Home

LA Generator - Computer and Network Security Group

1. component El ObjectPropertyAssertion getSubject OntologyIndividual getObjectClass OntologyClass getProperty OntologyObjectProperty getObjects Collection lt OntologyIndividual gt isInverseProperty boolean setObjects Collection lt OntologyIndividual gt objects void Figure 10 The Object PropertyAssertion class API This class exposes the following public methods ObjectPropertyAssertion OntologyIndividual subject OntologyClass clazz OntologyObjectProperty property boolean inverse creates the missing relationship assertion boolean isInverseProperty indicates if the assertion regards the property or its inverse OntologyClass getObjectClass retrieves the object class of the assertion Collection lt OntologyIndividual gt getObjects retrieves the objects of the assertion or null if they are missing OntologyObjectProperty getProperty retrieves the object property of the assertion OntologyIndividual getSubject retrieves the subject of the assertion void setObjects Collection lt OntologyIndividual gt sets the objects of the assertion 12 25 LA Generation Service programmer manual Enrichment The enrichment coordinator is represented by the class EnrichmentCoordinator This class is contained in the eu posecco sdss lageneration enrichment plug in and its public methods are depicted in Figure 11 component a component a AggregationDiscovererValidationUI
2. artifact E aggregationProperty name String subPropertyOf String equivalentTo String is ObjectProperty boolean inverseOf String propertyChain String description String Figure 20 The eu posecco sdss lageneration enrichment modules extension point attributes The eu posecco sdss lageneration enrichment modules extension point The eu posecco sdss lageneration enrichment modules extension point exhibits the structure graphically depicted in Figure 20 This extension point defines the two elements smartClassifier and aggregationDiscoverer The smartClassifier element represents a smart classifier and exposes the following attributes name String the name of the smart classifier class SmartClassifier the Java class implementing the smart classifier A smart classifier must also declare the set of smart classes which will fill by defining a set of the sub elements of type outputSmartClass which exposes the following attributes equivalentTo String an expression that can be empty which declares the equivalent classes of the smart class it can be a full qualified class name a short name without the IRI or a Manchester syntax expression name String the full qualified name of the smart class with its IRI subClassOf String an expression that can be empty which declares the super classes of the smart class it can be a full qualified class name a short name without the IRI or
3. fatus Status Status setRefinableltems Collection lt Refinableltem gt items void setst tatus status void getLogicalAssociations Collection lt Logt ociation gt component a LogicalAssociation setLogicalAssociations Collection lt Logica iation gt las void getRefinableltems C olfection lt Refina bleltem gt reset voi getName String setNamelString name yoid getWorkingDirectory String setWorkingDirectory String workingDirectory String Figure 5 The Model class API This class uses several additional classes and enumerations to store the current LA Generation Service model For instance the following types are frequently encountered in the code e the Ontology class is used to store the PoSecCo ontology and provides a set of methods for reading and manipulating its content e the Status specifies the current phase of the refinement process e g enrichment LA extraction The Model class exposes the following public methods Model String name creates a new empty model with the specified name Collection lt LogicalAssociation gt getLogicalAssociations retrieves the refined logical associations String getName retrieves the model name Ontology ge
4. includes all the classes and types needed to manipulate the ontologies eu posecco sdss ui includes a number of Ul related classes eu posecco sdss util includes a number of Ul independent utility classes The dependencies amongst these other plug ins is depicted in Figure 4 eu posecco sdss libraries gt eu posecco sdss images eu posecco sdss common eu posecco sdss ontologies eu posecco sdss util A x x x x 7 x x 7 ES J 4 J _ a a 4 rf I eu posecco sdss ui DI LUI lt l dla ia sez i E A ta a i I eu posecco sdss lageneration Figure 4 The SDSS wide and LA Generation Service plug ins dependencies Metrics Source code metrics are an effective way to intuitively understand the size and complexity of a piece of software For instance the Table 2 shows a series of code statistics related to the LA Generation Service In addition the Tables 3 and 4 lists a set of metrics related to the PoSecCo ontology immediately after the ABox phase that is the ontology still without the LAs 6 25 LA Generation Service programmer manual Metric Value Number of plug ins 19 Number of packages 115 Number of classes 267 Number of methods 732 Number of lines 20116 McCabe cyclomatic complexity 1 93 Table 2 The source co
