Web Security
oquinones
2.pdf
Panel: Security in Enterprise Resource Planning Systems
and Service-Oriented Architectures
Andreas Schaad SAP Research, Security & Trust
805, Av. Dr. Maurice Donat 06250 Mougins, France
Categories and Subject Descriptors D.m. [Miscellaneous]:
General Terms: Security
Keywords: service-oriented, security engineering
Vendors and users of large-scale, multi-layered, multi-application enterprise resource planning systems already face a variety of security challenges. In particular, the advent of service-oriented architectures demands new approaches regarding the composition of basic security building blocks and the verification of their correct and secure interaction.
IT systems and applications based on security services are heterogeneous: the various individual components may be built using different technology and run in different environments. Nevertheless, the components — as well as their requirements — interact, and in some cases even interfere with each other. Still most currently existing security solutions are limited to protecting applications within a single security context. Moreover, the message-passing nature of interactions of Web Services and of security services in general, increases their vulnerability. IT systems and applications, as well as their security requirements, are in general not static but rather continuously evolving. Their interaction takes place in highly dynamic environments where the composition of services can be undertaken at runtime. Some policies are dynamically modified (e.g., for incident handling or in case of emergency), and principals may join or be excluded from a community sharing some security context.
It is the aim of this panel to stimulate discussions between researchers and practitioners regarding the following observations and security problem statements within enterprise resource planning systems and service-oriented architectures:
• Security is a mission-critical property of modern enterprise software systems.
This is a valid observation on today’s systems, and the criticality of security will even increase with the openness and flexibility of service-oriented architectures. Service-
orientation, though being a necessary prerequisite for the implementation of the adaptive enterprise, extends the attack surface of an application, and dynamic business processes will significantly rely on functionality provided by services not under control of the process owner. These services will become part of the application and, thus, may require to process mission critical data. In virtual organisations, a dedicated owner might not even exist, leading to the compliance to their respective local policies being vital for each member.
• Basic security building blocks are available and ready to use.
With network access and communication facilities becoming ubiquitous through the last decade, industry and academia have invested a lot of effort to provide and improve security technology in order to counter today’s typical attack scenarios. These technologies include cryptography, smart cards, security protocols, firewalls, access control lists, role based access control mechanisms, directory services, virus scanners, biometrics, etc.
• Today’s enterprise applications can, in general, be run securely, but this requires large administrative effort and is subject to severe restrictions.
With the given security functionality and building blocks, today’s enterprise systems can, in general be run securely. But doing so is a major effort: The orchestration and configuration of these building blocks in today’s systems is challenging and requires in-depth expertise and knowledge in security, the application domain, and its implementation. In particular, it requires the translation of application and organizational policies to low-abstraction-level mechanisms that define security in terms of objects and subjects.
• Perimeter and communications security do not scale up to service-oriented architectures.
Service-oriented architectures overcome closed environments. By their nature, services can be discovered and utilised everywhere and by everyone, without pre-sharing information. Identity and address information become meaningless, and have to be replaced by the assurance of properties and functionalities. Security settings and even policies cannot be fixed, they have to be negotiated between services, or services have to provide evidence that they adhere to given policies. Semantic concepts for resources, identities, policies, security objectives, trust, etc. have to be introduced.
Copyright is held by the author/owner(s). SACMAT'06, June 7–9, 2006, Lake Tahoe, California, USA. ACM 1-59593-354-9/06/0006.
69
• Providing system security is a continuous activity and covers development, deployment, and operation. Security can not be achieved by just installing a particular security functionality or component and configuring it according to a policy that is valid at installation time. Software vulnerabilities to a large extent occur as a result of design or implementation errors, and have to be countered by implementing appropriate architectural concepts and following development guidelines. Still, vulnerabilities may go undetected, and adversary knowledge and abilities are likely to increase, raising the need to continuously monitor the security of an application or system, and asking for appropriate reaction, e.g., in terms of patch management and provision. In service-oriented architectures, applications and policies are subject to continuous evolution, requiring according action in adapting policies and security countermeasures. Altogether, security requires attention throughout the whole system lifecycle, covering definition, development, deployment, operation, and optimisation.
