challenges What is the right provenance model for (configuration language) security? node servera { where-prov/"taint" ip = tracking (ad hoc) why-prov/dependency tracking (verbose) override history? finer-grained traces? timeserver = ts@sales.widget.com What is right tradeoff between exactness and utility? How do we measure / verify security guarantees involving provenance? Alice Carol
30 Challenges What is the right provenance model for (configuration language) security? where-prov/"taint" tracking (ad hoc) why-prov/dependency tracking (verbose) override history? finer-grained traces? What is right tradeoff between exactness and utility? How do we measure / verify security guarantees involving provenance?
31 Challenges #2 Semantics of Puppet largely data-description language some object-orientation (inherit data, not code) some functions/procedures, lists, documentation focuses on examples, not corner cases other CLs have similar issues
32 Current work Currently investigating (arguably) simpler case of LCFG Assign provenance to each line using svn blame Adapt LCFG interpreter to provide finer-grained explanation of responsibility for each "part" of final config Complicated by heavy use of C preprocessor watch this space
33 Scale A "mature" configuration includes: 13,764 7,244 statements 268 unique files written by different people 162 of which are included multiple times for one machine!
34 Related work Provenance security Braun et al. (2007), Hasan et al. (2009) - systems perspective Formal models: Cheney (CSF 2011), Acar et al. (POST 2012) Configuration languages/security Change-based security for Puppet (Vanbrabant et al. 2011) Almost no work on semantics of config languages! (so maybe do that first)
35 Conclusions Security is important for configuration languages Provenance may be useful for auditing and access control Future work: understanding semantics of LCFG, Puppet or other languages defining provenance models defining security policies based on provenance
Composition & References
Some thoughts on Composition & References in declarative configurations Paul Anderson dcspaul@ed.ac.uk http://homepages.inf.ed.ac.uk/dcspaul ssh client browser dns service ssh certificates ssl certificates
System Configuration. Paul Anderson. publications/oslo-2008a-talk.pdf I V E R S I U N T Y T H
E U N I V E R S I System Configuration T H O T Y H F G Paul Anderson E D I N B U R dcspaul@ed.ac.uk http://homepages.inf.ed.ac.uk/dcspaul/ publications/oslo-2008a-talk.pdf System Configuration What is
Semi-Joins and Bloom Join. Databases: The Complete Book Ch 20
Semi-Joins and Bloom Join Databases: The Complete Book Ch 20 1 Practical Concerns UNION R1 S1 R1 S2 R2 S1 RN SM R1 R2 RN S1 S2 SM 2 Practical Concerns UNION R1 S1 R1 S2 R2 S1 RN SM R1 R2 RN S1 S2 SM Where
AWS Lambda: Event-driven Code in the Cloud
AWS Lambda: Event-driven Code in the Cloud Dean Bryen, Solutions Architect AWS Andrew Wheat, Senior Software Engineer - BBC April 15, 2015 London, UK 2015, Amazon Web Services, Inc. or its affiliates.
Managing real-world system configurations with constraints
Managing real-world system configurations with constraints Thomas Delaet Department of Computer Science, Katholieke Universiteit Leuven, Belgium thomas@cs.kuleuven.be Wouter Joosen Department of Computer
Configuring Session Manager
This chapter describes how to configure Session Manager on Cisco NX-OS devices. This chapter contains the following sections: About Session Manager, page 1 Licensing Requirements for Session Manager, page
What is This Thing Called System Configuration?
