By Topic

Policies for Distributed Systems and Networks, 2007. POLICY '07. Eighth IEEE International Workshop on

Date 13-15 June 2007

Filter Results

Displaying Results 1 - 25 of 52
  • Eighth IEEE International Workshop on Policies for Distributed Systems and Networks - Cover

    Page(s): c1
    Save to Project icon | Request Permissions | PDF file iconPDF (119 KB)  
    Freely Available from IEEE
  • Eighth IEEE International Workshop on Policies for Distributed Systems and Networks-Title

    Page(s): i - iii
    Save to Project icon | Request Permissions | PDF file iconPDF (64 KB)  
    Freely Available from IEEE
  • Eighth IEEE International Workshop on Policies for Distributed Systems and Networks-Copyright

    Page(s): iv
    Save to Project icon | Request Permissions | PDF file iconPDF (67 KB)  
    Freely Available from IEEE
  • Eighth IEEE International Workshop on Policies for Distributed Systems and Networks - TOC

    Page(s): v - viii
    Save to Project icon | Request Permissions | PDF file iconPDF (52 KB)  
    Freely Available from IEEE
  • Preface

    Page(s): ix
    Save to Project icon | Request Permissions | PDF file iconPDF (37 KB)  
    Freely Available from IEEE
  • Committees

    Page(s): x
    Save to Project icon | Request Permissions | PDF file iconPDF (39 KB)  
    Freely Available from IEEE
  • Autonomous Pervasive Systems and the Policy Challenges of a Small World!

    Page(s): 3 - 7
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1219 KB) |  | HTML iconHTML  

    Pervasive systems are the subject of intensifying research efforts and their applications range from health monitoring and intelligent homes, to location aware services, unmanned vehicles and city-wide pervasive infrastructures. Although application- specific solutions have been proposed, their design has often raised additional challenges. This paper discusses the use of autonomous pervasive systems as a fertile testbed for policy-based adaptation and for integrating techniques that span across conventional subject boundaries. Additionally, we present the self-managed cell architectural pattern for realizing policy-driven autonomous pervasive systems and discuss the design of the Ponder2 policy service. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Confidentiality, Privacy and Trust Policy Enforcement for the Semantic Web

    Page(s): 8 - 11
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (75 KB) |  | HTML iconHTML  

    In this position paper we describe aspects of securing the semantic Web. In particular, we discuss ways of enforcing confidentiality privacy and trust polices. We also discuss our research on secure geospatial semantic Web. Our application of secure semantic Web technologies for assured information sharing is also discussed. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy-Driven Distributed Authorization: Status and Prospects

    Page(s): 12 - 18
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (157 KB)  

    Policies show great potential as a way to control the behavior of complex computer systems. In the case of authorization decisions in large distributed systems, policies offer the potential to abstract away from the details of who is allowed to access which services, under which conditions. This layer of abstraction is both a challenge and an opportunity: policy-driven distributed authorization systems may be more manageable, scalable, available, and secure than previous approaches---or they may be just the opposite. In the talk that accompanies this paper paper, we survey the status of the field and its near- term prospects, from both a theoretical and a practical perspective, and point out the major barriers to the adoption of policy-driven authorization systems in industry. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Specifying Policies Using UML Sequence Diagrams--An Evaluation Based on a Case Study

    Page(s): 19 - 28
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (8017 KB) |  | HTML iconHTML  

    This paper provides a case study based evaluation of UML sequence diagrams as a notation for policy specification. Policy rules are defined on the basis of deontic logic and provided a trace based semantics interpreted over Kripke structures. This gives a semantics comparable to the UML trace semantics for sequence diagrams, which is utilized in the evaluation. The focus is on requirements with respect to expressivity, utility and human readability. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Socio-cognitive Approach to Modeling Policies in Open Environments

    Page(s): 29 - 38
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (293 KB) |  | HTML iconHTML  