• Providing security involves the user and the administrator and needs to be manageable. Besides the design and implementation errors mentioned above, the second major source of security vulnerabilities of today’s systems is users and administrators arriving at insecure configurations and system settings. This is only partly due to their lack of security awareness, but mainly a result of the security status of the system and the consequences of administrative actions on security not being visible and comprehensible by people without in-depth security expertise. To manage the complexities of security administration, configuration, and personalisation, which increases in open and flexible environments offered by service-oriented architectures, we need appropriate means to signal security status and security-critical events, to guide the user/administrator to take appropriate action (by reconfiguring, entering fail-safe or emergency modes, etc.), and to monitor the security of the system. It is of utmost importance that these means address the user’s perception of the system structure and behaviour and how the monitored events relate to it. That is, they have to refer to a user-specific system model (according to the user’s role and system view) rather than to the technical components and interfaces of the system.
• The quality of security solutions (in terms of effectiveness and correctness) and its assurance become increasingly important. After a decade focusing on the definition and provision of security functionality, attention is increasingly paid on quality aspects of security solutions. An indicator for the importance of quality assurance is the high number of vulnerabilities due to design and implementation errors, and the increased demand for formal assurance and certification in particularly security- sensitive application domains including defence and healthcare. Quality assurance applies to both the effectiveness
of security mechanisms, i.e., their adequacy to satisfy the given security requirements, and the correctness of their implementation.
• Security increasingly becomes a development and engineering task. We have already argued that traditional concepts of security addressing network and perimeter security do not scale up to service-oriented architectures. This results in two major consequences: The need for additional security functionality (as discussed above), and the impossibility of introducing security after the fact, i.e., after the system has been implemented and deployed. Security in service-oriented architectures is not about protecting the system from outside attackers (actually, there is no “outside” of the system), but about exposing resources in a controlled manner while respecting both local and global constraints expressed by policies. The functionality to provide this kind of control has to be built-in into the system, leading to the design of the security architecture being an integral part of system and service development. In the service-oriented world, security will itself, to a large extent, be provided by dedicated services. This allows for flexibly reacting to evolving security requirements being characteristic for service-orientation. However, security services have to be orchestrated in order to maintain the desired security level, thereby considering their interdependencies and interaction. This has to be done systematically in an engineering fashion.
• Security is about tolerable risk, it therefore includes cost- benefit considerations. Security does not come for free: This applies to both the development of security functionality, architectures, and solutions as part of product and solution development, and the deployment and operation of secure systems at the customer’s sites. Necessary investments occur with respect to development effort, product costs, administration effort, performance etc. Thus, security in practice is a result of quantitative considerations: Investments to reach a particular security level have to be assessed and evaluated in relation to their potential to reduce and mitigate risks. Service-oriented architectures ask for new metrics and methods, since, for instance, risk assessment also refers to the reliability of services to provide their functionality, to their trustworthiness, to the level of exposure of critical system resources etc.