PAUL ANDERSON dcspaul@inf.ed.ac.uk Alva Couch couch@cs.tufts.edu What is This Thing Called System Configuration? Tufts University Computer Science LISA 2004 (1) Overview Paul says: The configuration problem
Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
Protection Kevin Webb Swarthmore College April 19, 2018
Protection Kevin Webb Swarthmore College April 19, 2018 xkcd #1200 Before you say anything, no, I know not to leave my computer sitting out logged in to all my accounts. I have it set up so after a few
IPv6 Investigation (preliminary!) gdmr, September 2015
IPv6 Investigation (preliminary!) gdmr, September 2015 Why? Why might we want to implement IPv6? Make ourselves visible to IPv6-only ISPs Allow our users to speak to IPv6-only services elsewhere Machines
Enterprise IPv6 Deployment Security and other topics
Enterprise IPv6 Deployment Security and other topics 6. Slo IPv6 Summit 8 Nov, 2011 Ljubljana, Slovenia Ron Broersma DREN Chief Engineer SPAWAR Network Security Manager Federal IPv6 Task Force ron@spawar.navy.mil
Linux System Management with Puppet, Gitlab, and R10k. Scott Nolin, SSEC Technical Computing 22 June 2017
Linux System Management with Puppet, Gitlab, and R10k Scott Nolin, SSEC Technical Computing 22 June 2017 Introduction I am here to talk about how we do Linux configuration management at the Space Science
How To Guide Using and Developing Custom Phases in IKAN ALM
How To Guide Using and Developing Custom Phases in IKAN ALM Release 5.6 January 2015 N.V. Schaliënhoevedreef 20A 2800 Mechelen BELGIUM 2006-2015 N.V. No part of this document may be reproduced or transmitted
Cyber Security Update Recent Events in the Wild and How Can We Prepare?
Cyber Security Update Recent Events in the Wild and How Can We Prepare? Bob Cowles August, 2011 DOE Labs Hacked! ORNL off the Internet for nearly 2 weeks extensive remediation efforts put into place JLab
CLOUD WORKLOAD SECURITY
SOLUTION OVERVIEW CLOUD WORKLOAD SECURITY Bottom line: If you re in IT today, you re already in the cloud. As technology becomes an increasingly important element of business success, the adoption of highly
Security Principles and Policies CS 136 Computer Security Peter Reiher January 15, 2008
Security Principles and Policies CS 136 Computer Security Peter Reiher January 15, 2008 Page 1 Outline Security terms and concepts Security policies Basic concepts Security policies for real systems Page
Language-Based Security on Android (call for participation) Avik Chaudhuri
+ Language-Based Security on Android (call for participation) Avik Chaudhuri + What is Android? Open-source platform for mobile devices Designed to be a complete software stack Operating system Middleware
Object Oriented Programming: In this course we began an introduction to programming from an object-oriented approach.
CMSC 131: Chapter 28 Final Review: What you learned this semester The Big Picture Object Oriented Programming: In this course we began an introduction to programming from an object-oriented approach. Java
A Trustworthy Monadic Formalization of the ARMv7 Instruction Set Architecture. Anthony Fox and Magnus O. Myreen University of Cambridge
A Trustworthy Monadic Formalization of the ARMv7 Instruction Set Architecture Anthony Fox and Magnus O. Myreen University of Cambridge Background Instruction set architectures play an important role in
Software Defined Networking Security: Security for SDN and Security with SDN. Seungwon Shin Texas A&M University
Software Defined Networking Security: Security for SDN and Security with SDN Seungwon Shin Texas A&M University Contents SDN Basic Operation SDN Security Issues SDN Operation L2 Forwarding application
Evolution of Virtual Machine Technologies for Portability and Application Capture. Bob Vandette Java Hotspot VM Engineering Sept 2004
Evolution of Virtual Machine Technologies for Portability and Application Capture Bob Vandette Java Hotspot VM Engineering Sept 2004 Topics Virtual Machine Evolution Timeline & Products Trends forcing
A Declarative Approach to Automated System Configuration
LISA 12 A Declarative Approach to Automated System Configuration John A. Hewson, Paul Anderson University of Edinburgh Andrew D. Gordon Microsoft Research & University of Edinburgh This work was funded
Introduction and Statement of the Problem
Chapter 1 Introduction and Statement of the Problem 1.1 Introduction Unlike conventional cellular wireless mobile networks that rely on centralized infrastructure to support mobility. An Adhoc network