    The richness of today's electronic communications mirrors physical world: activities such as shopping, business and scientific collaboration are conducted online. Current interactions have become a form of social exchange where participants must deal with complexity, uncertainty and risk. We propose a policy specification approach that combines social sciences and trust theory to facilitate ad-hoc interactions of self-interested parties in open environments. Our socio-cognitive approach allows us to reason about uncertainty and risk involved in a transaction, and automatically calculate the minimum trust threshold needed to mitigate the vulnerabilities. The trust threshold comprises the core of security policies that govern the interactions. The threshold calculation is based on balancing objective and subjective trust components, which together predict that a transaction will result in an acceptable outcome. We propose to apply the prospect theory (D. Kahneman and A. Tversky, 1979) to specify policies that determine a set of acceptable outcomes. We present the trust threshold negotiation primitives. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On Interoperable Trust Negotiation Strategies

    Page(s): 39 - 50
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (240 KB)  

    Among the many works on trust negotiation, only a few deal with negotiation strategies. These works are tailored to specific frameworks-so their results cannot be extended to competing approaches - and introduce assumptions that cannot be always guaranteed. In this paper we identify some guidelines for designing "good" (interoperable) trust negotiation strategies under a different set of assumptions, namely, a peer's interest in making transactions succeed. Moreover, since our analysis is based on an abstract framework, the guidelines apply to a wide range of policy languages and negotiation frameworks. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On Parametric Obligation Policies: Enabling Privacy-Aware Information Lifecycle Management in Enterprises

    Page(s): 51 - 55
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (299 KB) |  | HTML iconHTML  

    Enterprises that collect and process personal data must deal with related privacy management issues. It is not just a matter of privacy-aware access control: privacy obligation policies, dictating duties and expectations on how personal data has to be handled, must be considered too. The management of obligation policies is a promising area but it is still underestimated. Enterprises require solutions that enable automation and can leverage their current identity management solutions. HP Labs have been working on this topic in the last few years, also in the context of the EU PRIME project. In this paper we present our recent work on parametric obligation policies and a related obligation management framework to deal with a scalable management of these policies on large amounts of data, stored in distributed data repositories. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Handling Dynamic Organizational Change with Community-Based Policy Management

    Page(s): 56 - 60
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (181 KB) |  | HTML iconHTML  

    Policy-based management (PBM) aims to provide flexibility in the management of resources so as to readily reflect changing business goals. However, as organizations increasingly use electronic means for more of their core business operations, the ability to ensure that policies accurately reflect the operation of an organization becomes more challenging. This paper presents a critique of organizational modeling abstractions used in existing policy and access rule schemes. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Expertise Knowledge-Based Policy Refinement Process

    Page(s): 61 - 65
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (225 KB) |  | HTML iconHTML  

    We present an approach to automated workflow policy refinement process supported by the domain experts' knowledge. The expertise knowledge about refinement patterns are captured by using the pattern paradigm. The combination of the temporal logic formalism and the description logic formalism facilitates the automated policy refinement process. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Infrastructure-Aware Autonomic Manager for Change Management

    Page(s): 66 - 69
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (345 KB) |  | HTML iconHTML  

    Typical IT environments of medium to large size organizations consist of tens of networks that connect hundreds of servers to support the running of a large variety of business-relevant applications; usually from different vendors. Change management is an important management processes that, if automated, can have a direct impact on increasing service availability in IT environments. Although such automation is considered important, the requirements of the appropriate policy engine, and policy language to express both high level and low level policies are far from clear. In this paper, we report our experiences in addressing these problems. In particular, we concentrate on availability policies - policies through which IT managers express the required availability of systems - and the autonomic manager that enforces them. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards Privacy-Aware Handling of Authorizations

    Page(s): 70 - 76
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (161 KB) |  | HTML iconHTML  