The above items should have made clear that system security always requires a trade-off. Researchers and practitioners alike should strive for innovative security solutions for the virtual, service-oriented, and evolving enterprise enabling secure execution of business processes and trusted collaboration across organisations.
70
<< /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles true /AutoRotatePages /None /Binding /Left /CalGrayProfile (Dot Gain 20%) /CalRGBProfile (sRGB IEC61966-2.1) /CalCMYKProfile (U.S. Web Coated \050SWOP\051 v2) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.3 /CompressObjects /Tags /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages true /CreateJDFFile false /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.0000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails true /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 1048576 /LockDistillerParams true /MaxSubsetPct 100 /Optimize true /OPM 1 /ParseDSCComments false /ParseDSCCommentsForDocInfo true /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo true /PreserveFlatness true /PreserveHalftoneInfo true /PreserveOPIComments true /PreserveOverprintSettings true /StartPage 1 /SubsetFonts true /TransferFunctionInfo /Apply /UCRandBGInfo /Preserve /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true /Academy /AgencyFB-Bold /AgencyFB-Reg /Alba /AlbaMatter /AlbaSuper /Algerian /Arial-Black /Arial-BoldItalicMT /Arial-BoldMT /Arial-ItalicMT /ArialMT /ArialNarrow /ArialNarrow-Bold /ArialNarrow-BoldItalic /ArialNarrow-Italic /ArialRoundedMTBold /ArialUnicodeMS /BabyKruffy /BaskOldFace /Bauhaus93 /BellMT /BellMTBold /BellMTItalic /BerlinSansFB-Bold /BerlinSansFBDemi-Bold /BerlinSansFB-Reg /BernardMT-Condensed /BlackadderITC-Regular /BodoniMT /BodoniMTBlack /BodoniMTBlack-Italic /BodoniMT-Bold /BodoniMT-BoldItalic /BodoniMTCondensed /BodoniMTCondensed-Bold /BodoniMTCondensed-BoldItalic /BodoniMTCondensed-Italic /BodoniMT-Italic /BodoniMTPosterCompressed /BookAntiqua /BookAntiqua-Bold /BookAntiqua-BoldItalic /BookAntiqua-Italic /BookmanOldStyle /BookmanOldStyle-Bold /BookmanOldStyle-BoldItalic /BookmanOldStyle-Italic /BookshelfSymbolSeven /BradleyHandITC /BritannicBold /Broadway /BrushScriptMT /CalifornianFB-Bold /CalifornianFB-Italic /CalifornianFB-Reg /CalisMTBol /CalistoMT /CalistoMT-BoldItalic /CalistoMT-Italic /Castellar /Centaur /Century /CenturyGothic /CenturyGothic-Bold /CenturyGothic-BoldItalic /CenturyGothic-Italic /CenturySchoolbook /CenturySchoolbook-Bold /CenturySchoolbook-BoldItalic /CenturySchoolbook-Italic /Chick /Chiller-Regular /ColonnaMT /ComicSansMS /ComicSansMS-Bold /CooperBlack /CopperplateGothic-Bold /CopperplateGothic-Light /CourierNewPS-BoldItalicMT /CourierNewPS-BoldMT /CourierNewPS-ItalicMT /CourierNewPSMT /Croobie /CurlzMT /EdwardianScriptITC /Elephant-Italic /Elephant-Regular /EngraversMT /ErasITC-Bold /ErasITC-Demi /ErasITC-Light /ErasITC-Medium /EstrangeloEdessa /Fat /FelixTitlingMT /FootlightMTLight /ForteMT /FranklinGothic-Book /FranklinGothic-BookItalic /FranklinGothic-Demi /FranklinGothic-DemiCond /FranklinGothic-DemiItalic /FranklinGothic-Heavy /FranklinGothic-HeavyItalic /FranklinGothic-Medium /FranklinGothic-MediumCond /FranklinGothic-MediumItalic /FreestyleScript-Regular /FrenchScriptMT /Freshbot /Frosty /Garamond /Garamond-Bold /Garamond-Italic /Gautami /Georgia /Georgia-Bold /Georgia-BoldItalic /Georgia-Italic /Gigi-Regular /GillSansMT /GillSansMT-Bold /GillSansMT-BoldItalic /GillSansMT-Condensed /GillSansMT-ExtraCondensedBold /GillSansMT-Italic /GillSans-UltraBold /GillSans-UltraBoldCondensed /GlooGun /GloucesterMT-ExtraCondensed /GoudyOldStyleT-Bold /GoudyOldStyleT-Italic /GoudyOldStyleT-Regular /GoudyStout /Haettenschweiler /HarlowSolid /Harrington /HighTowerText-Italic /HighTowerText-Reg /Impact /ImprintMT-Shadow /InformalRoman-Regular /Jenkinsv20 /Jenkinsv20Thik /Jokerman-Regular /Jokewood /JuiceITC-Regular /Karat /Kartika /KristenITC-Regular /KunstlerScript /Latha /LatinWide /LetterGothicMT /LetterGothicMT-Bold /LetterGothicMT-BoldOblique /LetterGothicMT-Oblique /LucidaBright /LucidaBright-Demi /LucidaBright-DemiItalic /LucidaBright-Italic /LucidaCalligraphy-Italic /LucidaConsole /LucidaFax /LucidaFax-Demi /LucidaFax-DemiItalic /LucidaFax-Italic /LucidaHandwriting-Italic /LucidaSans /LucidaSans-Demi /LucidaSans-DemiItalic /LucidaSans-Italic /LucidaSans-Typewriter /LucidaSans-TypewriterBold /LucidaSans-TypewriterBoldOblique /LucidaSans-TypewriterOblique /LucidaSansUnicode /Magneto-Bold /MaiandraGD-Regular /Mangal-Regular /MaturaMTScriptCapitals /MicrosoftSansSerif /Mistral /Modern-Regular /MonotypeCorsiva /MSOutlook /MSReferenceSansSerif /MSReferenceSpecialty /MVBoli /NiagaraEngraved-Reg /NiagaraSolid-Reg /OCRAExtended /OldEnglishTextMT /Onyx /PalaceScriptMT /PalatinoLinotype-Bold /PalatinoLinotype-BoldItalic /PalatinoLinotype-Italic /PalatinoLinotype-Roman /Papyrus-Regular /Parchment-Regular /Perpetua /Perpetua-Bold /Perpetua-BoldItalic /Perpetua-Italic /PerpetuaTitlingMT-Bold /PerpetuaTitlingMT-Light /Playbill /Poornut /PoorRichard-Regular /Porkys /PorkysHeavy /Pristina-Regular /PussycatSassy /PussycatSnickers /Raavi /RageItalic /Ravie /Rockwell /Rockwell-Bold /Rockwell-BoldItalic /Rockwell-Condensed /Rockwell-CondensedBold /Rockwell-ExtraBold /Rockwell-Italic /ScriptMTBold /ShowcardGothic-Reg /Shruti /SnapITC-Regular /Square721BT-Roman /Stencil /Sylfaen /SymbolMT /Tahoma /Tahoma-Bold /TempusSansITC /TimesNewRomanMT-ExtraBold /TimesNewRomanPS-BoldItalicMT /TimesNewRomanPS-BoldMT /TimesNewRomanPS-ItalicMT /TimesNewRomanPSMT /Trebuchet-BoldItalic /TrebuchetMS /TrebuchetMS-Bold /TrebuchetMS-Italic /Tunga-Regular /TwCenMT-Bold /TwCenMT-BoldItalic /TwCenMT-Condensed /TwCenMT-CondensedBold /TwCenMT-CondensedExtraBold /TwCenMT-Italic /TwCenMT-Regular /Verdana /Verdana-Bold /Verdana-BoldItalic /Verdana-Italic /VinerHandITC /Vivaldii /VladimirScript /Vrinda /Webdings /WeltronUrban /Wingdings2 /Wingdings3 /Wingdings-Regular /ZWAdobeF ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages true /ColorImageMinResolution 300 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Bicubic /ColorImageResolution 300 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.50000 /EncodeColorImages true /ColorImageFilter /DCTEncode /AutoFilterColorImages true /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /ColorImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasGrayImages false /CropGrayImages true /GrayImageMinResolution 300 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 300 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.50000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages true /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /GrayImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasMonoImages false /CropMonoImages true /MonoImageMinResolution 1200 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages true /MonoImageDownsampleType /Bicubic /MonoImageResolution 600 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict << /K -1 >> /AllowPSXObjects false /CheckCompliance [ /PDFX1a:2001 ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (None) /PDFXOutputConditionIdentifier () /PDFXOutputCondition () /PDFXRegistryName () /PDFXTrapped /False /Description << /CHS <FEFF4f7f75288fd94e9b8bbe5b9a521b5efa7684002000410064006f006200650020005000440046002065876863900275284e8e9ad88d2891cf76845370524d53705237300260a853ef4ee54f7f75280020004100630072006f0062006100740020548c002000410064006f00620065002000520065006100640065007200200035002e003000204ee553ca66f49ad87248672c676562535f00521b5efa768400200050004400460020658768633002> /CHT <FEFF4f7f752890194e9b8a2d7f6e5efa7acb7684002000410064006f006200650020005000440046002065874ef69069752865bc9ad854c18cea76845370524d5370523786557406300260a853ef4ee54f7f75280020004100630072006f0062006100740020548c002000410064006f00620065002000520065006100640065007200200035002e003000204ee553ca66f49ad87248672c4f86958b555f5df25efa7acb76840020005000440046002065874ef63002> /DAN <FEFF004200720075006700200069006e0064007300740069006c006c0069006e006700650072006e0065002000740069006c0020006100740020006f007000720065007400740065002000410064006f006200650020005000440046002d0064006f006b0075006d0065006e007400650072002c0020006400650072002000620065006400730074002000650067006e006500720020007300690067002000740069006c002000700072006500700072006500730073002d007500640073006b007200690076006e0069006e00670020006100660020006800f8006a0020006b00760061006c0069007400650074002e0020004400650020006f007000720065007400740065006400650020005000440046002d0064006f006b0075006d0065006e0074006500720020006b0061006e002000e50062006e00650073002000690020004100630072006f00620061007400200065006c006c006500720020004100630072006f006200610074002000520065006100640065007200200035002e00300020006f00670020006e0079006500720065002e> /DEU <FEFF00560065007200770065006e00640065006e0020005300690065002000640069006500730065002000450069006e007300740065006c006c0075006e00670065006e0020007a0075006d002000450072007300740065006c006c0065006e00200076006f006e002000410064006f006200650020005000440046002d0044006f006b0075006d0065006e00740065006e002c00200076006f006e002000640065006e0065006e002000530069006500200068006f006300680077006500720074006900670065002000500072006500700072006500730073002d0044007200750063006b0065002000650072007a0065007500670065006e0020006d00f60063006800740065006e002e002000450072007300740065006c006c007400650020005000440046002d0044006f006b0075006d0065006e007400650020006b00f6006e006e0065006e0020006d006900740020004100630072006f00620061007400200075006e0064002000410064006f00620065002000520065006100640065007200200035002e00300020006f0064006500720020006800f600680065007200200067006500f600660066006e00650074002000770065007200640065006e002e> /ESP <FEFF005500740069006c0069006300650020006500730074006100200063006f006e0066006900670075007200610063006900f3006e0020007000610072006100200063007200650061007200200064006f00630075006d0065006e0074006f00730020005000440046002000640065002000410064006f0062006500200061006400650063007500610064006f00730020007000610072006100200069006d0070007200650073006900f3006e0020007000720065002d0065006400690074006f007200690061006c00200064006500200061006c00740061002000630061006c0069006400610064002e002000530065002000700075006500640065006e00200061006200720069007200200064006f00630075006d0065006e0074006f00730020005000440046002000630072006500610064006f007300200063006f006e0020004100630072006f006200610074002c002000410064006f00620065002000520065006100640065007200200035002e003000200079002000760065007200730069006f006e0065007300200070006f00730074006500720069006f007200650073002e> /FRA <FEFF005500740069006c006900730065007a00200063006500730020006f007000740069006f006e00730020006100660069006e00200064006500200063007200e900650072002000640065007300200064006f00630075006d0065006e00740073002000410064006f00620065002000500044004600200070006f0075007200200075006e00650020007100750061006c0069007400e90020006400270069006d007000720065007300730069006f006e00200070007200e9007000720065007300730065002e0020004c0065007300200064006f00630075006d0065006e00740073002000500044004600200063007200e900e90073002000700065007500760065006e0074002000ea0074007200650020006f007500760065007200740073002000640061006e00730020004100630072006f006200610074002c002000610069006e00730069002000710075002700410064006f00620065002000520065006100640065007200200035002e0030002000650074002000760065007200730069006f006e007300200075006c007400e90072006900650075007200650073002e> /ITA <FEFF005500740069006c0069007a007a006100720065002000710075006500730074006500200069006d0070006f007300740061007a0069006f006e00690020007000650072002000630072006500610072006500200064006f00630075006d0065006e00740069002000410064006f00620065002000500044004600200070006900f900200061006400610074007400690020006100200075006e00610020007000720065007300740061006d0070006100200064006900200061006c007400610020007100750061006c0069007400e0002e0020004900200064006f00630075006d0065006e007400690020005000440046002000630072006500610074006900200070006f00730073006f006e006f0020006500730073006500720065002000610070006500720074006900200063006f006e0020004100630072006f00620061007400200065002000410064006f00620065002000520065006100640065007200200035002e003000200065002000760065007200730069006f006e006900200073007500630063006500730073006900760065002e> /JPN <FEFF9ad854c18cea306a30d730ea30d730ec30b951fa529b7528002000410064006f0062006500200050004400460020658766f8306e4f5c6210306b4f7f75283057307e305930023053306e8a2d5b9a30674f5c62103055308c305f0020005000440046002030d530a130a430eb306f3001004100630072006f0062006100740020304a30883073002000410064006f00620065002000520065006100640065007200200035002e003000204ee5964d3067958b304f30533068304c3067304d307e305930023053306e8a2d5b9a306b306f30d530a930f330c8306e57cb30818fbc307f304c5fc59808306730593002> /KOR <FEFFc7740020c124c815c7440020c0acc6a9d558c5ec0020ace0d488c9c80020c2dcd5d80020c778c1c4c5d00020ac00c7a50020c801d569d55c002000410064006f0062006500200050004400460020bb38c11cb97c0020c791c131d569b2c8b2e4002e0020c774b807ac8c0020c791c131b41c00200050004400460020bb38c11cb2940020004100630072006f0062006100740020bc0f002000410064006f00620065002000520065006100640065007200200035002e00300020c774c0c1c5d0c11c0020c5f40020c2180020c788c2b5b2c8b2e4002e> /NLD (Gebruik deze instellingen om Adobe PDF-documenten te maken die zijn geoptimaliseerd voor prepress-afdrukken van hoge kwaliteit. De gemaakte PDF-documenten kunnen worden geopend met Acrobat en