5. SmartClassifierValidationUI component l EnrichmentModuleManifest EnrichmentCoordinator Display display Model model SmartClassifierValidationUI uil AggregationDiscovererValidationUI ui2 El component EnrichmentCoordinator getEnrichmentModules Collection lt EnrichmentModuleManifest gt _ execute EnrichmentModuleManifest module boolean va i Figure 11 The EnrichmentCoordinator class API This class uses a set of enrichment modules that are bundles used to perform a number of inferences and de ductions on the landscape contained in the PoSecCo ontology Their creation is discussed in detail in Section 4 All the default enrichment modules are declared in the eu posecco sdss lageneration enrichment modules plug in and are e the data model through SSH aggregation discoverer which infer if a connection torward a data model should be protected by using SSH e the filtering zones aggregation discoverer which detect the filtering zones e the unused objects smart classifier which find the used and unused IT objects e the tunnelling zones aggregation discoverer which detect the tunnelling zones e the WS Security links classifier smart classifier which infer if a link should be protected using the WS Security technology The EnrichmentCoordinator class exposes the following public methods Enrichment
6. a Manchester syntax expression The aggregationDiscoverer element represents an aggregation discoverer and exposes the following attributes name String the name of the aggregation discoverer class SmartClassifier the Java class implementing the aggregation discoverer An aggregation discoverer must also declare the set of aggregation classes which will fill by defining a set of the sub elements of type outputAggregationClass which exposes the following attributes 21 25 LA Generation Service programmer manual equivalentTo String an expression that can be empty which declares the equivalent classes of the aggregation class it can be a full qualified class name a short name without the IRI or a Manchester syntax expression name String the full qualified name of the aggregation class with its IRI subClassOf String an expression that can be empty which declares the super classes of the aggregation class it can be a full qualified class name a short name without the IRI or a Manchester syntax expression In addition an aggregation class can also express a set of properties that will be used by the enrichment module by defining a set of aggregationProperty sub elements which exposes the following attributes name String the full qualified name of the aggregation property with its IRI subPropertyof String an expression that can be empty which declares the super property of the aggregation property equi
7. enrichment module manifest for the module called name String getName retrieves the name of the enrichment module void execute boolean validate executes the enrichment module and open the validation UI if requested The LA extraction The LA extraction coordinator is represented by the class LAExtractor This class is contained in the eu posecco sdss lageneration laextraction plug in and its public methods are depicted in Figure 17 It exposes the following public methods 7 An aggregating individual is an object that logically contains a set of aggregated individuals 16 25 LA Generation Service programmer manual LAExtractor Model model component al LAExtractor analyze void extract void Figure 17 The LAExt ractor class API LAExtractor Model model creates a new LA extractor for the specified model void analyze analyzes the ontology in order to detect the technologies and properties for generating the LAs void extract extracts the LAs 17 25 LA Generation Service programmer manual 4 Extending the tool This section describes how extend the LA Generation Service functionalities by specifying the classes exten sion points and files involved in the process Developing a new UI The LA Generation Service modular system allows a developer to easily deploy it into a new user interface since there is a marked division between the UI and the core Ul independent plug ins Th
8. needs at least a basic understanding of the Eclipse framework and the SWT RWT libraries Adding new low level mappers A low level mapper is a special module that maps an IT level object to its infrastructure layer counterpart In order to add a new low level mapper the developer must perform two tasks e adding a new extension to the extension point eu posecco sdss lageneration lowlevel modules e create a new sub class of the class LowLevelMapper that will contains the module code Once performed these steps the module is automatically recognized and registered in the LA Generation Ser vice without touching its internal source code When the tool is launched the new mapper is executed together with the default ones The eu posecco sdss lageneration lowlevel modules extension point The eu posecco sdss lageneration lowlevel modules extension point exhibits the structure graphically de picted in Figure 18 artifact E eu posecco sdss lageneration lowlevel modules artifact D lowLevelModule name String class LowLevelMapper y component LowLevelMapper Figure 18 The eu posecco sdss lageneration lowlevel modules extension point attributes This extension point defines the element lowLevelModule which represent a low level mapper by exposing the following attributes name String the name of the low level mapper class LowLevelMapper the class implementing the low level
