SlideShare a Scribd company logo

IT Architecture Automatic Verification (RCIS 2010)

António Alegria
António Alegria

Presentation I gave at RCIS 2010.

Technology
1 of 27
Download to read offline
IT  Architecture  Automa/c  Verifica/on:   A  Network  Evidence-­‐based  Approach   António  Alegria  (Presen0ng)   Portugal  Telecom   Ins/tuto  Superior  Técnico  –  Universidade  Técnica  de  Lisboa     André  Vasconcelos   Center  for  Opera/onal  Design  and  Engineering   Ins/tuto  Superior  Técnico  –  Universidade  Técnica  de  Lisboa    
Roadmap   •  Problem  Statement   •  Proposed  Approach   •  Proof  of  Concept  Prototype   •  Case  Study   •  Results   •  Future  Work   2  
Problem  Statement     Informa5on  Systems  Architecture  (ISA)  Planning  Process   Is  the  expected  model  correct?   Does  the  implementa5on  meet   expecta5ons?   3  
How  to  Check  the  Reality  of  IT  Architecture?   •  Actual  architecture  emerges  from  Informa/on   Systems’  (IS)  func/on   •  IS  manifest  themselves  through:   –  Input  and  Output  ar/facts   –  Interac/ons  with  other  agents  (humans  or  machines)   •  Interac/ons  with  other  systems  are  predominantly   through  TCP/IP  networks   •  At  the  technology  level  it’s  possible  to  capture  all  IS’   manifesta/ons  in  corporate  networks   –  Security  experts  have  been  doing  it  for  a  long  /me  although  with  a   different  purpose  and  at  a  lower  level  of  abstrac/on   4  
How  to  Check  the  Reality  of  IT  Architecture?   •  How  to  infer  evidence  of  the  actual  architecture   through  the  “bits”  captured  in  the  network?   –  Protocol  headers  and  applica/on-­‐layer  payload  contain   informa/on  that  serve  as  explicit  or  implicit  evidence  for  the   status  quo  of  the  IS  and  their  architecture   •  If  we  capture  all  IS’  network  interac/ons  how  can   we  verify  an  IT  Architecture  (ITA)  model?   –  By  confron/ng  that  model  with  all  the  evidence  collected  from  the   network   5  
Research  Ques/on   How  to  automa5cally  verify  if  an  IT  Architecture   model  is  actually  in  sync  with  current  IS,  resor5ng   exclusively  to  the  passive  analysis  of  their  network   traffic?   6  
Approach   This  subprocess  is  our  main  focus   (at  the  technology  level)   Cap/on   Extensions:  Verifica5on  Process   Extensions:  Verifica/on  Cycle   Extensions:  Lifecycle   Common  ISA  Planning  Process   7  
Verifica/on  Process  (Simplified)   8  
Verifica/on  Process  (Simplified)   Dis/lls  evidence  of  the  real  ITA  from  passively   captured  and  analyzed  network  traffic   9  
Traffic  Monitoring   •  Discover  evidence  of  the  actual  ITA  from  network  packets,   headers  and  payloads   •  Passive  Network  Traffic  Analysis  Hierarchy   –  Sub-­‐Applica5on-­‐layer  Inspec5on  (TCP/IP  headers)   §  System  interrela/onship  graph   §  Opera/ng  Systems   –  Superficial  Applica5on-­‐layer  Inspec5on  (protocol  signatures)   §  Applica/on-­‐layer  Protocol  classifica/on   §  Soware  Components  (limited)   –  Deep  Applica5on-­‐layer  Parsing   §  Pre-­‐classified  traffic  is  dispatched  to  specialized  parsers   §  Technology  Services  and  Opera/ons  (including  used  Parameters)   §  Soware  Components   §  Low-­‐level  Informa/on  En//es  (e.g.  database  schemas,  user  names)   10  
Verifica/on  Process  (Simplified)   Real  ITA’s  evidence,  structured  in  accordance  with   a  proposed  conceptual  model  (NeVacts)   11  
Evidence  Descrip/on  Model  (Ne^acts)   12  
Verifica/on  Process  (Simplified)   Described  in  an  ISA  modelling  language.     We  used  and  extended  the  CEO   Framework’s  (CEOF)  UML  profile.   13  
Verifica/on  Process  (Simplified)   Knowledge  of  how  to  match/map  a  higher-­‐ Verifica5on  realized  by  applying   level  ITA  model  with  the  actual  reality  mirrored   these  rules  to  the  domain  of  the   in  the  collected  network  traffic   architecture  model  and  the   collected  real  ITA  evidence   14  
