Permission is granted for noncommercial reproduction of the work for educational or research purposes.

Abstract not found

In this article, we describe a new architecture providing the access control service in both ATM and IP over ATM networks. This architecture is based on agents distributed in network equipment. It is well known that distribution makes the management process more difficult. This issue is raised and we provide an algorithm to distribute the access control policy on our agents. The comparison with other approaches shows that this architecture provides big improvements in ATM-level access control, scalability and QoS preservation.

Surveillance of packet-mode communications can draw on ideas from rewalls and network intrusion detection systems but has features that raise distinct software engineering challenges. We propose an architecture, CSF, for composable separation functions that can enhance privacy, clarity of speci cations, and assurance. We introduce a language, NERL, for network event recognition and use it to build an opensource surveillance system, OpenWarrants, based on CSF. We demonstrate how NERL can be used as a basis for formally analyzing privacy protections and how CSF can be used to provide new capabilities within formally-speci ed privacy policies.

This survey is intended to be a comprehensive compilation and categorization of currently available intrusion detection system (IDS) commercial products. It was undertaken at the instigation and with the support of the Global Security Analysis Laboratory at IBM's Zurich Research Laboratory in Rueschlikon, Switzerland. It is based almost entirely on published reports, published product evaluations, and vendorsupplied product information. Prior to publication, considerable effort was expended attempting to contact every referenced vendor, so that they might point out and suggest corrections. The comments by those who responded were reviewed carefully and incorporated where appropriate. This survey does not recommend or endorse any specific product or service; it is intended wholly as a resource for those interested in the current state and the ongoing evolution of IDS products and what that implies for IDS research and development. Note: All referenced brand or product names are trademarks or registered trademarks of their respective holders.

: In this article, we describe a new architecture providing the access control service in both ATM and IP-over-ATM networks. This architecture is based on management agents distributed in network equipment. Several examples are given illustrating the benefits of this architecture. The comparison with other approaches shows that this architecture provides big improvements in ATM-level access control, scalability and QoS preservation. 1.

In this article, we describe a new architecture providing the access control service in both ATM and IPover -ATM networks. This architecture is based on agents distributed in network equipment. It is well known that distribution makes the management process more difficult. This issue is raised and we provide an algorithm to distribute the access control policy on our agents. The comparison with other approaches shows that this architecture provides big improvements in ATM-level access control, scalability and QoS preservation. Keywords: Access Control, Management, Security, ATM, Agents, IP-over-ATM. 1.

Intrusion Detection Systems (IDSs) are the computer equivalent of office burglar alarms: they aim at monitoring computer networks for detecting attacks and intrusions. IDSs are becoming one of the main security components in secured network environments. Though rewarding, their mission is also challenging and IDSs are facing a few major obstacles. Analyzing these obstacles in order to define the guidelines for an IDS that would remain efficient on a long term scale is the project of the present report.