9. Coordinator Display display Model model SmartClassifierValidationUI uil AggregationDiscovererValidationUI ui2 creates the coordinator void execute EnrichmentModuleManifest module boolean validate executes an enrichment module and open the validation UI if requested Collection lt EnrichmentModuleManifest gt getEnrichmentModules retrieves all the available enrichment modules The enrichment coordinator class make use of the two interfaces Smart ClassifierValidationUI and AggregationDiscovererValidationUI which represent two UIs which should report to the user the results of an enrichment module and give him the possibility to abort the enrichment module deductions 13 25 LA Generation Service programmer manual component RealizationResult component a SmartClassifierValidationUl validate Collection lt RealizationResult gt realizations void Figure 12 The SmartClassifierValidationULI class API The public methods of SmartClassifierValidationUI are depicted in Figure 12 The SmartClassifierValidationUI interface exposes only one method void validate Collection lt RealizationResult gt realizations this method is called by the enrichment coordinator if the validation UI for an enrichment module is requested and its job is to allow the user to edit the content of the collection realizations that is the result of the enrichment The RealizationResult c
10. I The AggregationResult class exposes the following public methods AggregationResult String name OntologyClass clazz Collection lt AggregationPropertyAxiom gt axioms creates the aggregation named name in the class clazz having the properties axioms 15 25 LA Generation Service programmer manual void addToOntology Ontology ontology adds the current result to an ontology void disableAggregation disables this result void enableAggregation enables this result boolean isAggregating detects if this result refers to an aggregating or aggregated individual OntologyClass getAggregationClass retrieves the aggregation class String getAggregationName retrieves the aggregation name Collection lt AggregationPropertyAxiom gt getPropertyAxioms retrieves the aggregation properties void setAggregationName String name sets the aggregation name In addition the EnrichmentCoordinator uses the EnrichmentModuleManifest class which rep resent all the information about a specific enrichment module Its public methods are depicted in Figure 16 EnrichmentModuleManifest String name al component EnrichmentModuleManifest execute boolean validate void getName String Figure 16 The EnrichmentModuleManifest class API The EnrichmentModuleManifest class exposes the following methods EnrichmentModuleManifest String name creates an
11. LA Generation Service programmer manual Politecnico di Torino version 0 2 0 13 December 2013 LAGENERATIONSERY CE PoSecCo http www posecco eu LA Generation Service programmer manual Contents 1 Introduction 2 2 Software architecture 3 Tapion entao cis cr A eee ee bo bas Pe Oe RS De Med owe ese 3 US ile ek ew es RR ee 4 MER Li LO ee te NARA a ee ee e ae E ek A RA EES ea 6 3 Public APIs 8 ded eo ae ee ee io i Boa ee E ee a da a We eee 8 TEOREMI oe ok Sher aid Be ae SMe a A A al ed Ol Be Bed 9 ABOR mod le o 26 2046 a a he eee a da a he 10 Low level Mapper oo e td a a a hee de 11 FOMCAMEN cocoa dee aa a e RL a a ad 13 ta E AAA 16 4 Extending the tool 18 Developing anew Ul eae a oe Se NEAR oe A AA A A 18 Adding a new phase in the refinement LL 18 Adding new low level mappers os o c a ce ee ee ee da 19 The eu posecco sdss lageneration lowlevel modules extension point 19 The LowLevelMapper elass oaoa 20 Adding new enrichment modules o o o ocos cu ewa E A 20 The eu posecco sdss lageneration enrichment modules extension point 21 The GmaetC lassi tier class 2k ch Le e eh aa e a ba ee bas 22 The AggregationDiscovererclass ee ee ee 23 Modifying the PoSecCo ontology o Lp a ee e 23 1 25 LA Generation Service programmer manual 1 Introduction This document provides an overview of the LA Generation Service from the developer s point of view It is considered a companion
12. an realized sets the realization sign The public methods of AggregationDiscovererValidationUI are depicted in Figure 14 component sa AggregationResult component a AggregationDiscovererValidationUl validate Collection lt AggregationResult gt aggregations void Figure 14 The AggregationDiscovererValidationUI class API The AggregationDiscovererValidationulI interface exposes only one method void validate Collection lt AggregationResult gt aggregations this method is called by the enrichment coordinator if the validation UI for an enrichment module is requested and its job is to allow the user to edit the content of the collection aggregations that is the result of the enrichment The AggregationResult class represents a suggested aggregation set of individuals by an enrichment module Its public methods are depicted in Figure 15 AggregationResult String name OntologyClass clazz Collection lt AggregationPropertyAxion gt axioms El component AggregationResult addToOntology Ontology ontology void disableAggregation void getAggregationName String O E YAA setAggregationName String name void enableAggregation void getAggregationClass OntologyClass O e getPropertyAxioms Set lt AggregationPropertyAxiom gt isAggregating boolean Figure 15 The RealizationResult class AP