Mapping  and  Verifica/on  Rules   Representa5on  of  Factual  Reality   Representa5on  of  ITA  Expecta5ons   Ne^acts  Model   ISA  Modeling  Language   (M1)   (M2)   ISA  Model   (M1)   ISA  Model  Instan/a/on   Ne^acts  Model  Instan/a/on  (M0)   (M0)   •  Mapping  between  Ne^acts  evidence  and  ITA  concepts  and  rela/onships   •  Specify  the  required  collected  evidence  to  declare  an  ITA  model  in  sync  with  reality   •  Generic  and  Organiza5on-­‐independent  (defined  at  the  ISA  modeling  language  level  –  M2)   •  Defined  by  statements  in  a  subset  of  First  Order  Logic  (Horn  clauses)   •  The  actual  ITA  Verifica5on  is  realized  by  checking  if  these  rules  hold  for  a  given  domain   15  
Pucng  it  all  together   Generic  Mapping   Verified  ITA  Model   Rules   ITA  Verifica5on  and   (Logtalk)   (Logtalk)   Inference  Engine       Domain-­‐independent     Knowledge  Base     Network  Traffic     Analysis  Engine   Deep  Applica/on-­‐layer   Fact  Base   Parser     (ITA)       ?     Fact    Base   Streamer     Sub-­‐Applica/on-­‐layer   Traffic  Classifier  and  Dispatcher       (Network  Evidence)   Inspector           NeVacts   Inference  Engine     IPAudit     p0f   HTTP/SOAP  Parser     (Prolog)   (LogTalk)   Raw         Traffic       PCAP   Superficial  Applica/on-­‐ SQL  Parser     User  Interface     layer  Inspector           PADS   Oracle-­‐TNS  Parser         Verifica/on   Report   TXT   16  
Case  Study   •  Portugal  Telecom   •  Sales  IS  ecossystem   •  Applied  approach  to  accurate  and  inaccurate  (with   known  devia/ons)  models   •  Traffic  passively  captured  in  several  points  of  the   corporate  network   –  ~1  Terabyte  of  data   –  1  workday   •  Prototype  applied  to  raw  captured  traffic   17  
Case  Study  Example:  Service  Architecture   18  
Case  Study  Example:  Service  Architecture   19  
Results:  Correct  Model   •  Fully  Iden/fied  architecture  elements:   –  «IT  Infrastructure  Block»   –  «Opera/ng  System»   –  «IT  Applica/on  Block»   –  «IT  Services»   –  «IT  Services»  Usage   •  Par/ally  Iden/fied  architecture  elements  (due  to  lack  of   “built-­‐in  knowledge”):   –  «IT  Pla^orm  Block»  –  Excep/ons:   §  .Net  Framework  2.0  in  SFAP’s  frontends   §  SQL  Server  2005  in  SFAP’s  data  backends   –  «IT  Services»  Realiza/on  –  Excep/ons:   §  One  data  service  supported  by  SQL  Server  2005  (SFAP’s  data  backend)   20  
Results  (Con/nued…)   •  Incorrect  Model:   –  All  devia/ons  were  detected   –  Most  of  them  explicitly  reported  as  errors   –  A  few  cases  were  undecidable   §  Lack  of  evidence  to  support  or  refute  that  architecture  component   §  Prototype  raises  a  “red  flag”   §  Architect  is  lead  to  inves/gate  these  specific  cases   •  Knowledge  Discovery   –  All  of  the  Ne^acts  evidence   –  Undocumented  Architecture  Elements:   §  over  50  «IT  Services»   §  several  «IT  Opera/ons»  and  used  parameters   §  Database  Tables  and  Columns   21  
Future  Work   •  Automa/c  elicita/on  of  ITA  model   Automa/c  Discovery  of  ITA   •  From  low-­‐level  evidence  infer  high-­‐level  model   •  Middleware   Complex  IS  Technical  Rela/onships   •  Enterprise  Service  Bus   •  Applica/on  Logs   Other  Data  Sources   •  Ac/ve  Probing  and  Agent-­‐based  solu/ons   •  Informa/on  Architecture   Other  IS  Architecture  Levels   •  Applica/on  Architecture   22  
Thank  You   Ques/ons?   23  
Thank  You   Ques/ons?   24  
Thank  You   Ques/ons?   25  
Extending  the  CEO  Framework   Cap/on   New  En5ty   New  A^ribute:  «concreteName»   New  A^ribute:  «version»   26  
Main  Contribu/ons   Passive   Network   Traffic   Automa/c   Analysis   ✔   Automa/c   ITA   Unobtrusive  to  the   CEO   ITA   Network-­‐ Framework   based   Organiza/on  and  its   Extensions   Verifica/on   Evidence   IS   Process   Model   ✔   Organiza/on   Mapping   CEOF2007+   independent   ✔   and  Ne^acts   27  