The Swiss Army Knife netcat
The Swiss Army Knife netcat Lab Objectives In this lab, you will perform the following six labs: Lab 1 Use Netcat for Port Scanning Lab 2 Use Netcat for Banner Grabbing Lab 3 Use Netcat to Transfer Files
SDN abstraction and security: a database perspective
June 17, 2016 SoSSDN SDN abstraction and security: a database perspective Anduo Wang * Jason Croft Xueyuan Mei Matthew Caesar Brighten Godfrey * Temple University University of Illinois Urbana-Champaign
NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
SDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich
SDN-based Network Obfuscation Roland Meier PhD Student ETH Zürich This Talk This thesis vs. existing solutions Alice Bob source: Alice destination: Bob Hi Bob, Hi Bob, Payload encryption ǾǼōĦ
TDDC88 Lab 4 Software Configuration Management
TDDC88 Lab 4 Software Configuration Management Introduction "Version control is to programmers what the safety net is to a trapeze artist. Knowing the net is there to catch them if they fall, aerialists
IBM BigFix Lifecycle 9.5
Software Product Compatibility Reports Product IBM BigFix Lifecycle 9.5 Contents Included in this report Operating systems (Section intentionally removed by the report author) Hypervisors (Section intentionally
Late Binding; OOP as a Racket Pattern
Late Binding; OOP as a Racket Pattern Today Dynamic dispatch aka late binding aka virtual method calls Call to self.m2() in method m1 defined in class C can resolve to a method m2 defined in a subclass
Wireless Sensor Architecture GENERAL PRINCIPLES AND ARCHITECTURES FOR PUTTING SENSOR NODES TOGETHER TO
Wireless Sensor Architecture 1 GENERAL PRINCIPLES AND ARCHITECTURES FOR PUTTING SENSOR NODES TOGETHER TO FORM A MEANINGFUL NETWORK Mobile ad hoc networks Nodes talking to each other Nodes talking to some
Information Technology Procedure IT 3.4 IT Configuration Management
Information Technology Procedure IT Configuration Management Contents Purpose and Scope... 1 Responsibilities... 1 Procedure... 1 Identify and Record Configuration... 2 Document Planned Changes... 3 Evaluating
DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP
ARINC cybersecurity solutions DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP Getting started is as simple as assessing your baseline THE RIGHT CYBERSECURITY SOLUTIONS FOR YOUR UNIQUE NEEDS Comprehensive threat
Architecture as Interface
Architecture as Interface André DeHon Friday, June 21, 2002 Previously How do we build efficient, programmable machines How we mix Computational complexity W/ physical landscape
DevOps Online Training
DevOps Online Training IQ Online training facility offers Devops online training by trainers who have expert knowledge in the Devops and proven record of training hundreds of students. Our Oracle Devops
IPv6 investigation within Informatics. George Ross
IPv6 investigation within Informatics George Ross gdmr@inf.ed.ac.uk Overview We enabled IPv6 on some of our subnets It basically just worked The End a bit more to it than that, of course Going to assume
Interdomain Routing Design for MobilityFirst
Interdomain Routing Design for MobilityFirst October 6, 2011 Z. Morley Mao, University of Michigan In collaboration with Mike Reiter s group 1 Interdomain routing design requirements Mobility support Network
MARCH Secure Software Development WHAT TO CONSIDER
MARCH 2017 Secure Software Development WHAT TO CONSIDER Table of Content Introduction... 2 Background... 3 Problem Statement... 3 Considerations... 4 Planning... 4 Start with security in requirements (Abuse
Wireless Sensor Networks (WSN)
Wireless Sensor Networks (WSN) Introduction M. Schölzel Difference to existing wireless networks Infrastructure-based networks e.g., GSM, UMTS, Base stations connected to a wired backbone network Mobile
How to Take the CI/CD Plunge
How to Take the CI/CD Plunge or How I Learned to Stop Worrying and Love OpenStack www.mirantis.com Introductions Christopher Aedo Product Architect Christopher is an IT veteran for consulting, design and
Usability, Security and Privacy
Usability, Security and Privacy Computer Science and Telecommunications Board Butler Lampson Microsoft Research July 21, 2009 1 Usable Security: Things Are Really Bad Users don t know how to think about
Disclaimer. This talk vastly over-simplifies things. See notes for full details and resources.