13. d in Table 1 are extensively used in the project The implementation of the LA Generation Service refinement process depicted in Figure 1 is showed in Figure 2 with the relevant class names Roughly speaking in PoSecCo a TBox ontology is an ontology which does not contain any information about the landscape and it policies that is it consist only of classes properties and no proper individuals Roughly speaking in PoSecCo an ABox ontology is an ontology which contains some information about the landscape or the policies 3 25 LA Generation Service programmer manual Name Website of the project Eclipse plug in framework Remote Application Platform toolkit Zest visualization toolkit OWL API ontology library Pellet reasoner Hermit reasoner SPARQL DL query engine JGraphT graph library ttpi eclipse org Etpiy eclipse org rap ttp www eclipse org gef zest ttp owlapi sourceforge net ttp clarkparsia com pellet ttp hermit reasoner com ttp www derivo de en resources sparql dl api html gt PF Pes DI PD ttp jgrapht org Table 1 The technologies used in the LA Generation Service Figure 2 The core implementation schema Each aforementioned phase is implemented by an instance of a class acting as a coordinator for several other sub components that is e the TBoxModule class is the coordinator of the TBox module phase the ABoxModule class is the coordinato
14. de metrics Metric Value Number of axioms 5643 Number of classes 333 Number of object properties 204 Number of data properties 76 Number of individuals 767 DL expressivity SOTF D Table 3 The PoSecCo ontology metrics after the ABox phase for the year 2 landscape Thales Metric Value Number of axioms 5621 Number of classes 325 Number of object properties 259 Number of data properties 110 Number of individuals 859 DL expressivity STF D Table 4 The PoSecCo ontology metrics after the ABox phase for the year 3 landscape ATOS 7 25 LA Generation Service programmer manual 3 Public APIs This section briefly describes the public methods of the most important classes of the LA Generation Service For a more detailed description of all the available types please refer to the code Javadoc documentation The model The LA Generation Service model is represented by the homonym class Mode1 This class is contained in the eu posecco sdss lageneration model plug in and its public methods are depicted in Figure 5 component a Model String name RefinableRoot component Ontology El component Model getRefinableRoots Collection lt RefinableRoot gt getOntology Ontology x T setRefinableRoots Collection lt RefinableRoot gt roots void setOntology Ontology ontology void component a Refinableltem component E
15. des The LowLevelCoordinator class exposes the following public methods LowLevelCoordinator Model model MissingInfoUI ui creates the coordinator void execute String name executes the low level mapper called name void executeALll executes all the low level mappers This class uses the interface MissingInfoUI which represents a UI which should ask the user for a missing relationship between two landscape elements e g which are the computers used by a specific user Its public methods are depicted in Figure 9 The MissingInfoUL interface exposes only one method void open Model model Set lt ObjectPropertyAssertion gt info this method is called by the low level coordinator whenever a set of missing relationships is found and its job is to fill the missing information in the parameter info 11 25 LA Generation Service programmer manual component E Model component E MissingInfoUl open Model model Set lt ObjectPropertyAssertion gt info void component ObjectPropertyAssertion Figure 9 The MissingInfoUI class API The ObjectPropertyAssertion class represents a missing relationship between two individuals in the PoSecCo ontology Its public methods are depicted in Figure 10 ObjectPropertyAssertion OntologyIndividual subject OntologyClass clazz OntologyObjectProperty property boolean inverse
16. e core plug ins are the eu posecco sdss lageneration tbox e the eu posecco sdss lageneration abox e the eu posecco sdss lageneration lowlevel e the eu posecco sdss lageneration lowlevel modules e the eu posecco sdss lageneration enrichment e the eu posecco sdss lageneration enrichment modules e the eu posecco sdss lageneration laextraction the eu posecco sdss lageneration model While the following ones contains the default Ul e the eu posecco sdss lageneration lowlevel ui e the eu posecco sdss lageneration enrichment ui e the eu posecco sdss lageneration laextraction ui e the eu posecco sdss lageneration ui The only requirement is that the coordinators must be called in the right order and that the MissingInfoUI SmartClassifierValidationUI and AggregationDiscovererValidationUI interfaces for the low level mapping and enrichment must be implemented by a concrete class calling the right user inter face as needed This architecture allows the developer to easily integrate the LA Generation Service into its own system by using a fully customized GUI CUI or even by removing any UI in order to perform the policy refinement in a totally automatic way Adding a new phase in the refinement In the following paragraphs it is described how to add a new phase in the refinement process using the default UI The process can be substantially different if the developer uses a custom user interface There are several choic