Recommended

Instance-based Security with the Security Annotation Framework (SAF)
Instance-based Security with the Security Annotation Framework (SAF) Instance-based Security with the Security Annotation Framework (SAF)
Instance-based Security with the Security Annotation Framework (SAF)
krasserm
 
A comprehensive formal verification solution for ARM based SOC design
A comprehensive formal verification solution for ARM based SOC design A comprehensive formal verification solution for ARM based SOC design
A comprehensive formal verification solution for ARM based SOC design
chiportal
 
How Digital Libraries Can Create a Culture of Open Access on Campus
How Digital Libraries Can Create a Culture of Open Access on CampusHow Digital Libraries Can Create a Culture of Open Access on Campus
How Digital Libraries Can Create a Culture of Open Access on Campus
Spencer Keralis
 
The squirrel on a golden chain cre
The squirrel on a golden chain creThe squirrel on a golden chain cre
The squirrel on a golden chain cre
Spencer Keralis
 
Customs
CustomsCustoms
Customs
silgareca
 
Fun Food Friday
Fun Food FridayFun Food Friday
Fun Food Friday
John Theurer Cancer Center at Hackensack University Medical Center
 
Foro diseño, creatividad e innovacion
Foro diseño, creatividad e innovacionForo diseño, creatividad e innovacion
Foro diseño, creatividad e innovacion
Marta Elena Posada Noreña
 
IT Architecture Automatic Verification
IT Architecture Automatic VerificationIT Architecture Automatic Verification
IT Architecture Automatic Verification
António Alegria
 

Recommended

Instance-based Security with the Security Annotation Framework (SAF)
Instance-based Security with the Security Annotation Framework (SAF) Instance-based Security with the Security Annotation Framework (SAF)
Instance-based Security with the Security Annotation Framework (SAF)
krasserm
 
A comprehensive formal verification solution for ARM based SOC design
A comprehensive formal verification solution for ARM based SOC design A comprehensive formal verification solution for ARM based SOC design
A comprehensive formal verification solution for ARM based SOC design
chiportal
 
How Digital Libraries Can Create a Culture of Open Access on Campus
How Digital Libraries Can Create a Culture of Open Access on CampusHow Digital Libraries Can Create a Culture of Open Access on Campus
How Digital Libraries Can Create a Culture of Open Access on Campus
Spencer Keralis
 
The squirrel on a golden chain cre
The squirrel on a golden chain creThe squirrel on a golden chain cre
The squirrel on a golden chain cre
Spencer Keralis
 
Customs
CustomsCustoms
Customs
silgareca
 
Fun Food Friday
Fun Food FridayFun Food Friday
Fun Food Friday
John Theurer Cancer Center at Hackensack University Medical Center
 
Foro diseño, creatividad e innovacion
Foro diseño, creatividad e innovacionForo diseño, creatividad e innovacion
Foro diseño, creatividad e innovacion
Marta Elena Posada Noreña
 
IT Architecture Automatic Verification
IT Architecture Automatic VerificationIT Architecture Automatic Verification
IT Architecture Automatic Verification
António Alegria
 
Chip ex 2011 faraday
Chip ex 2011 faradayChip ex 2011 faraday
Chip ex 2011 faraday
chiportal
 
Data models-and-automation-jp
Data models-and-automation-jpData models-and-automation-jp
Data models-and-automation-jp
Miya Kohno
 
World Wide Technology | Red Hat Ansible for Networking Workshop
World Wide Technology | Red Hat Ansible for Networking WorkshopWorld Wide Technology | Red Hat Ansible for Networking Workshop
World Wide Technology | Red Hat Ansible for Networking Workshop
Joel W. King
 
