Modelling Distributed Network Security in a Petri Net and Agent-based ...
Recommend Documents
www.pre-sense.de. ⢠Theoretical Foundations of Computer Science Group (TGI),. University of Hamburg www.informatik.uni-hamburg.de/TGI/. ⢠N@Work.
universal and provides a replacement for the point-to-point wire or UHF radio that uses an antenna system for remote supervision [2]. .... analog channels of a DCS are replaced by an FF .... (3.22): Master Controller of The Field Bus System.
Modelling Social Behaviour with Petri net based. Multi-Agent Systems. Michael Köhler, Marcel Martens, and Heiko Rölke. University of Hamburg,. Department ...
Saved from: www.uotechnology.edu.iq/dep-cs. Page 2. Knowledge Representation. Many of the problems machines are expected
safety resp. liveness properties of net model transformations and com- patibility results ...... ______ zzu u u u u. mEAHL oo_ _ _ _ _ _ _ _ xxr r r r r. EN. //. ______.
Petri-Net and GA Based Approach to Modeling, Schedulin ... embedded search strategy over a hybird color-timed Petri- ..... Tom Tang. and Donald W. Collins.
Jan 6, 2003 - produce variable A (output dependence d4); statement S3 produces ... S1: A(1:20) = X(1:20) - 3 ... amount of communication, in addition to increasing software ...... 60. 70 p number of node processors time /ms/. Tcomp. Troot.
Performance Evaluation for Wafer Fabrication. Jyh-Horng Chen, Li-Chen Fu & Ming-Hung Lin. Department of Computer Science and Information Engineering.
Keywords: Hybrid Petri Net, Hybrid Biochemical Simulation, Systems. Biology. 1 Introduction. Computer simulation is an essential tool for studying biochemical ...
tree-like topology of a definite network is given as the marking of dedicated places ... Besides topology, the parameters of the model are performances of hardware and software used within the ... workstation, server, and measuring workstation.
A Petri net modelling approach of intermodal terminals based on Metrocargo c system. Angela Di Febbraro. â¯. , Guido Porta. â®. , Nicola Sacco. â. AbstractâTo ...
expressions over Petri net based models in a distributed fashion. Experimental results for ... t to p”), and I(p, t) is the number of tokens consumed from p when transition ... exist for all t and given m; (ii) if the state m − ct does exist, it migh
A special kind of coloured Petri nets is being used throughout the work: reference nets. ...... R. Scott Cost, Ye Chen, T. Finin, Y. Labrou, and Y. Peng. Modeling ...
Abstract - The paper presents modelling, simulation and checking of Email Alert System service by using Pem' nets. Petti net models are used in the early design ...
current systems, but in their basic form they lack any notion of ..... The design-spaces of many systems are just too bi
Jul 2, 2010 - Fellowship, in part by the National Science Foundation of China (60674080), in part by the ... M. Zhou is with the Department of Electrical and Computer Engineering, .... plication order (data type order) and generates a worksheet (data
benefit of fewer side effects, better fault isolation and smaller time to recovery. ... files and monitoring bulk dispenser performance with a USB camera (Figure 5):.
our cell based screening operation and its library of thousands of commercially ... platforms (Windows, Linux, even Android) supporting web based access.
ABSTRACT. The aim of this paper is to describe a novel representation frame- work for high level robot and multi-robot programming, called Petri. Net Plans ...
Horizon Discovery, 7100 Cambridge Research Park, Waterbeach, Cambridge, CB25 9TL, United Kingdom. Results. In our application we chose to represent ...
sources and constraints onto a timed Petri net. By mapping scheduling problems onto. Petri nets, we are able to use standard Petri net theory. In this paper we ...
Abstract - This paper 1.7 concerned with the distrihuted diagnosis of Discrete Event Systems (DES) using reduced. Interpreted Petri Nets (IPN) modeL7.
IRF4 or IRF8 and *transcripton partner* as per the transcription partner list. 510. Interferon regulatory factor or IRF1 or. IRF4 or IRF8 and ChIP-seq. 15 ...
a graphical representation of our models: a special dialect of high-level Petri nets, namely ..... R. Scott Cost, Ye Chen, T. Finin, Y. Labrou, and Y. Peng. Modeling ...
Modelling Distributed Network Security in a Petri Net and Agent-based ...
www.pre-sense.de. ⢠Theoretical Foundations of Computer Science Group (TGI), ... of network security components (NSCs) ... â¢Define a concrete security policy.
Modelling Distributed Network Security in a Petri Net and Agent-based Approach The Herold Project www.herold-security.de MATES 2010 September 28th Simon Adameit, Tobias Betz, Lawrence Cabac, Florian Hars, Marcin Hewelt, Michael Köhler-Bußmeier, Daniel Moldt, Dimitri Popov, José Quenum, Axel Theilmann, Thomas Wagner, Timo Warns, Lars Wüstenberg
1
www.herold-security.de
Overview Introduction The Herold Project Modelling Background Conceptual Model Implementation Outlook 2
www.herold-security.de
Introduction •Networks omnipresent today •Data and services accessible via a network •Have to be protected from... • unauthorised access • (malicious) tampering • ...