Adobe Reader 5.0 en hoger.) /NOR <FEFF004200720075006b00200064006900730073006500200069006e006e007300740069006c006c0069006e00670065006e0065002000740069006c002000e50020006f0070007000720065007400740065002000410064006f006200650020005000440046002d0064006f006b0075006d0065006e00740065007200200073006f006d00200065007200200062006500730074002000650067006e0065007400200066006f00720020006600f80072007400720079006b006b0073007500740073006b00720069006600740020006100760020006800f800790020006b00760061006c0069007400650074002e0020005000440046002d0064006f006b0075006d0065006e00740065006e00650020006b0061006e002000e50070006e00650073002000690020004100630072006f00620061007400200065006c006c00650072002000410064006f00620065002000520065006100640065007200200035002e003000200065006c006c00650072002000730065006e006500720065002e> /PTB <FEFF005500740069006c0069007a006500200065007300730061007300200063006f006e00660069006700750072006100e700f50065007300200064006500200066006f0072006d00610020006100200063007200690061007200200064006f00630075006d0065006e0074006f0073002000410064006f0062006500200050004400460020006d00610069007300200061006400650071007500610064006f00730020007000610072006100200070007200e9002d0069006d0070007200650073007300f50065007300200064006500200061006c007400610020007100750061006c00690064006100640065002e0020004f007300200064006f00630075006d0065006e0074006f00730020005000440046002000630072006900610064006f007300200070006f00640065006d0020007300650072002000610062006500720074006f007300200063006f006d0020006f0020004100630072006f006200610074002000650020006f002000410064006f00620065002000520065006100640065007200200035002e0030002000650020007600650072007300f50065007300200070006f00730074006500720069006f007200650073002e> /SUO <FEFF004b00e40079007400e40020006e00e40069007400e4002000610073006500740075006b007300690061002c0020006b0075006e0020006c0075006f00740020006c00e400680069006e006e00e4002000760061006100740069007600610061006e0020007000610069006e006100740075006b00730065006e002000760061006c006d0069007300740065006c00750074007900f6006800f6006e00200073006f00700069007600690061002000410064006f0062006500200050004400460020002d0064006f006b0075006d0065006e007400740065006a0061002e0020004c0075006f0064007500740020005000440046002d0064006f006b0075006d0065006e00740069007400200076006f0069006400610061006e0020006100760061007400610020004100630072006f0062006100740069006c006c00610020006a0061002000410064006f00620065002000520065006100640065007200200035002e0030003a006c006c00610020006a006100200075007500640065006d006d0069006c006c0061002e> /SVE <FEFF0041006e007600e4006e00640020006400650020006800e4007200200069006e0073007400e4006c006c006e0069006e006700610072006e00610020006f006d002000640075002000760069006c006c00200073006b006100700061002000410064006f006200650020005000440046002d0064006f006b0075006d0065006e007400200073006f006d002000e400720020006c00e4006d0070006c0069006700610020006600f60072002000700072006500700072006500730073002d007500740073006b00720069006600740020006d006500640020006800f600670020006b00760061006c0069007400650074002e002000200053006b006100700061006400650020005000440046002d0064006f006b0075006d0065006e00740020006b0061006e002000f600700070006e00610073002000690020004100630072006f0062006100740020006f00630068002000410064006f00620065002000520065006100640065007200200035002e00300020006f00630068002000730065006e006100720065002e> /ENU (Use these settings to create Adobe PDF documents best suited for high-quality prepress printing. Created PDF documents can be opened with Acrobat and Adobe Reader 5.0 and later.) >> /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ << /AsReaderSpreads false /CropImagesToFrames true /ErrorControl /WarnAndContinue /FlattenerIgnoreSpreadOverrides false /IncludeGuidesGrids false /IncludeNonPrinting false /IncludeSlug false /Namespace [ (Adobe) (InDesign) (4.0) ] /OmitPlacedBitmaps false /OmitPlacedEPS false /OmitPlacedPDF false /SimulateOverprint /Legacy >> << /AddBleedMarks false /AddColorBars false /AddCropMarks false /AddPageInfo false /AddRegMarks false /ConvertColors /ConvertToCMYK /DestinationProfileName () /DestinationProfileSelector /DocumentCMYK /Downsample16BitImages true /FlattenerPreset << /PresetSelector /MediumResolution >> /FormElements false /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /DocumentCMYK /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /UseDocumentProfile /UseDocumentBleed false >> ] >> setdistillerparams << /HWResolution [600 600] /PageSize [612.000 792.000] >> setpagedevice