Research platform architecture
Research platform architectureResearch platform architecture
Research platform architecture
Pierre Menard
 
Cisco open network environment
Cisco open network environmentCisco open network environment
Cisco open network environment
deepers
 
Top 5 favourite features of Cisco ACI in Pulsant Cloud Data Centres
Top 5 favourite features of Cisco ACI in Pulsant Cloud Data Centres Top 5 favourite features of Cisco ACI in Pulsant Cloud Data Centres
Top 5 favourite features of Cisco ACI in Pulsant Cloud Data Centres
Martin Lipka
 
Pankaj_Joshi_Resume
Pankaj_Joshi_ResumePankaj_Joshi_Resume
Pankaj_Joshi_Resume
Pankaj Chandra Joshi
 
06 operations and feedback dap-kabel
06 operations and feedback dap-kabel06 operations and feedback dap-kabel
06 operations and feedback dap-kabel
David Alvarez Palomo
 
IBM PureSystems
IBM PureSystemsIBM PureSystems
IBM PureSystems
IBM WebSphereIndia
 
IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...
IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...
IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...
IBM Sverige
 
OracleOEP-EWebcast
OracleOEP-EWebcastOracleOEP-EWebcast
OracleOEP-EWebcast
Shivanshu Upadhyay
 
The SDN Opportunity
The SDN OpportunityThe SDN Opportunity
The SDN Opportunity
Juniper Networks
 
Axp Introduce In China Open Source Forum 2008
Axp Introduce In China Open Source Forum 2008Axp Introduce In China Open Source Forum 2008
Axp Introduce In China Open Source Forum 2008
OpenSourceCamp
 
Scc2012 Scala
Scc2012 ScalaScc2012 Scala
Scc2012 Scala
steccami
 
Apiworld
ApiworldApiworld
Apiworld
Owen Rubel
 
Summit 16: The Hitchhiker/Hacker's Guide to NFV Benchmarking
Summit 16: The Hitchhiker/Hacker's Guide to NFV BenchmarkingSummit 16: The Hitchhiker/Hacker's Guide to NFV Benchmarking
Summit 16: The Hitchhiker/Hacker's Guide to NFV Benchmarking
OPNFV
 
02 intro syst_gen
02 intro syst_gen02 intro syst_gen
02 intro syst_gen
Panca Kurniawan
 
Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2
David Linthicum
 
Introduction to YANG data models and their use in OpenDaylight: an overview
Introduction to YANG data models and their use in OpenDaylight: an overviewIntroduction to YANG data models and their use in OpenDaylight: an overview
Introduction to YANG data models and their use in OpenDaylight: an overview
Cisco DevNet
 
Model Driven Architecture (MDA): Motivations, Status & Future
Model Driven Architecture (MDA): Motivations, Status & FutureModel Driven Architecture (MDA): Motivations, Status & Future
Model Driven Architecture (MDA): Motivations, Status & Future
elliando dias
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
 

More Related Content

Similar to IT Architecture Automatic Verification (RCIS 2010)

Chip ex 2011 faraday
Chip ex 2011 faradayChip ex 2011 faraday
Chip ex 2011 faraday
chiportal
 
Research platform architecture
Research platform architectureResearch platform architecture
Research platform architecture
Pierre Menard
 
06 operations and feedback dap-kabel
06 operations and feedback dap-kabel06 operations and feedback dap-kabel
06 operations and feedback dap-kabel
David Alvarez Palomo
 
IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...
IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...
IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...
IBM Sverige
 
Axp Introduce In China Open Source Forum 2008
Axp Introduce In China Open Source Forum 2008Axp Introduce In China Open Source Forum 2008
Axp Introduce In China Open Source Forum 2008
OpenSourceCamp
 
Scc2012 Scala
Scc2012 ScalaScc2012 Scala
Scc2012 Scala
steccami
 
Apiworld
ApiworldApiworld
Apiworld
Owen Rubel
 
Summit 16: The Hitchhiker/Hacker's Guide to NFV Benchmarking
Summit 16: The Hitchhiker/Hacker's Guide to NFV BenchmarkingSummit 16: The Hitchhiker/Hacker's Guide to NFV Benchmarking
Summit 16: The Hitchhiker/Hacker's Guide to NFV Benchmarking
OPNFV
 
Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2
David Linthicum
 
Model Driven Architecture (MDA): Motivations, Status & Future
Model Driven Architecture (MDA): Motivations, Status & FutureModel Driven Architecture (MDA): Motivations, Status & Future
Model Driven Architecture (MDA): Motivations, Status & Future
elliando dias
 

Similar to IT Architecture Automatic Verification (RCIS 2010) (20)

Chip ex 2011 faraday
Chip ex 2011 faradayChip ex 2011 faraday
Chip ex 2011 faraday
 
Data models-and-automation-jp
Data models-and-automation-jpData models-and-automation-jp
Data models-and-automation-jp
 
World Wide Technology | Red Hat Ansible for Networking Workshop
World Wide Technology | Red Hat Ansible for Networking WorkshopWorld Wide Technology | Red Hat Ansible for Networking Workshop
World Wide Technology | Red Hat Ansible for Networking Workshop
 
Research platform architecture
Research platform architectureResearch platform architecture
Research platform architecture
 
Cisco open network environment
Cisco open network environmentCisco open network environment
Cisco open network environment
 
Top 5 favourite features of Cisco ACI in Pulsant Cloud Data Centres
Top 5 favourite features of Cisco ACI in Pulsant Cloud Data Centres Top 5 favourite features of Cisco ACI in Pulsant Cloud Data Centres
Top 5 favourite features of Cisco ACI in Pulsant Cloud Data Centres
 
Pankaj_Joshi_Resume
Pankaj_Joshi_ResumePankaj_Joshi_Resume
Pankaj_Joshi_Resume
 
06 operations and feedback dap-kabel
06 operations and feedback dap-kabel06 operations and feedback dap-kabel
06 operations and feedback dap-kabel
 
IBM PureSystems
IBM PureSystemsIBM PureSystems
IBM PureSystems
 
IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...
IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...
IBM Smarter Business 2012 - Smarta managerade övervakningstjänster baserad på...
 
OracleOEP-EWebcast
OracleOEP-EWebcastOracleOEP-EWebcast
OracleOEP-EWebcast
 
The SDN Opportunity
The SDN OpportunityThe SDN Opportunity
The SDN Opportunity
 
Axp Introduce In China Open Source Forum 2008
Axp Introduce In China Open Source Forum 2008Axp Introduce In China Open Source Forum 2008
Axp Introduce In China Open Source Forum 2008
 
Scc2012 Scala
Scc2012 ScalaScc2012 Scala
Scc2012 Scala
 
Apiworld
ApiworldApiworld
Apiworld
 
Summit 16: The Hitchhiker/Hacker's Guide to NFV Benchmarking
Summit 16: The Hitchhiker/Hacker's Guide to NFV BenchmarkingSummit 16: The Hitchhiker/Hacker's Guide to NFV Benchmarking
Summit 16: The Hitchhiker/Hacker's Guide to NFV Benchmarking
 
02 intro syst_gen
02 intro syst_gen02 intro syst_gen
02 intro syst_gen
 
Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2
 
Introduction to YANG data models and their use in OpenDaylight: an overview
Introduction to YANG data models and their use in OpenDaylight: an overviewIntroduction to YANG data models and their use in OpenDaylight: an overview
Introduction to YANG data models and their use in OpenDaylight: an overview
 
Model Driven Architecture (MDA): Motivations, Status & Future
Model Driven Architecture (MDA): Motivations, Status & FutureModel Driven Architecture (MDA): Motivations, Status & Future
Model Driven Architecture (MDA): Motivations, Status & Future
 

Recently uploaded

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Recently uploaded (20)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

IT Architecture Automatic Verification (RCIS 2010)