Greg Kroah-Hartman Disclaimer This talk vastly over-simplifies things. See notes for full details and resources. https://github.com/gregkh/presentation-spectre Spectre Hardware bugs Valid code can be tricked
Mobile network security report: Ukraine
Mobile network security report: Ukraine GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin June 2017 Abstract. Mobile networks differ widely in their protection capabilities against common
Ellipse Support. Contents
Ellipse Support Ellipse Support Contents Ellipse Support 2 Commercial In Confidence 3 Preface 4 Mission 5 Scope 5 Introduction 6 What do you need to know about tuning and configuration? 6 How does a customer
Justification for Names and Optional Parameters
Justification for Names and Optional Parameters By Bill Wagner March 2012 Many developers ask why named and optional parameters were not added earlier to the C# language. As other languages have shown,
4.1.3 Filtering. NAT: basic principle. Dynamic NAT Network Address Translation (NAT) Public IP addresses are rare
4.. Filtering Filtering helps limiting traffic to useful services It can be done based on multiple criteria or IP address Protocols (, UDP, ICMP, ) and s Flags and options (syn, ack, ICMP message type,
Writing LCFG components
Writing LCFG components Innovative Learning Week Wed 17th February 2016 Paul Anderson Alastair Scobie Stephen Quinney Kenny MacDonald B compiler component schema D machine profile A application to be configured
Murray Goldschmidt. Chief Operating Officer Sense of Security Pty Ltd. Micro Services, Containers and Serverless PaaS Web Apps? How safe are you?
Murray Goldschmidt Chief Operating Officer Sense of Security Pty Ltd Micro Services, Containers and Serverless PaaS Web Apps? How safe are you? A G E N D A 1 2 3 Serverless, Microservices and Container
WHITEPAPER THE EVOLUTION OF APPSEC: FROM WAFS TO AUTONOMOUS APPLICATION PROTECTION
WHITEPAPER THE EVOLUTION OF APPSEC: FROM WAFS TO AUTONOMOUS APPLICATION PROTECTION 2 Web application firewalls (WAFs) entered the security market at the turn of the century as web apps became increasingly
K12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
Rationale for TR Extension to the programming language C. Decimal Floating-Point Arithmetic
WG14 N1161 Rationale for TR 24732 Extension to the programming language C Decimal Floating-Point Arithmetic Contents 1 Introduction... 1 1.1 Background... 1 1.2 The Arithmetic Model... 3 1.3 The Encodings...