    Privacy issues have hindered centralised authentication approaches from being adopted by a wide range of users. This also applies to authorizations which suffer from privacy problems when stored and processed centrally. We present first steps towards a framework of privacy-aware handling of authorizations. We split up the storage and the processing of access control policies in a user-centric approach. We illustrate our approach at the example of a security infrastructure scenario. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • XACML-Based Composition Policies for Ambient Networks

    Page(s): 77 - 86
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (723 KB) |  | HTML iconHTML  

    Ambient Networks (AN) pose new challenges to the management discipline, and policies are considered to be an adequate solution for providing flexibility, distributed control, and self-management features. However, the current state-of the art IETF policy framework was not designed for the challenges of new 3G/4G environments such as AN. This paper presents PBMAN, a policy-based architecture and a composition framework that extends the AN architecture, where policies are intrinsically at the underlying layer by design and not as a later ad-on. The use of policies and their interaction with network composition is the main research challenge of PBMAN. The current architecture has been designed based on previous experience, on a design-implement-test development cycle. The framework was used to model a video on demand scenario, whereto composition policies based on an extended version of the XACML policy language have been written. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Overriding of Access Control in XACML

    Page(s): 87 - 95
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (254 KB) |  | HTML iconHTML  

    Most access control mechanisms focus on how to define the rights of users in a precise way to prevent any violation of the access control policy of an organization. However, in many cases it is hard to predefine all access needs, or even to express them in machine readable form. One example of such a situation is an emergency case which may not be predictable and would be hard to express as a machine readable condition. Discretionary overriding of access control is one way for handling such hard to define and unanticipated situations where availability is critical. The override mechanism gives the subject of the access control policy the possibility to override a denied decision, and if the subject should confirm the override, the access will be logged for special auditing. XACML, the extensible access control markup language, provides a standardized access control policy language for expressing access control policies. This paper introduces a discretionary overriding mechanism in XACML. We do so by means of XACML obligations and also define a general obligation combining mechanism. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Multi-level Policy Representation for Management Services in Maritime Networks

    Page(s): 96 - 108
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (203 KB) |  | HTML iconHTML  

    A policy-based traffic management (PBTM) prototype was developed to investigate the effective management of communication resources in a tactical maritime environment. The system design includes a combination of Web services (WS) and policy-based network management (PBNM) techniques. The paper describes a multi-level XML-based policy representation developed for use in the PBTM prototype. Three levels of policies are defined: the high level, the specification level and the low level. The policy representation for each level is given. Aspects that are particular to the system are also discussed. These aspects include hierarchical policy scopes, a rule engine and conflict resolution mechanisms developed specifically for use in the maritime environment. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy in the Semantic Web: What Policy Languages Have to Offer

    Page(s): 109 - 118
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (136 KB) |  | HTML iconHTML  

    Uncontrolled disclosure of sensitive information during electronic transactions may expose users to threats like loss of privacy and identity theft. The means envisioned for addressing protection of security and privacy in the context of the Semantic Web are policy languages for trust establishment and management. Although a number of policy languages have been proposed, it is unclear how well each language can address users' privacy concerns. The contribution of this work is an independent, scenario-based comparison of six prominent policy languages, namely Protune, Rei, Ponder, Trust-X, KeyNote and P3P-APPEL, with respect to the needs that users have in protecting their personal, sensitive data. We present how each language addresses access control for objects, such as user credentials and sensitive policies. We evaluate how each language defines or imports hierarchies of resources, whether the language supports protection of user information after it has been released, whether the language supports the principle of least privilege and more. The evaluation is not only an analytical literature study but also rich in actual implementations in all six languages. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Specifying and Enforcing High-Level Semantic Obligation Policies

    Page(s): 119 - 128
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (824 KB) |  | HTML iconHTML  

    Obligation policies specify management actions that must be performed when a particular kind of event occurs and certain conditions are satisfied. Large scale distributed systems often produce event streams containing large volumes of low-level events. In many cases, these streams also contain multimedia data (consisting of text, audio or video). Hence, a key challenge is to allow policy writers to specify obligation policies based on high-level events, that may be derived after performing appropriate processing on raw, low-level events. In this paper, we propose a semantic obligation policy specification language called Eagle, which is based on patterns of high-level events, represented as RDF graph patterns. Our policy enforcement architecture uses a compiler that builds a workflow for producing a stream of events, which match the high-level event pattern specified in a policy. This workflow consists of a number of event sources and event processing components, which are described semantically. We present the policy language and enforcement architecture in this paper. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Proteus: A Semantic Context-Aware Adaptive Policy Model

    Page(s): 129 - 140
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (281 KB) |  | HTML iconHTML  

    The growing diffusion of portable devices enables users to benefit from anytime and anywhere impromptu collaboration. Appropriate policy models that take into account the dynamicity and heterogeneity of the new pervasive collaboration scenario are crucial to ensure secure sharing of information. Collaborating entities cannot be predetermined and resource availability frequently varies, even unpredictably, due to user/device mobility, thus complicating resource access control. Policies cannot be defined based on entity's identities/roles, as in traditional security solutions, or be specified a priori to face any operative run-time condition, and require continuous adjustments to adapt to the current situation. To address these issues this paper advocates the adoption of a semantic context-aware paradigm to policy specification. Context- awareness allows operations on resources to be controlled based on context visibility whereas semantic technologies allow the high-level description and reasoning about context/policies. The paper describes Proteus that, as a key feature, combines these two design guidelines to enable dynamic adaptation of policies depending on context changes. In particular, the paper shows how ontologies and logic programming rules can be used to leverage policy adaptation. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Distributed Enforcement of Unlinkability Policies: Looking Beyond the Chinese Wall

    Page(s): 141 - 150
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (243 KB) |  | HTML iconHTML  

    We present a discretionary access control framework that can be used to control a principal's ability to link information from two or more audit records and compromise a user's privacy. While the traditional Chinese Wall (CW) access control model is sufficient to enforce this type of unlinkability, in distributed environments CW is inefficient because its semantics requires knowledge of a user's access history. We propose a restricted version of the CW model in which policies are easy to enforce in a decentralized manner without the need for an access history. Our architecture analyzes system policies for potential linkability conflicts. Users can identify specific threats to their privacy, typically in terms of trusted and untrusted roles in the context of RBAC (role based access control), following which the system attaches automatically generated policy constraints to the audit records. When these constraints are enforced appropriately, they implement unlinkability policies that are provably secure and precise for a fixed protection state. We extend the model with a versioning scheme that can handle evolving protection state, including changing roles and permissions, trading precision to maintain the security of deployed policies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An Automated Framework for Validating Firewall Policy Enforcement

    Page(s): 151 - 160
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (295 KB) |  | HTML iconHTML  

    The implementation of network security devices such as firewalls and IDSs are constantly being improved to accommodate higher security and performance standards. Using reliable and yet practical techniques for testing the functionality of firewall devices particularly after new filtering implementation or optimization becomes necessary to assure required security. Generating random traffic to test the functionality of firewall matching is inefficient and inaccurate as it requires an exponential number of test cases for a reasonable coverage. In addition, in most cases the policies used during testing are limited and manually generated representing fixed policy profiles. In this paper, we present a framework for automatic testing of the firewall policy enforcement or implementation using efficient random traffic and policy generation techniques. Our framework is a two-stage architecture that provides a satisfying coverage of the firewall operational states. A large variety of policies are randomly generated according to custom profiles and also based on the grammar of the access control list. Testing packets are then generated intelligently and proportional to the critical regions of the generated policies to validate the firewall enforcement for such policies. We describe our implementation of the framework based on Cisco IOS, which includes the policy generation, test cases generation, capturing and analyzing firewall out put, and creating detailed test reports. Our evaluation results show that the automated security testing is not only achievable but it also offers a dramatically higher degree of confidence than random or manual testing. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.