  • 1. IT  Architecture  Automa/c  Verifica/on:   A  Network  Evidence-­‐based  Approach   António  Alegria  (Presen0ng)   Portugal  Telecom   Ins/tuto  Superior  Técnico  –  Universidade  Técnica  de  Lisboa     André  Vasconcelos   Center  for  Opera/onal  Design  and  Engineering   Ins/tuto  Superior  Técnico  –  Universidade  Técnica  de  Lisboa    
  • 2. Roadmap   •  Problem  Statement   •  Proposed  Approach   •  Proof  of  Concept  Prototype   •  Case  Study   •  Results   •  Future  Work   2  
  • 3. Problem  Statement     Informa5on  Systems  Architecture  (ISA)  Planning  Process   Is  the  expected  model  correct?   Does  the  implementa5on  meet   expecta5ons?   3  
  • 4. How  to  Check  the  Reality  of  IT  Architecture?   •  Actual  architecture  emerges  from  Informa/on   Systems’  (IS)  func/on   •  IS  manifest  themselves  through:   –  Input  and  Output  ar/facts   –  Interac/ons  with  other  agents  (humans  or  machines)   •  Interac/ons  with  other  systems  are  predominantly   through  TCP/IP  networks   •  At  the  technology  level  it’s  possible  to  capture  all  IS’   manifesta/ons  in  corporate  networks   –  Security  experts  have  been  doing  it  for  a  long  /me  although  with  a   different  purpose  and  at  a  lower  level  of  abstrac/on   4  
  • 5. How  to  Check  the  Reality  of  IT  Architecture?   •  How  to  infer  evidence  of  the  actual  architecture   through  the  “bits”  captured  in  the  network?   –  Protocol  headers  and  applica/on-­‐layer  payload  contain   informa/on  that  serve  as  explicit  or  implicit  evidence  for  the   status  quo  of  the  IS  and  their  architecture   •  If  we  capture  all  IS’  network  interac/ons  how  can   we  verify  an  IT  Architecture  (ITA)  model?   –  By  confron/ng  that  model  with  all  the  evidence  collected  from  the   network   5  
  • 6. Research  Ques/on   How  to  automa5cally  verify  if  an  IT  Architecture   model  is  actually  in  sync  with  current  IS,  resor5ng   exclusively  to  the  passive  analysis  of  their  network   traffic?   6  
  • 7. Approach   This  subprocess  is  our  main  focus   (at  the  technology  level)   Cap/on   Extensions:  Verifica5on  Process   Extensions:  Verifica/on  Cycle   Extensions:  Lifecycle   Common  ISA  Planning  Process   7  
  • 9. Verifica/on  Process  (Simplified)   Dis/lls  evidence  of  the  real  ITA  from  passively   captured  and  analyzed  network  traffic   9  
  • 10. Traffic  Monitoring   •  Discover  evidence  of  the  actual  ITA  from  network  packets,   headers  and  payloads   •  Passive  Network  Traffic  Analysis  Hierarchy   –  Sub-­‐Applica5on-­‐layer  Inspec5on  (TCP/IP  headers)   §  System  interrela/onship  graph   §  Opera/ng  Systems   –  Superficial  Applica5on-­‐layer  Inspec5on  (protocol  signatures)   §  Applica/on-­‐layer  Protocol  classifica/on   §  Soware  Components  (limited)   –  Deep  Applica5on-­‐layer  Parsing   §  Pre-­‐classified  traffic  is  dispatched  to  specialized  parsers   §  Technology  Services  and  Opera/ons  (including  used  Parameters)   §  Soware  Components   §  Low-­‐level  Informa/on  En//es  (e.g.  database  schemas,  user  names)   10  
  • 11. Verifica/on  Process  (Simplified)   Real  ITA’s  evidence,  structured  in  accordance  with   a  proposed  conceptual  model  (NeVacts)   11  
  • 12. Evidence  Descrip/on  Model  (Ne^acts)   12  
  • 13. Verifica/on  Process  (Simplified)   Described  in  an  ISA  modelling  language.     We  used  and  extended  the  CEO   Framework’s  (CEOF)  UML  profile.   13  
  • 14. Verifica/on  Process  (Simplified)   Knowledge  of  how  to  match/map  a  higher-­‐ Verifica5on  realized  by  applying   level  ITA  model  with  the  actual  reality  mirrored   these  rules  to  the  domain  of  the   in  the  collected  network  traffic   architecture  model  and  the   collected  real  ITA  evidence   14  