Object Security. Model Driven Security. Ulrich Lang, Rudolf Schreiner. Protection of Resources in Complex Distributed Systems
Object Security TM The Security Policy Company Protection of Resources in Complex Distributed Systems Ulrich Lang, Rudolf Schreiner ObjectSecurity Ltd. University of Cambridge Agenda COACH Project Model
May Capabilities to help expand and. mature SWA program. Haleh Nematollahy Sr. Security Solutions Architect
May 2017 Capabilities to help expand and mature SWA program Haleh Nematollahy Sr. Security Solutions Architect Fortify Security Assistant 2 Fortify security assistant Building in security as you code Identify
Cloud Computing Lectures. Cloud Security
Cloud Computing Lectures Cloud Security 1/17/2012 Why security is important for cloud computing? Multi Tenancy, that is same infrastructure, platform, Service is shared among vendors. It is accessed over
Monitoring Testbed Experiments with MonEx
Monitoring Testbed Experiments with MonEx Abdulqawi Saif 1,2 Alexandre Merlin 1 Lucas Nussbaum 1 Ye-Qiong Song 1 1 Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France 2 Qwant Entreprise,
Take Risks But Don t Be Stupid! Patrick Eaton, PhD
Take Risks But Don t Be Stupid! Patrick Eaton, PhD preaton@google.com Take Risks But Don t Be Stupid! Patrick R. Eaton, PhD patrick@stackdriver.com Stackdriver A hosted service providing intelligent monitoring
Top 10 Mistakes Network Engineers Make when Troubleshooting
WHITE PAPER Top 10 Mistakes Network Engineers Make when Troubleshooting There are several traps that are easy to fall into when troubleshooting network and application problems. This white paper describes
Introduction CHAPTER. Practice Exercises. 1.1 What are the three main purposes of an operating system? Answer: The three main puropses are:
1 CHAPTER Introduction Practice Exercises 1.1 What are the three main purposes of an operating system? Answer: The three main puropses are: To provide an environment for a computer user to execute programs
CIS 188 CCNP TSHOOT Ch. 2: Troubleshooting Processes for Complex Enterprise Networks
CIS 188 CCNP TSHOOT Ch. 2: Troubleshooting Processes for Complex Enterprise Networks Rick Graziani Cabrillo College graziani@cabrillo.edu Fall 2010 Troubleshooting Principles Troubleshooting is the process
Upgrading an ObserveIT One-Click Installation
Upgrading an ObserveIT One-Click Installation This document was written for ObserveIT Enterprise version 7.6.1. This document uses screenshots and procedures written for Windows Server 2012 R2 and SQL
CS510 Operating System Foundations. Jonathan Walpole
CS510 Operating System Foundations Jonathan Walpole Disk Technology & Secondary Storage Management Disk Geometry Disk head, surfaces, tracks, sectors Example Disk Characteristics Disk Surface Geometry
Network Device Forensics. Digital Forensics NETS1032 Winter 2018
Network Device Forensics Digital Forensics NETS1032 Winter 2018 Risks Most data created, stored, and used by users is kept in files on computers running end user oriented operating systems like Windows,
MPEG Frame Types intrapicture predicted picture bidirectional predicted picture. I frames reference frames
MPEG o We now turn our attention to the MPEG format, named after the Moving Picture Experts Group that defined it. To a first approximation, a moving picture (i.e., video) is simply a succession of still
Vortex Whitepaper. Intelligent Data Sharing for the Business-Critical Internet of Things. Version 1.1 June 2014 Angelo Corsaro Ph.D.
Vortex Whitepaper Intelligent Data Sharing for the Business-Critical Internet of Things Version 1.1 June 2014 Angelo Corsaro Ph.D., CTO, PrismTech Vortex Whitepaper Version 1.1 June 2014 Table of Contents
White Paper. The Evolution of RBAC Models to Next-Generation ABAC: An Executive Summary
White Paper The Evolution of RBAC Models to Next-Generation ABAC: An Executive Summary 2 Overview: IT security has gone through major changes. Enterprises today are facing a rapid expansion of diverse
Disclaimer. This talk vastly over-simplifies things. See notes for full details and resources.
Greg Kroah-Hartman Disclaimer This talk vastly over-simplifies things. See notes for full details and resources. https://github.com/gregkh/presentation-spectre Spectre Hardware bugs Valid code can be tricked
Guide to TCP/IP Fourth Edition. Chapter 11: Deploying IPv6
Guide to TCP/IP Fourth Edition Chapter 11: Deploying IPv6 Objectives Explain IPv6 deployment requirements and considerations Plan an IPv6 deployment, including success criteria, architectural decisions,
Continuous Data Analysis
Continuous Data Analysis Translating Data into Knowledge With AI 19.June 2018 meno@geminidata.com Market Outlook Big Data and Analytics are a huge priority for the enterprise but existing solutions don
Cyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
IP Telephony Troubleshooting
IP Telephony Troubleshooting by Ronald Trunk Page IP Telephony Troubleshooting By Ron Trunk Now that IP telephony systems are becoming commonplace, network engineers need to be familiar with IP telephony
Ethane: taking control of the enterprise
Ethane: taking control of the enterprise Martin Casado et al Giang Nguyen Motivation Enterprise networks are large, and complex, and management is distributed. Requires substantial manual configuration.