17. ely add these individuals to a specific class Note that for performances reasons the collect method should only read the PoSecCo ontology 22 25 LA Generation Service programmer manual component E EnrichmentModule gt component E SmartClassifier component E RealizationResult add OntologyIndividual individual OntologyClass clazz void collect Collection lt RealizationResult gt Figure 21 The SmartClassifier class API The AggregationDiscoverer class An aggregation discoverer is represented by the abstract class AggregationDiscoverer which extends the base class EnrichmentModule This class is contained in the eu posecco sdss lageneration enrichment plug in and its public methods are depicted in Figure 22 component El AggregationResult component AggregationDiscoverer F collect Collection lt AggregationResult gt Figure 22 The AggregationDiscoverer class API This class exposes only one public methods Collection lt AggregationResult gt collect retrieves the list of the suggested aggregations The collect method should analyze the ontology and return the suggested aggregation for a number of ontology individuals Note that for performances reasons the collect method should only read the PoSecCo ontology Modifying the PoSecCo ontology The first two steps of the LA Generation Service the TBox and AB
18. eration enrichment ui k a Da eu posecco sdss lageneration a box A I Wi eu posecco sdss lageneration enrichment x n f l l a eu posecco sdss lageneration ui gt A A Il r Hy l y Vv l MN 7 x yu WI eu posecco sdss lageneration tbox Ii a E n ia 4 geupaseecostsslogeeroon model eu posecco sdss lageneration lowlevel gt rA I I I ati y eu posecco sdss lageneration enrichment modules eu posecco sdss lageneration laextraction D 1 A 1 eu posecco sdss lageneration laextraction ui k eu posecco sdss lageneration lowlevel modules Figure 3 The LA Generation Service plug ins dependencies 5 25 LA Generation Service programmer manual In addition these plug ins make use of several classes enumeration and types contained in a number of other SDSS wide bundles eu posecco sdss common includes several facilities used to pass data e g the PoSecCo ontology to the other SDSS components such as the Infrastructure Configuration Service eu posecco sdss images includes all the icons and images eu posecco sdss io includes several MoVE utility classes eu posecco sdss libraries includes all the external libraries needed by the LA Generation Service eu posecco sdss ontologies
19. es available to add a new job but the simplest and easiest consists of the following steps Create a new status item Create a new item in the Status enumeration that will identify the new stage The Status enumeration is located in the eu posecco sdss lageneration model plug in 18 25 LA Generation Service programmer manual Create a new Eclipse job Create a new Eclipse job or use the Phase class which contains the code to be executed The developer is encouraged to use one of these classes so that the new code can be launched in a separated thread in order to avoid freezing the UI during its execution The only requirement is that the job must use the set Status method on a Model instance to signal the end of the phase Modify the automatic process Modify the view defined in the LAGenerat ionView class located in the eu posecco sdss lageneration ui plug in by editing the selection listener of the doA11Button field This is needed in order to execute the new phase when the user choose the automatic process option Modify the manual process Add a new control e g a new hyperlink and a selection listener in the class LAGenerationView that will execute the new phase The initDataBindings method should also be modified to enable or disable the new control accordingly to the model status This is needed in order to execute the new phase when the user choose the manual process option To accomplish these modifications the developer
20. g gt lt xsd enumeration value classesEquivalence gt lt xsd enumeration gt lt xsd enumeration value objectPropertiesEquivalence gt lt xsd enumeration gt lt xsd enumeration value dataPropertiesEquivalence gt lt xsd enumeration gt lt xsd restriction gt lt xsd simpleType gt lt xsd complexType name AxiomType gt lt xsd sequence gt lt xsd element name first type xsd string minOccurs 1 maxOccurs i gt lt xsd element gt lt xsd element name second type xsd string minOccurs 1 maxOccurs gt lt xsd element gt lt xsd sequence gt lt xsd attribute name kind type AxiomKindType use required gt lt xsd attribute gt lt xsd complexType gt lt xsd complexType name AxiomsType gt lt xsd sequence gt lt xsd element name axiom type AxiomType maxOccurs unbounded minOccurs 1 gt lt xsd element gt lt xsd sequence gt lt xsd complexType gt lt xsd schema gt Listing 1 The XML schema for the equivalence axioms file 25 25