  • 15. Mapping  and  Verifica/on  Rules   Representa5on  of  Factual  Reality   Representa5on  of  ITA  Expecta5ons   Ne^acts  Model   ISA  Modeling  Language   (M1)   (M2)   ISA  Model   (M1)   ISA  Model  Instan/a/on   Ne^acts  Model  Instan/a/on  (M0)   (M0)   •  Mapping  between  Ne^acts  evidence  and  ITA  concepts  and  rela/onships   •  Specify  the  required  collected  evidence  to  declare  an  ITA  model  in  sync  with  reality   •  Generic  and  Organiza5on-­‐independent  (defined  at  the  ISA  modeling  language  level  –  M2)   •  Defined  by  statements  in  a  subset  of  First  Order  Logic  (Horn  clauses)   •  The  actual  ITA  Verifica5on  is  realized  by  checking  if  these  rules  hold  for  a  given  domain   15  
  • 16. Pucng  it  all  together   Generic  Mapping   Verified  ITA  Model   Rules   ITA  Verifica5on  and   (Logtalk)   (Logtalk)   Inference  Engine       Domain-­‐independent     Knowledge  Base     Network  Traffic     Analysis  Engine   Deep  Applica/on-­‐layer   Fact  Base   Parser     (ITA)       ?     Fact    Base   Streamer     Sub-­‐Applica/on-­‐layer   Traffic  Classifier  and  Dispatcher       (Network  Evidence)   Inspector           NeVacts   Inference  Engine     IPAudit     p0f   HTTP/SOAP  Parser     (Prolog)   (LogTalk)   Raw         Traffic       PCAP   Superficial  Applica/on-­‐ SQL  Parser     User  Interface     layer  Inspector           PADS   Oracle-­‐TNS  Parser         Verifica/on   Report   TXT   16  
  • 17. Case  Study   •  Portugal  Telecom   •  Sales  IS  ecossystem   •  Applied  approach  to  accurate  and  inaccurate  (with   known  devia/ons)  models   •  Traffic  passively  captured  in  several  points  of  the   corporate  network   –  ~1  Terabyte  of  data   –  1  workday   •  Prototype  applied  to  raw  captured  traffic   17  
  • 18. Case  Study  Example:  Service  Architecture   18  
  • 19. Case  Study  Example:  Service  Architecture   19  
  • 20. Results:  Correct  Model   •  Fully  Iden/fied  architecture  elements:   –  «IT  Infrastructure  Block»   –  «Opera/ng  System»   –  «IT  Applica/on  Block»   –  «IT  Services»   –  «IT  Services»  Usage   •  Par/ally  Iden/fied  architecture  elements  (due  to  lack  of   “built-­‐in  knowledge”):   –  «IT  Pla^orm  Block»  –  Excep/ons:   §  .Net  Framework  2.0  in  SFAP’s  frontends   §  SQL  Server  2005  in  SFAP’s  data  backends   –  «IT  Services»  Realiza/on  –  Excep/ons:   §  One  data  service  supported  by  SQL  Server  2005  (SFAP’s  data  backend)   20  
  • 21. Results  (Con/nued…)   •  Incorrect  Model:   –  All  devia/ons  were  detected   –  Most  of  them  explicitly  reported  as  errors   –  A  few  cases  were  undecidable   §  Lack  of  evidence  to  support  or  refute  that  architecture  component   §  Prototype  raises  a  “red  flag”   §  Architect  is  lead  to  inves/gate  these  specific  cases   •  Knowledge  Discovery   –  All  of  the  Ne^acts  evidence   –  Undocumented  Architecture  Elements:   §  over  50  «IT  Services»   §  several  «IT  Opera/ons»  and  used  parameters   §  Database  Tables  and  Columns   21  
  • 22. Future  Work   •  Automa/c  elicita/on  of  ITA  model   Automa/c  Discovery  of  ITA   •  From  low-­‐level  evidence  infer  high-­‐level  model   •  Middleware   Complex  IS  Technical  Rela/onships   •  Enterprise  Service  Bus   •  Applica/on  Logs   Other  Data  Sources   •  Ac/ve  Probing  and  Agent-­‐based  solu/ons   •  Informa/on  Architecture   Other  IS  Architecture  Levels   •  Applica/on  Architecture   22  
  • 23. Thank  You   Ques/ons?   23  
  • 24. Thank  You   Ques/ons?   24  
  • 25. Thank  You   Ques/ons?   25  
  • 26. Extending  the  CEO  Framework   Cap/on   New  En5ty   New  A^ribute:  «concreteName»   New  A^ribute:  «version»   26  
  • 27. Main  Contribu/ons   Passive   Network   Traffic   Automa/c   Analysis   ✔   Automa/c   ITA   Unobtrusive  to  the   CEO   ITA   Network-­‐ Framework   based   Organiza/on  and  its   Extensions   Verifica/on   Evidence   IS   Process   Model   ✔   Organiza/on   Mapping   CEOF2007+   independent   ✔   and  Ne^acts   27