DEPLOYMENT WHITE PAPER.
DEPLOYMENT WHITE PAPER www.seavusprojectviewer.com Deployment Options Seavus Project Viewer provides a wide variety of deployment options: Single User installation is a stand-alone, web downloadable configuration
A Survey of Access Control Policies. Amanda Crowell
A Survey of Access Control Policies Amanda Crowell What is Access Control? Policies and mechanisms that determine how data and resources can be accessed on a system. The Players Subjects Objects Semi-objects
Application Virtualization and Desktop Security
Application Virtualization and Desktop Security Karl MacMillan kmacmillan@tresys.com Tresys Technology 1 Application Virtualization Introduction Encapsulates a single application Bundles application into
7/8/10 KEY CONCEPTS. Problem COMP 10 EXPLORING COMPUTER SCIENCE. Algorithm. Lecture 2 Variables, Types, and Programs. Program PROBLEM SOLVING
KEY CONCEPTS COMP 10 EXPLORING COMPUTER SCIENCE Lecture 2 Variables, Types, and Programs Problem Definition of task to be performed (by a computer) Algorithm A particular sequence of steps that will solve
Meeting the OMB FY2012 Objective: Experiences, Observations, Lessons-Learned, and Other Thoughts
Meeting the OMB FY2012 Objective: Experiences, Observations, Lessons-Learned, and Other Thoughts 2013 Federal Interagency Workshop 9 December, 2013 Ron Broersma DREN Chief Engineer ron@dren.mil Introduction
OBJECT-ORIENTED SOFTWARE DEVELOPMENT Using OBJECT MODELING TECHNIQUE (OMT)
OBJECT-ORIENTED SOFTWARE DEVELOPMENT Using OBJECT MODELING TECHNIQUE () Ahmed Hayajneh, May 2003 1 1 Introduction One of the most popular object-oriented development techniques today is the Object Modeling
The trace is here: https://kevincurran.org/com320/labs/wireshark/trace-dhcp.pcap
Lab Exercise DHCP Objective To see how DHCP (Dynamic Host Configuration Protocol) works. The trace is here: https://kevincurran.org/com320/labs/wireshark/trace-dhcp.pcap Network Setup Recall that DHCP
EOS: An Extensible Operating System
EOS: An Extensible Operating System Executive Summary Performance and stability of the network is a business requirement for datacenter networking, where a single scalable fabric carries both network and
McAfee Public Cloud Server Security Suite
McAfee Public Cloud Server Security Suite Comprehensive security for AWS and Azure cloud workloads As enterprises shift their data center strategy to include and often lead with public cloud server instances,
5 Mistakes Auditing Virtual Environments (You don t Want to Make)
WHITE PAPER June 2011 5 Mistakes Auditing Environments (You don t Want to Make) Payment Card Industry (PCI) Qualified Security Assessors (QSA) increasingly are asked to verify whether a virtual environment
Combining Virtual Organization and Local Policies for Automated Configuration of Grid Services
Combining Virtual Organization and Local Policies for Automated Configuration of Grid Services Shishir Bharathi, Beom Kun Kim, Ann Chervenak, Robert Schuler USC Information Sciences Institute Abstract.
