jeudi 9 juillet 2009

Soutenance de thèse de Cassio Ditzel KROPIWIEC

Bonsoir,

De la partie de Cassio Ditzel KROPIWIEC, je vous envoie le message
ci-dessous.

Cordialement,

------------------------------------------------------------------------

Bonjour,
J'ai le plaisir de vous inviter à ma soutenance de thèse intitulée:
"Multi-Constrained Security Policies for Delegated Firewall Administration "
qui sera présentée le vendredi 10 Juillet à 10h00 au Laboratoire
d'Informatique de Paris 6 (LIP6), situé au 104 avenue du Président
Kennedy, 75016 Paris, salle 549, ainsi qu'au pot qui suivra.

Résumé:
The management of security policies is an important issue for networks of
any size. The policy must be designed to protect the internal resources
from external users and also from internal users. In networks with one or
only a few firewalls, defining the configuration of each device is easier.
However, in larger networks, the administrator must consider the
configuration of each firewall isolated and the effects of this
configuration in the whole network. This thesis proposes a framework for
representing and managing global network security policies for distributed
firewall administration. The proposed framework defines a high-level
policy language, which allows the specification of policies in mandatory,
discretionary and security property models. This framework is able to
handle simultaneously the three dimensions and coherently describes the
resulting permissions in an abstract representation that is independent of
how they will be enforced, without violating the global security goal. The
framework also includes a mechanism responsible for translating the
abstract representation of permissions into low-level configuration
scripts/rules for firewalls of different models and vendors, allowing its
use for configuration of heterogeneous networks. Each dimension can be
defined by people of different roles, allowing the cooperation in
definition of global policy. The framework is formalized in Z notation to
demonstrate its completeness and correctness, and a scalability study is
presented to demonstrate the behavior of the framework in larger networks.

Cordialement
Cássio Ditzel Kropiwiec


--
Michele Nogueira Lima <<Michele.Nogueira@lip6.fr>>
Phd Student
LIP 6 - PHARE Team
Université Pierre et Marie Curie - Paris 6
104 Avenue du President Kennedy
75016 PARIS - France

Publié par à

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)