•Need for network security 3
www.herold-security.de
Introduction •Traditional perimeter approaches problematic •Cell-based approaches lessen problems and •Also closer to modern scenarios •Herold project aims to provide distributed network security management •This presentation features early results 4
www.herold-security.de
Overview Introduction The Herold Project Modelling Background Conceptual Model Implementation Outlook 5
www.herold-security.de
Herold Overview •2 Year funded research project •Funded by the BMBF (Grant No. 01BS0901) •Cooperation between: • PRESENSE Technologies GmbH www.pre-sense.de • Theoretical Foundations of Computer Science Group (TGI), University of Hamburg www.informatik.uni-hamburg.de/TGI/ • N@Work www.work.de
6
www.herold-security.de
Herold Overview •Distributed system for a novel agent-oriented approach to distributed network security •Core: Efficient and secure configuration of network security components (NSCs) •Concurrent, cooperative design
7
www.herold-security.de
Herold Overview •Aims to provide activities associated with network security management • Define abstract security goals • Define a concrete security policy • Choose how and where to enforce the policy • Monitor and analyse enforcement • ...
8
www.herold-security.de
Herold Summary •Main Concepts: •Hierarchy of policies •Cooperative design of policies •Localisation •Cooperative enforcement by NSCs 9
www.herold-security.de
Herold Summary Problems:
Solutions:
•Distributed environment
➡ Agents
•Concurrent behaviour
➡ Petri nets
•Complex dynamics
➡ PAOSE
•Security application requirements
➡ Herold
10
www.herold-security.de
Overview Introduction The Herold Project Modelling Background Conceptual Model Implementation Outlook 11
• Nets-within-nets paradigm • Synchronous channels are used for communication between and in nets
13
www.herold-security.de
RENEW •Editor and simulator for different net formalisms •Especially designed for reference nets •Serves as development and runtime environment •Freely available at www.renew.de
14
www.herold-security.de
MULAN • MULti Agent Nets • Complete agent architecture modelled with reference nets • Executable in RENEW as a conceptual framework
15
www.herold-security.de
CAPA • Concurrent Agent Platform Architecture • FIPA compliant extension of MULAN • Replaces upper layers of MULAN to allow deployment in real-life networks 16
www.herold-security.de
PAOSE • Petri net-based Agent and Organisation-oriented Software Engineering • Especially suited for developing systems with MULAN and CAPA • Key Aspects: • Rapid prototyping • Three-dimensional modelling (Actors, Interactions, Ontology) • MAS as metaphor for development team • Tool support (RENEW) for different stages
• Visit www.paose.net for further information 17
www.herold-security.de
Overview Introduction The Herold Project Modelling Background Conceptual Model Implementation Outlook 18
www.herold-security.de
General Assumptions •Needed: •Simple model •Represents all relevant aspects of Herold project •Relatively “easy” to understand, present and handle •Iteratively rising in complexity ➡ A conceptual system for which an implementation is iteratively enhanced 19
www.herold-security.de
General Assumptions •Conceptual view: •One “stepping stone” that covers important aspects •Theoretical view •Implementation •In the paper: Simpler “model zero” •In this presentation: More advanced model 20
www.herold-security.de
Conceptual View •Cell-based approach to network security •Hierarchy of policies •Technical actors are represented as agents •Especially NSCs regarded as nodes of distributed systems
21
www.herold-security.de
Network Model •Fully connected network topology •Unique addresses •Focus of this network model are the NSCs •Grouping of network nodes supported •Limitation: Certain NSCs cannot be covered in this model due to implicit network topology 22
www.herold-security.de
Policy Model • Users share single global (total) policy • Policy consists of an ordered set of rules • Rules consist of • Source address and port • Target address and port • “allow” or “deny” for traffic between source and target
• Implicit rule for every non explicit one • Rules over groups allow concise policy definitions 23
www.herold-security.de
Use Cases • View current policy • Add/delete/modify/move rule within policy • View status information • View current NSCs • Add/delete/modify NSCs • View groups • Add/delete/modify/rename group 24
www.herold-security.de
Overview Introduction The Herold Project Modelling Background Conceptual Model Implementation Outlook 25
www.herold-security.de
Implementation •Working prototype realising Herold functionality •Implemented using MULAN/CAPA agents •RENEW serves as runtime environment •Further along than “model zero” presented in paper 26
Interactions •Interactions in MULAN/CAPA usually provide the largest part of the functionality •In this scenario many similar interactions occur (e.g. add/delete/modify rule) •Two options: •Model each interactions separately •Model a few interactions catering to many uses 29
Decision Components •Use of “template” interactions forces functionality into decision components (DCs) •DCs can be viewed as special, constantly running protocol nets •Every agent (in this context) possesses a number of DCs
34
www.herold-security.de
Decision Components •AdminProxy
•Network Manager
• User Interface DC
• (Top Level)
•Policy Manager
• Database
• (Top Level) • Database • Localisation
• Localisation
•NSC Proxy • (Top Level) • Localisation
35
User Interface DC
www.herold-security.de
36
Policy Manager Database DC
www.herold-security.de
37
www.herold-security.de
Ontology (partial) 38
www.herold-security.de
Overview Introduction The Herold Project Modelling Background Conceptual Model Implementation Outlook 39
www.herold-security.de
Outlook - Data Models • Extensions to network and policy model: • Explicit and complex network topologies • Abstract security objectives and best practices • Partial policies, policy templates, “policy pool” • ...
40
www.herold-security.de
Herold Cycle 41
www.herold-security.de
Further aspects • Localisation • Verification • Distribution of Herold • Versatility • ... 42
The End Thank You for Your attention Questions? :) www.herold-security.de 43