Deploying IBM Rational License Key Server effectively in your organization
Deploying IBM Rational License Key Server 8.1.1 effectively in your organization Indraneel Paul September 28, 2011 Page 1 of 28 INTRODUCTION...4 IBM RATIONAL LICENSE KEY SERVER 8.1.1...5 TECHNICAL CHANGE
Objective and Subjective Specifications
2017-7-10 0 Objective and Subjective Specifications Eric C.R. Hehner Department of Computer Science, University of Toronto hehner@cs.utoronto.ca Abstract: We examine specifications for dependence on the
GSM security country report: Thailand
GSM security country report: Thailand GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin February 2013 Abstract. GSM networks differ widely in their protection capabilities against common
Increasing Host IPS Management Success McAfee Inc. External Use
Increasing Host IPS Management Success Tech 60 W ebinar Series Webinar Viewing Click the arrow on the Grab Tab to open or close the control panel Audio options listen via your PC computer OR via the telephone
Liberate your components with OSGi services
Liberate your components with OSGi services One products journey through the Modularity Maturity Model Alasdair Nottingham (not@uk.ibm.com) WebSphere Application Server V8.5 Liberty Profile Development
AUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
T9: SDN and Flow Management: DevoFlow
T9: SDN and Flow Management: DevoFlow Critique Lee, Tae Ho 1. Problems due to switch HW may be temporary. HW will evolve over time. Section 3.3 tries to defend against this point, but none of the argument
Replify Accelerator 4.1 Release
Replify Accelerator 4.1 Release Paul Moorhead Replify 2/13/2012 Change Control Version Date Author Change Description 1.0 7/2/2011 P. Moorhead Release notes for 4.1 Release Information This document details
Tapestry. Code less, deliver more. Rayland Jeans
Tapestry Code less, deliver more. Rayland Jeans What is Apache Tapestry? Apache Tapestry is an open-source framework designed to create scalable web applications in Java. Tapestry allows developers to
MAPR TECHNOLOGIES, INC. TECHNICAL BRIEF APRIL 2017 MAPR SNAPSHOTS
MAPR TECHNOLOGIES, INC. TECHNICAL BRIEF APRIL 2017 MAPR SNAPSHOTS INTRODUCTION The ability to create and manage snapshots is an essential feature expected from enterprise-grade storage systems. This capability
IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions
IPS Effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of defense that helps you protect
Lockdown & support access guide
Lockdown & support access guide How to lock down your cloud, and enable the OnApp support team to help you with troubleshooting and ticket resolution. Document version 1.4 Document release date 21 st February
Distributed Configuration & Service Change Planning
Distributed Configuration & Service Change Planning Paul Anderson & Herry http://homepages.inf.ed.ac.uk/dcspaul/ publications/hp-2012.pdf Overview Configuration
Spring 2016, Malloc Lab: Writing Dynamic Memory Allocator
1. Introduction Spring 2016, Malloc Lab: Writing Dynamic Memory Allocator Assigned: Mar. 03 Due: Mar. 17, 15:59 In this lab you will be writing a dynamic memory allocator for C programs, i.e., your own
NexentaStor VVOL
NexentaStor 5.1.1 VVOL Admin Guide Date: January, 2018 Software Version: NexentaStor 5.1.1 VVOL Part Number: 3000-VVOL-5.1.1-000065-A Table of Contents Preface... 3 Intended Audience 3 References 3 Document
Edge Virtual Bridging Draft PAR. PAR Request Date: 15 November PAR Approval Date: PAR Signature Page on File: No
Edge Virtual Bridging Draft PAR PAR Request Date: 15 November 2009 PAR Approval Date: PAR Signature Page on File: No Type of Project: Amendment to IEEE Standard Status: Unapproved PAR, Std 802.1Q Root
Threat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
CSC8223 Wireless Sensor Networks. Chapter 3 Network Architecture
CSC8223 Wireless Sensor Networks Chapter 3 Network Architecture Goals of this chapter General principles and architectures: how to put the nodes together to form a meaningful network Design approaches: