1 / 18

Policy Management & Enforcement

Policy Management & Enforcement. Overview. S3MS Deployment Center Already demoed at M18 Off-device Inlining demo Already demoed at M18 DEMO 1: On-device Matching DEMO 2: On-device Inlining. S3MS Deployment Center. S3MS Deployment Center. Main changes between M18 and M24

zeki
Download Presentation

Policy Management & Enforcement

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Policy Management & Enforcement

  2. Overview • S3MS Deployment Center • Already demoed at M18 • Off-device Inlining demo • Already demoed at M18 • DEMO 1: On-device Matching • DEMO 2: On-device Inlining

  3. S3MS Deployment Center

  4. S3MS Deployment Center • Main changes between M18 and M24 • Support for metadata generation • Creation of new representation compilers • Greatly updated inliner and PDP generator • Extended multi-runtime support • .NET CF 2.0, full .NET 2.0, Mono, … • Stability and UI improvements

  5. S3MS Deployment Center

  6. Policy Management

  7. Policy Management

  8. Metadata

  9. Off-device inlining

  10. Off-device inlining

  11. DEMO 1 and DEMO 2 • Demo 1: On-device matching • Demo 2: On-device inlining • Uses the Omnys case study • Shown on video • Live demo available on demand!

  12. DEMO 1: On-device matching • In this demo, we use semantic matching • Hash-based, identical and remote matching also implemented • Semantic matching algorithm is developed by UNITN • This demo shows the integration of the matcher into our application deployer • The algorithm details will be detailed by UNITN in a following presentation • The demo device is setup to only support matching • No inlining

  13. DEMO 1: On-device matching Policy SCOPE SESSION SECURITY STATE BEFORE WebRequest.Create(string url) PERFORM url.StartsWith("http") -> {skip;} SCOPE SESSION SECURITY STATE CONST int maxMessage = 5; int messageSent = 0 RANGE 0 .. 5; BEFORE SmsMessage.Send() PERFORM messageSent<maxMessage -> { skip; } AFTER SmsMessage.Send() PERFORM true -> { messageSent = messageSent + 1; } Contract SCOPE SESSION SECURITY STATE BEFORE WebRequest.Create(string url) PERFORM url.StartsWith("http") -> {skip;} url.StartsWith("ftp") -> {skip;} SCOPE SESSION SECURITY STATE CONST int maxMessage = 5; int messageSent = 0 RANGE 0 .. 5; BEFORE SmsMessage.Send() PERFORM messageSent<maxMessage -> { skip; } AFTER SmsMessage.Send() PERFORM true -> { messageSent = messageSent + 1; }

  14. DEMO 1: On-device matching Policy SCOPE SESSION SECURITY STATE CONST int maxKbRecieve = 1024; BEFORE BeginReceive(byte[] buffer, int offset, int size, SocketFlags socketFlags, AsyncCallback callback, Object state) PERFORM size < maxKbRecieve -> { skip; } SCOPE SESSION SECURITY STATE CONST int maxMessage = 7; int messageSent = 0 RANGE 0 .. 7; BEFORE SmsMessage.Send() PERFORM messageSent<maxMessage -> { skip; } AFTER SmsMessage.Send() PERFORM true -> { messageSent = messageSent + 1; } Contract SCOPE SESSION SECURITY STATE CONST int maxKbRecieve = 512; BEFORE BeginReceive(byte[] buffer, int offset, int size, SocketFlags socketFlags, AsyncCallback callback, Object state) PERFORM size < maxKbRecieve -> { skip;} SCOPE SESSION SECURITY STATE CONST int maxMessage = 5; int messageSent = 0 RANGE 0 .. 5; BEFORE SmsMessage.Send() PERFORM messageSent<maxMessage -> { skip; } AFTER SmsMessage.Send() PERFORM true -> { messageSent = messageSent + 1; }

  15. DEMO 2: On-device inlining • Inlining can be used for legacy applications • Without a contract/proof/signature/… • In this demo, we want to limit the access to the contacts

More Related