Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device...
-
Upload
baby-maddock -
Category
Documents
-
view
214 -
download
0
Transcript of Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device...
![Page 1: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/1.jpg)
Policy Management & Enforcement
![Page 2: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/2.jpg)
Overview
S3MS Deployment Center Already demoed at M18
Off-device Inlining demo Already demoed at M18
DEMO 1: On-device Matching DEMO 2: On-device Inlining
![Page 3: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/3.jpg)
S3MS Deployment Center
![Page 4: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/4.jpg)
S3MS Deployment Center
Main changes between M18 and M24 Support for metadata generation Creation of new representation compilers Greatly updated inliner and PDP generator Extended multi-runtime support
.NET CF 2.0, full .NET 2.0, Mono, … Stability and UI improvements
![Page 5: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/5.jpg)
S3MS Deployment Center
+Process()
ComplianceEngine
+Process()
ComplianceModule
+Process()
SignatureComplianceModule
+Process()
InlineComplianceModule
+Process()
ContractComplianceModule
+IsMatch()
ContractPolicyMatcher
1
-ComplianceModules
1..*
*
-Matcher1
![Page 6: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/6.jpg)
Policy Management
![Page 7: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/7.jpg)
Policy Management
![Page 8: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/8.jpg)
Metadata
![Page 9: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/9.jpg)
Off-device inlining
![Page 10: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/10.jpg)
Off-device inlining
![Page 11: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/11.jpg)
DEMO 1 and DEMO 2
Demo 1: On-device matching Demo 2: On-device inlining Uses the Omnys case study Shown on video
Live demo available on demand!
![Page 12: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/12.jpg)
DEMO 1: On-device matching
In this demo, we use semantic matching Hash-based, identical and remote matching also implemented
Semantic matching algorithm is developed by UNITN This demo shows the integration of the matcher into our application
deployer The algorithm details will be detailed by UNITN in a following
presentation
The demo device is setup to only support matching No inlining
![Page 13: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/13.jpg)
DEMO 1: On-device matching
Policy
SCOPE SESSIONSECURITY STATE
BEFORE WebRequest.Create(string url)PERFORMurl.StartsWith("http") -> {skip;}
SCOPE SESSIONSECURITY STATE CONST int maxMessage = 5; int messageSent = 0 RANGE 0 .. 5;
BEFORE SmsMessage.Send()PERFORMmessageSent<maxMessage -> { skip; }
AFTER SmsMessage.Send()PERFORMtrue -> { messageSent = messageSent + 1; }
Contract
SCOPE SESSIONSECURITY STATE
BEFORE WebRequest.Create(string url)PERFORMurl.StartsWith("http") -> {skip;}url.StartsWith("ftp") -> {skip;}
SCOPE SESSIONSECURITY STATE CONST int maxMessage = 5; int messageSent = 0 RANGE 0 .. 5;
BEFORE SmsMessage.Send()PERFORMmessageSent<maxMessage -> { skip; }
AFTER SmsMessage.Send()PERFORMtrue -> { messageSent = messageSent + 1; }
![Page 14: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/14.jpg)
![Page 15: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/15.jpg)
DEMO 1: On-device matching
Policy
SCOPE SESSIONSECURITY STATECONST int maxKbRecieve = 1024;
BEFORE BeginReceive(byte[] buffer, int offset, int size, SocketFlags socketFlags, AsyncCallback callback, Object state) PERFORMsize < maxKbRecieve -> { skip; }
SCOPE SESSIONSECURITY STATE CONST int maxMessage = 7; int messageSent = 0 RANGE 0 .. 7;
BEFORE SmsMessage.Send()PERFORMmessageSent<maxMessage -> { skip; }
AFTER SmsMessage.Send()PERFORMtrue -> { messageSent = messageSent + 1; }
Contract
SCOPE SESSIONSECURITY STATECONST int maxKbRecieve = 512;
BEFORE BeginReceive(byte[] buffer, int offset, int size, SocketFlags socketFlags, AsyncCallback callback, Object state) PERFORMsize < maxKbRecieve -> { skip;}
SCOPE SESSIONSECURITY STATE CONST int maxMessage = 5; int messageSent = 0 RANGE 0 .. 5;
BEFORE SmsMessage.Send()PERFORMmessageSent<maxMessage -> { skip; }
AFTER SmsMessage.Send()PERFORMtrue -> { messageSent = messageSent + 1; }
![Page 16: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/16.jpg)
![Page 17: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/17.jpg)
DEMO 2: On-device inlining
Inlining can be used for legacy applications Without a contract/proof/signature/…
In this demo, we want to limit the access to the contacts
![Page 18: Policy Management & Enforcement. Overview S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device.](https://reader035.fdocuments.in/reader035/viewer/2022081518/5518c00e550346881f8b5575/html5/thumbnails/18.jpg)