Abstract

Manual management of the configuration of network devices and computing devices (hosts) is an error-prone task. Centralized automation of these tasks can lower the costs of management, but can also introduce unknown or unanticipated security risks. Misconfiguration (deliberate (by outsiders) or inadvertent (by insiders)) can expose a system to significant risks.

Centralized network management has seen significant progress in recent years, resulting in model-driven approaches that are clearly superior to previous "craft" methods. Host management has seen less development. The tools available have developed in separate task-specific ways.

This thesis explores two aspects of the configuration management problem for hosts:
(1) implementing host management using the model-driven (network) management tools;
(2) establishing the relative security of traditional methods and the above proposal for model driven host management.

It is shown that the model-driven approach is feasible, and the security of the model driven approach is significantly higher than that of existing approaches.