21. inning the LA Generation Service creates the PoSecCo ontology which con tains all the information needed to produce the LAs This stage is performed in two passes TBox module phase A set of TBox ontologies are merged together to form an initial PoSecCo ontology without any individual For more information about the PoSecCo meta models see D2 2 IT policy meta model and language and D4 2 Structural landscape meta model ABox module phase The PoSecCo ontology is merged with a set of ABox ontologies by filling it with the landscape and policy information Ontology manipulation When the initial PoSecCo ontology is created the LA Generation Service analyzes it in order to extract the logical associations This part is performed in three steps Low level mapping The IT level instances are mapped towards one or more low level objects in the infrastructure layer Enrichment A series of landscape inferences and deductions are performed in order to produce more secure and strict LAs in the following phase LA extraction The data acquired in the previous two steps is analyzed in order to produce the logical associations which are store in the PoSecCo ontology The following paragraphs provides a briefly overview of the internal infrastructure of each aforementioned phase and their features Implementation The LA Generation Service is a tool entirely written using the Java programming language In addition the technologies liste
22. lass represents a suggested realization classification of an ontology individual by an enrichment module Its public methods are depicted in Figure 13 RealizationResult OntologyIndividual target OntologyClass clazz boolean realized String explanation component al RealizationResult getSmartClass OntologyClass setRealized boolean realized void getTarget OntologyIndividual isRealized boolean getExplanation String Figure 13 The RealizationResult class API The RealizationResult class exposes the following public methods RealizationResult OntologyIndividual target OntologyClass clazz boolean realized String explanation creates the realization suggesting that the individual target should belong to the class clazz n tring getExplanation retrieves the explanation of the realization OntologyClass getSmartClass retrieves the target class of the realization OntologyIndividual getTarget retrieves the target of the realization SA filtering zone is a set of network nodes that can communicate together without crossing any filtering device SA tunnelling zone is a set of network nodes that lies at the end of a single IPsec tunnel 14 25 LA Generation Service programmer manual boolean isRealized indicates if the realization is positive the individual should belong to the class or negative the individual should not belong to the class void setRealized boole
23. mapper SThis class is a custom extension of org eclipse core runtime jobs Jobs and it is contained in the eu posecco sdss util plug in 19 25 LA Generation Service programmer manual The LowLevelMapper class A low level mapper is represented by the abstract class LowLevelMapper This class is contained in the eu posecco sdss lageneration lowlevel plug in and its public methods are depicted in Figure 19 component E MissingInfoUl component El LowLevelMapper F MissinginfoUI ui void component E Model Figure 19 The LowLevelMapper class API The LowLevelMapper class exposes only one public method void map Model model MissingInfoUI ui performs the mapping and display the user interface ui requesting a missing relationship if needed The map method should analyze the ontology and insert a series of property assertions between an IT level object and an infrastructure level individual Typically the property used is a child of refinestTo such as refinesToNode or refinesToITInterface If a new object property needs to be added to the ontology please refer to the Section 4 Adding new enrichment modules An enrichment module is a special bundle that performs some inferences over the landscape elements These deductions will be used in the later stages of the refinement process to generate more secure logical associations In order to add a new enrichment m
24. mplement the TBox module phase eu posecco sdss lageneration abox includes the ABoxModule class and all the sources needed to implement the ABox module phase eu posecco sdss lageneration lowlevel includes the LowLevelCoordinator the LowLevelMapper classes and all the sources needed to implement the low level mapping phase but the low level mappers eu posecco sdss lageneration lowlevel modules includes the standard low level mappers eu posecco sdss lageneration lowlevel ui includes the UI for the low level mapping phase eu posecco sdss lageneration enrichment includes the EnrichmentCoordinator the EnrichmentModul e classes and all the sources needed to implement the enrichment phase but the enrichment modules eu posecco sdss lageneration enrichment modules includes the standard enrichment modules eu posecco sdss lageneration enrichment ui includes the UI for the enrichment phase eu posecco sdss lageneration laextraction includes the LAExt ractor class and all the sources needed to implement the LA extraction phase eu posecco sdss lageneration laextraction ui includes the UI for LA extraction phase eu posecco sdss lageneration ui includes the perspective the views and all the related sources eu posecco sdss lageneration model includes the Model class and all its related sub types These plug ins are extensively intertwined amongst them as shown in the dependency graph depicted in Fig ure 3 eu posecco sdss lagen
