Pedro Veiga

Authorization and Access Control in Adaptive Workflows

In recent years we have witnessed the development of adaptive workflow management systems. These systems offer an extended set of features to support both ad-hoc and evolutionary changes, while ensuring correctness of process definition and their running instances. Ad-hoc and evolutionary changes impose new access control requirements, which have been neglected by adaptive workflow research and are not met by existing models for traditional workflow management systems (WfMSs). In this paper, we extend the role-based access control model for adaptive workflows. This extension is done by defining authorizations for adaptive WfMSs and adaptive authorizations.

Protecting the DNS infrastructure of a top level domain: Real-time monitoring with network sensors

In this paper we propose a solution to strengthen the security of domain name system (DNS) servers associated with one or more top level domains (TLD). The proposed solution has been developed and tested at FCCN, the TLD manager for the .PT domain. Through the implementation of network probes that monitor the network in real-time, we are able to dynamically prevent, detect or limit the scope of attempted intrusions or other types of attacks to the DNS service. The platform relies heavily on cross-correlation allowing data from a particular sensor to be shared with the others. Administration tasks such as setting up alarms or performing statistical analysis are made through a Web-based interface.

Probing next generation Portuguese academic network

Purpose – The purpose of this article is to provide several viewpoints about monitoring aspects related to recent deployments of a new technology (IPv6).Design/methodology/approach – Several views and domains were used, with a common point: the Portuguese research and education network (RCTS).Findings – A significant amount of work is yet to be done, in order to mature the deployment of this new internet technology.Research limitations/implications – The equipment whence the data were collected still has some limitations regarding the new technology. Future datasets may benefit from wider deployments.Practical implications – The work also demonstrates that IPv6 deployment is in its early stages, which is negative, given the projected dates for IPv4 exhaustion.Originality/value – The findings and the work described will be useful for people trying to deploy IPv6 networks in the short or medium timeframe.

NAPP: Connecting Mentors and Students at Técnico Lisboa

In the past five years, a successful first-year mentoring programme at Tecnico Lisboa’s Taguspark campus promoted by Nucleo de Apoio ao Estudante - Taguspark (NAPE-TP) was brought into play. Nevertheless, the relationship between mentors (mostly second-year students) and mentees (first-year students) tends to weaken after the first academic weeks of the semester. This problem can be addressed with the creation of a consistent and unique communication channel between all the parties involved in this programme. This work presents NAPP, a novel mentoring software solution for first-year mentorship programmes, that enhances the communication between mentors and mentees while providing study guidance tools for mentees. NAPP is composed of two key components, a cross-platform mobile application and a web application that is used as a high level performance analysis tool by the programme’s coordinator. These components were developed using state of the art technologies like the Ionic Framework using AngularJS, and the NoSQL databases CouchDB and PouchDB.

Improving DNS Security Using Active Firewalling with Network Probes

The security problems that outbreak network services today are increasing at a dramatic pace especially with the unceasing improvement of network transmission rates and the sheer amount of data exchanged. This translates not only more incidents but also new types of attacks with network incidents becoming more and more frequent. A significant part of the attacks occurs at Top Level Domains (TLDs) who have the assignment of ensuring the correct functioning of Domain Name System (DNS) zones. The proposed solution has been developed and tested at FCCN (Foundation for National Scientific Computing), the TLD manager for the .PT domain. The system consists of network sensors that monitor the network in real-time and can dynamically detect, prevent, or limit the scope of the attempted intrusions or other types of attacks to the DNS service, thus improving its global availability.

Protecting the DNS Infrastructure of a Top Level Domain: Dynamic Firewalling with Network Sensors

The security problems that plague network services today are increasing at a dramatic pace especially with the constant improvement of network transmission rates and the sheer amount of data exchanged. This translates to not only more attacks but also new types of attacks with network incidents becoming more and more frequent. A substantial part of the attacks occur at Top Level Domains (TLD) who have the mission of guaranteeing the correct functioning of Domain Name System (DNS) zones. This paper presents a proposal to simplify the detection of attacks, and reduce the number of false reports (negative and positive). Our goal is to create a group of techniques for real time monitoring of network traffic, based on network sensors that allow, in real time, to detect abnormal network behaviour and produce meaningful data that can be used to trigger alarms and anticipate future problems, adding and removing rules at DNS firewalls. This sensors, are working together with the primary DNS servers of the .PT domain, currently monitor all traffic that crosses this service. The data correlation between the sensor and other sources (such as IDS, other sensors or agents), between two different dates, can then be used for statistical purposes and to prevent future possible attacks.