Description
It is an open problem to make sure that an application that runs in a business context satisfies certain security constraints throughout its entire lifetime. If a file or network location can only be accessed 5 times from Domain A and 10 times from Domain B, it is not easy to block the 6th access in first case, or the 11thin the second case. This is because it is difficult to maintain state parameterized by domain simply because as of now, controlling mechanisms are either located in domain A, or in domain B. Compliance refers to how correct a policy has been implemented. In the example above, a mechanism that blocks the 6th and 7th access to the file from Domain A is 100% correct, but if it blocks the 4th one too, or lets the 6th one pass, then it is neither 100% compliant (because it's not correct) nor 0% compliant (because it's not as restrictive or as loose as it was meant). Quantifying how close an application is to being compliant is essential for administrators and managers because it gives a feel over how a Service Level Agreement (SLA) is being fulfilled, and when this quantification comes with extra-information about where the application fell short, this can help administrators to find the cause of the problem and reconfigure the system so that the compliance level would be higher. Based on a middleware framework to enforce policies across services or endpoints, we need to implement a system that, given a set of policies and of mechanisms that enforce them, measures how well these mechanisms perform their task. The way to do this is to analyze data from several endpoints, and model a set of algorithms that look for policy violations and measure their impact onto the underlying application. These algorithms involve heavily pattern matching with confidence levels and event correlation. This work requires experiment development and testing, under close supervision. The topic is innovative and apart from being very interesting, is going to have an impact on the security community
It is an open problem to make sure that an application that runs in a business context satisfies certain security constraints throughout its entire lifetime. If a file or network location can only be accessed 5 times from Domain A and 10 times from Domain B, it is not easy to block the 6th access in first case, or the 11thin the second case. This is because it is difficult to maintain state parameterized by domain simply because as of now, controlling mechanisms are either located in domain A, or in domain B. Compliance refers to how correct a policy has been implemented. In the example above, a mechanism that blocks the 6th and 7th access to the file from Domain A is 100% correct, but if it blocks the 4th one too, or lets the 6th one pass, then it is neither 100% compliant (because it's not correct) nor 0% compliant (because it's not as restrictive or as loose as it was meant). Quantifying how close an application is to being compliant is essential for administrators and managers because it gives a feel over how a Service Level Agreement (SLA) is being fulfilled, and when this quantification comes with extra-information about where the application fell short, this can help administrators to find the cause of the problem and reconfigure the system so that the compliance level would be higher. Based on a middleware framework to enforce policies across services or endpoints, we need to implement a system that, given a set of policies and of mechanisms that enforce them, measures how well these mechanisms perform their task. The way to do this is to analyze data from several endpoints, and model a set of algorithms that look for policy violations and measure their impact onto the underlying application. These algorithms involve heavily pattern matching with confidence levels and event correlation. This work requires experiment development and testing, under close supervision. The topic is innovative and apart from being very interesting, is going to have an impact on the security community
Skill required
- Very good knowledge on Java programming (mandatory)
- Some experience with designing algorithms
- Knowledge on software testing and performance testing
- Experience with Web Service development and deployment, as well as knowledge on SOAP and XML is a plus
To apply please contact:
prof. Bruno Crispo
Fax: +39 0461 28 2099
E-mail: crispo
disi.unitn.it