25. ntology in order to detect the available refinable items boolean merge fills the PoSecCo ontology with the landscape and policy information reading them from a local copy and returning false or MOVE and returning true This enumeration is declared in the eu posecco sdss ontologies plug in and can be used to select the Pellet or the Hermit reasoners 10 25 LA Generation Service programmer manual Low level mapper The low level mapper coordinator is represented by the class LowLevelCoordinator This class is con tained in the eu posecco sdss lageneration lowlevel plug in and its public methods are depicted in Figure 8 component component Model MissingInfoUl ee LowLevelCoordinator Model model MissingInfoUl ui El component LowLevelCoordinator execute String name void executeAll void Figure 8 The LowLevelCoordinator class API This class uses a number of low level mappers that are modules specialized in finding the relationships of an IT level instance toward a specific infrastructure level concept The creation of new low level mappers is discussed in Section 4 The LA Generation Service already contains the following default mappers declared in the eu posecco sdss lageneration lowlevel modules plug in e the mapper toward the IT interfaces e the mapper toward the interfaces e the mapper toward the IT resources e the mapper toward the no
26. odule the developer must perform two tasks e adding a new extension to the extension point eu posecco sdss lageneration enrichment modules e create a new sub class of the class EnrichmentModule that will contains the module code Once performed these steps the module is automatically recognized and registered in the LA Generation Ser vice When the tool is launched the new bundle should appear in the UI listing the available enrichment modules The enrichment modules can be split in two different types e the smart classifiers try to classify a landscape element in a dynamically generated class called a smart class e g classification of a service as a public service e the aggregation discoverers find aggregations of landscape elements that are set of individuals sharing some common feature e g detecting the filtering zones 20 25 LA Generation Service programmer manual artifact D eu posecco sdss lageneration enrichment modules artifact i artifact D artifact D i artifact D outputSmartClass smartClassifier aggregationDiscoverer outputAggregationClass equivalentTo String E name String name String equivalentTo String name String E ag K i ti name String Eten 0 String class SmartClassifier class AggregationDis coverer belss of string Vv component component a SmartClassifier AggregationDiscoverer
27. of the LA Generation Service user manual in which the use of the LA Generation Service and its UI are described The LA Generation Service is used to transform a set of policies into logical associations LAs This process is known as policy refinement For further information regarding the policy refinement process and the LA generation see D3 5 Models to refine the IT policy at service level This service is a complex toolbox containing a number of specialized modules which are presented in depth in the following sections including their APIs their dependencies and a how to extend them This document is structured as follows The Section 2 is devoted to explain the LA Generation Service internal structure by providing a bird s eye view of its architecture its plug ins and its types The Section 3 describes the tool APIs focusing on the most important classes and interfaces Finally the Section 4 describes how to extend the tool by adding new components features and UIs 2 25 LA Generation Service programmer manual 2 Software architecture The goal of the LA Generation Service is to produce a set of logical associations via the policy refinement process which is graphically depicted in Figure 1 Ontology connection Ontology manipulation J LA extraction Figure 1 The policy refinement process The policy refinement is performed in two consecutive stages Ontology connection At the beg
28. ox module phases create the initial PoSecCo ontology by merging together a set of smaller and independent ontologies If the developer needs to modify the ontology structure i e in order to add a new object property he must edit these elementary ontologies which are stored in the eu posecco sdss lageneration model plug in and in particular e all the TBox ontologies are located in the tbox directory e all the ABox ontologies are located in the abox directory 23 25 LA Generation Service programmer manual In addition the eu posecco sdss lageneration model plug in contains the file xm1 tbox xm1 which de clares a set of axioms that are automatically inserted in the PoSecCo ontology by the TBox module These axioms are used to define a number of equivalence axioms in order to better merge together the TBox ontolo gies This file supports the following tags defined by the XML schema listed in Listing 1 classesEquivalence declares an equivalence between two classes objectPropertyEquivalence declares an equivalence between two object properties datPropertyEquivalence declares an equivalence between two data properties 24 25 LA Generation Service programmer manual lt xml version 1 0 encoding UTF 8 gt lt xsd schema xmlns xsd http www w3 0rg 2001 XMLSchema gt lt xsd element name axioms type AxiomsType gt lt xsd element gt lt xsd simpleType name AxiomKindType gt lt xsd restriction base xsd strin
