Representando Aspectos de Sistemas Operacionais na Abordagem de Gerenciamento Baseado em Modelos

  • Diogo Ditzel Kropiwiec UNICAMP
  • Paulo Lício de Geus UNICAMP

Resumo


O gerenciamento da configuração de mecanismos de segurança em ambientes computacionais está se tornando cada vez mais complexo, especialmente em redes de computadores de larga escala. Administradores de segurança encaram o desafio de projetar e manter políticas de segurança para um enorme número de mecanismos heterogêneos e diferentes sistemas operacionais para garantir a proteção desses ambientes. Para permitir o gerenciamento de configurações de segurança de sistemas operacionais e de rede em um único modelo, este trabalho apresenta uma extensão da abordagem de Gerenciamento Baseado em Modelos aplicado a redes de computadores que inclui gerenciamento de políticas de sistemas operacionais.

Referências

Card, S. K., Mackinlay, J. D., and Shneierman, B. (1999). Readings in Information Visualization: Using Vision to Think. Morgan Kaufmann Publishers, San Francisco, CA, USA.

Damianou, N., Dulay, N., Lupu, E., Sloman, M., and Tonouchi, T. (2002). Tools for domain-based policy management of distributed systems. In In proceedings of Network Operations and Management Symposium, 2002., pages 203 – 217.

Franqueira, V. N. L. and van Eck, P. A. T. (2006). Towards alignment of architectural domains in security policy specifications. In Proccedings of the 8th International Symposium on System and Information Security, Sao Jose dos Campos, Brazil. Fundacao Casimiro Montenegro Filho CTA/ITA.

Loscocco, P. and Smalley, S. (2001). Integrating flexible support for security policies into the linux operating system. In Proccedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, Boston Mass.

Loscocco, P. A., Smalley, S. D., Muckelbauer, P. A., Taylor, R. C., Turner, S. J., and Farrel, J. F. (1998). The inevitability of failure: The flawed assumption of security in modern computing environment. In Proceedings of the 21st National Information Systems Security Conference, pages 303–314.

Lück, I., Vögel, S., , and Krumm, H. (2002). Model-based configuration of vpns. In NOMS 2002: Proceedings of the 8th IEEE/IFIP Network Operations and Management Symposium, pages 243–255, London, UK. Springer-Verlag.

Mayer, F., MacMillan, K., and Caplan, D. (2006). SELinux by Example: Using Security Enhanced Linux (Prentice Hall Open Source Software Development Series). Prentice Hall PTR, Upper Saddle River, NJ, USA.

Moffett, J. J. D. and Sloman, M. S. (1993). Policy hierarchies for distributed systems management. IEEE JSAC Special Issue on Network Management, 11(9):1404–1414.

Oppenheimer, D., Ganapathi, A., and Patterson, D. (2003). Why do internet services fail, and what can be done about it.

Park, J. and Sandhu, R. (2004). The uconabc usage control model. ACM Trans. Inf. Syst. Secur., 7(1):128–174.

Porto de Albuquerque, J., Isenberg, H., Krumm, H., and de Geus, P. L. (2005a). Improving the configuration management of large network security systems. In Proceedings of 16th IFIP/IEEE Internation Workshop on Distributed Systems: Operations and Management, DSOM 2005, Barcelona, Spain.

Porto de Albuquerque, J., Krumm, H., and de Geus, P. L. (2005b). Policy modeling and refinement for network security systems. In POLICY ’05: Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks, pages 24–33, Washington, DC, USA. IEEE Computer Society.

Sandhu, R., Ferraiolo, D., and Kuhn, R. (2000). The nist model for role-based access control: Towards a unified standard. In Proceedings of the 5th ACM Workshop on Role-Based Access Control, pages 47 – 63, Berlim, Germany. ACM Press, New York, NY, USA.

Smalley, S. D. (2003). Configuring the selinux policy. Technical report, National Security Agency of United States of America.

Swift, M. M., Hopkins, A., Brundrett, P., Van Dyke, C., Garg, P., Chan, S., Goertzel, M., and Jensenworth, G. (2002). Improving the granularity of access control for windows 2000. ACM Trans. Inf. Syst. Secur., 5(4):398–437.

Teo, L. and Ahn, G.-J. (2007). Managing heterogeneous network environments using an extensible policy framework. In ASIACCS ’07: Proceedings of the 2nd ACM symposium on Information, computer and communications security, pages 362–364, New York, NY, USA. ACM.

Walker, K. W., Bagder, D. F., Petkac, M. J., Sherman, L., and Oostendorp, K. A. (1996). Confining root programs with domain and type enforcement. In Proceedings of The 6th USENIX Security Symposium, San Jose, California.
Publicado
01/09/2008
KROPIWIEC, Diogo Ditzel; GEUS, Paulo Lício de. Representando Aspectos de Sistemas Operacionais na Abordagem de Gerenciamento Baseado em Modelos. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 8. , 2008, Gramado. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2008 . p. 143-156. DOI: https://doi.org/10.5753/sbseg.2008.20894.

Artigos mais lidos do(s) mesmo(s) autor(es)

1 2 3 > >>