29. r of the ABox module phase the LowLevelCoordinator class is the coordinator of the low level mapping phase the EnrichmentCoordinator class is the coordinator of the enrichment phase e the LAExtractor class is the coordinator of the LA extraction phase The entire project obeys the rules dictated by the MVC Model View Controller pattern This is emphasized by the fact that the coordinator of each phase makes use of a central model represented by the homonym class Model which contains the PoSecCo ontology and several other data A detailed description of these classes is given in Section 3 In order to promote the flexibility and extensibility of the LA Generation Service the low level mapping and en richment coordinators make use of a plug in based approach They offer the capability of adding new modules i e low level mappers and enrichment modules by the means of an Eclipse extension point By implementing two special abstract classes LowLevelMapper and EnrichmentModule the developer can extend the functionalities of the LA Generation Service without modifying the implementation source code This topic is discussed further in Section 4 Plug ins Since the Eclipse framework was adopted all the LA Generation Service code is split into a set of specialized plug ins that are 4 25 LA Generation Service programmer manual eu posecco sdss lageneration tbox includes the TBoxModule class and all the sources needed to i
30. rdinator is represented by the class TBoxModule This class is contained in the eu posecco sdss lageneration tbox plug in and its public methods are depicted in Figure 6 This class makes use of the enumeration ReasonerType which contains a list of all the supported ontology reasoners The TBoxModule class exposes the following public methods TBoxModule Model model creates the module using the specified model void merge ReasonerType reasonerType creates the initial PoSecCo TBox ontology that is an ontology without the landscape and policy infor mation and initializes the reasoner 9 25 LA Generation Service programmer manual component El Model TBoxModule Model model a component TboxModule component El ReasonerType yp reasonerType void Figure 6 The TBoxModule class API component E Model ABoxModule Model mode El component ABoxModule e boolean alyze void Figure 7 The ABoxModule class API ABox module The ABox module coordinator is represented by the class ABoxModule This class is contained in the eu posecco sdss lageneration abox plug in and its public methods are depicted in Figure 7 The Al BoxModule class exposes the followin public methods ABoxModule Model model creates the module using the specified model void analyze analyzes the o
31. tOntology retrieves the current PoSecCo ontology gt This class is contained in the eu posecco sdss ontologies plug in 8 25 LA Generation Service programmer manual Collection lt RefinableItem gt getRefinableItems retrieves the items policies and links selected for the refinement Collection lt RefinableRoot gt getRefinableRoots retrieves the items policies and links that can be refined Status getStatus retrieves the current refinement phase String getWorkingDirectory retrieves the working directory that is where the output files will be written void reset resets the model to its initial empty state void setLogicalAssociations Collection lt LogicalAssociation gt las sets the refined logical associations void setName String name sets the model name void setOntology Ontology ontology sets the current PoSecCo ontology void setRefinableltems Collection lt Refinableltem gt items sets the items policies and links selected for the refinement void setRefinableRoots Collection lt RefinableRoot gt roots sets the items policies and links that can be refined void setStatus Status status sets the current refinement phase void setWorkingDirectory String workingDirectory sets the working directory Note that a valid Model instance must be passed to the phase coordinators in order to obtain a correct and consistent output TBox module The TBox module coo
32. valentTo String an expression that can be empty which declares an equivalent relation of the aggregation property isObjectProperty boolean a boolean indicating 1f the aggregation property is an object or data property inverseOf String an expression that can be empty which declares the inverse relation of the aggregation property propertyChain String an expression that can be empty which declares a property chain that will be used to infer the aggregation property description String an optional human readable description of the aggregation property Note that the enrichment coordinator will automatically create the smart and aggregation classes so the only job of the enrichment module is to fill them as it seems fit The SmartClassifier class A smart classifier is represented by the abstract class SmartClassifier which extends the base class EnrichmentModule This class is contained in the eu posecco sdss lageneration enrichment plug in and its public methods are depicted in Figure 21 This class exposes the following public methods void add OntologyIndividual individual OntologyClass clazz effectively add the individual individual to the class clazz Collection lt RealizationResult gt collect retrieves the list of the suggested realizations The collect method should analyze the ontology and return the suggested classification for a number of ontology individuals while the add should effectiv

LA Generator - Computer and Network Security Group

Contents

Download Pdf Manuals

Related Search

Related Contents