By Topic

Policies for Distributed Systems and Networks, 2009. POLICY 2009. IEEE International Symposium on

Date 20-22 July 2009

Filter Results

Displaying Results 1 - 25 of 42
  • [Front cover]

    Page(s): C1
    Save to Project icon | Request Permissions | PDF file iconPDF (690 KB)  
    Freely Available from IEEE
  • [Title page i]

    Page(s): i
    Save to Project icon | Request Permissions | PDF file iconPDF (24 KB)  
    Freely Available from IEEE
  • [Title page iii]

    Page(s): iii
    Save to Project icon | Request Permissions | PDF file iconPDF (46 KB)  
    Freely Available from IEEE
  • [Copyright notice]

    Page(s): iv
    Save to Project icon | Request Permissions | PDF file iconPDF (104 KB)  
    Freely Available from IEEE
  • Table of contents

    Page(s): v - vii
    Save to Project icon | Request Permissions | PDF file iconPDF (244 KB)  
    Freely Available from IEEE
  • Preface

    Page(s): viii
    Save to Project icon | Request Permissions | PDF file iconPDF (79 KB)  
    Freely Available from IEEE
  • Organising Committee

    Page(s): ix - x
    Save to Project icon | Request Permissions | PDF file iconPDF (110 KB)  
    Freely Available from IEEE
  • Abductive Authorization Credential Gathering

    Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (275 KB) |  | HTML iconHTML  

    A central task in the context of logic-based decentralized authorization languages is that of gathering credentials from credential providers, required by the resource guardpsilas policy to grant a userpsilas access request. This paper presents an abduction-based algorithm that computes a specification of missing credentials without communicating with remote credential providers. The specification is used to gather credentials from credential providers in a single pass, without involving any communication with the resource guard. The credentials gathered thus are pushed to the resource guard at authorization time. This approach decouples authorization from credential gathering, and, in comparison to server-side pull methods, reduces the number of messages sent between participants, and allows for environments in which some credential providers are unknown or unavailable to the resource guard at authorization time. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards Session-Aware RBAC Administration and Enforcement with XACML

    Page(s): 9 - 16
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (285 KB) |  | HTML iconHTML  

    An administrative role-based access control (ARBAC) model specifies administrative policies over a role-based access control (RBAC) system, where an administrative permission may change an RBAC policy by updating permissions assigned to roles, or assigning/revoking users to/from roles. Consequently, enforcing ARBAC policies over an active access controller while some users are using protected resources would result in conflicts: a policy may be in effect in the RBAC system while being updated by an ARBAC operation. Towards solving this concurrency problem, we propose a session-aware administrative model for RBAC. We show how the concurrency problem can be resolved by enhancing the extensible access control markup language (XACML) reference implementation. In order to do so, we develop an XACML-ARBAC profile to specify ARBAC policies, and enforce these polices by building an ARBAC enforcement module and a session administrative module. The former synchronizes with the evaluation of access control requests. The latter revokes conflicting ongoing user sessions immediately prior to enforcing administrative operations. Experimental studies show reasonable performance characteristics of our initial enhancement to Sun's reference implementation. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Modelling and Simulation for Policy Decision Support in Identity Management

    Page(s): 17 - 24
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (539 KB) |  | HTML iconHTML  

    The process of making IT (security) policy decisions, within organizations, is complex: it involves reaching consensus between a set of stakeholders (key decision makers, e.g. CISOs/CIOs, domain experts, etc.) who might have different views, opinions and biased perceptions of how policies need to be shaped. This involves multiple negotiations and interactions between stakeholders. This suggests two roles for policy decision support tools and methods: firstly to help an individual stakeholder test and refine their understanding of the situation and, secondly, to support the formation of consensus by helping stakeholders to share their assumptions and conclusions. We argue that an approach based on modeling and simulation can help with both these aspects, moreover we show that it is possible to integrate the assumptions made so that they can be directly contrasted and discussed. We consider, as a significant example, an Identity and Access Management (IAM) scenario: we focus on the provisioning process of user accounts on enterprise applications and services, a key IAM feature that has an impact on security, compliance and business outcomes. Whilst security and compliance experts might worry that ineffective policies for provisioning could fuel security and legal threats, business experts might be against policies that dictate overly strong or bureaucratic processes as they could have a negative impact on productivity. We explore the associated policy decision making process from these different perspectives and show how our systems modeling approach can provide consistent or comparable data, explanations, "what-if" predictions and analysis at different levels of abstractions. We discuss the implications that this has on the actual IT (security) policy decision making process. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Visualization for Access Control Policy Analysis Results Using Multi-level Grids

    Page(s): 25 - 28
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (279 KB) |  | HTML iconHTML  

    The rapid increase in deployment of policy-based access control systems faces security administrators with the daunting task of managing a large number of complex access control policies. Several policy analysis types, (e.g., policy similarity, policy conflict and change-impact) have been proposed to help administrators maintain consistent and conflict-free policy repositories. However, there has not been much focus on the presentation and the ensuing interpretation of the results of such analyses, which greatly undermines the usability factor. In this paper, we present a novel multi-level grid-based technique for visualizing results of policy analysis. We implemented this technique, and we present a sample policy similarity analysis scenario that highlights the advantages of the proposed result visualization method. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policies for Self Tuning Home Networks

    Page(s): 29 - 32
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (429 KB) |  | HTML iconHTML  

    A home network (HN) is usually managed by a user who does not possess knowledge and skills required to perform management tasks. When abnormalities are detected, it is desirable to let the network tune itself under the direction of certain policies. However, self tuning tasks usually require coordination between several network components and most of the network management policies can only specify local tasks. In this paper, we propose a state machine based policy framework to address the problem of fault and performance management in the context of HN. Policies can be specified for complex management tasks as global state machines which incorporate global system behavior monitoring and reactions. We demonstrate the policy framework through a case study in which policies are specified for dynamic selection of frequency channel in order to improve wireless link quality in the presence of RF interference. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Strong and Weak Policy Relations

    Page(s): 33 - 36
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (275 KB) |  | HTML iconHTML  

    Access control and privacy policy relations tend to focus on decision outcomes and are very sensitive to defined terms and state. Small changes or updates to a policy language or vocabulary may make two similar policies incomparable. To address this we develop two flexible policy relations derived from bisimulation in process calculi. Strong licensing compares the outcome of two policies strictly, similar to strong bisimulation. Weak licensing compares the outcome of policies more flexibly by ignoring irrelevant (non-conflicting) differences between outcomes, similar to weak bisimulation. We illustrate the relations using examples from P3P. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verification of Policy-Based Self-Managed Cell Interactions Using Alloy

    Page(s): 37 - 40
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (358 KB) |  | HTML iconHTML  

    Self-Managed Cells (SMCs) define an infrastructure for building ubiquitous computing applications. An SMC consists of an autonomous administrative domain based on a policy-driven feedback control-loop. SMCs are able to interact with each other and compose with other SMCs to form larger autonomous components. In this paper we present a formal specification of an SMC's behavior for the analysis and verification of its operation in collaborations of SMCs. These collaborations typically involve SMCs originated from different administrative authorities, and the definition of a formal model has helped us to verify the correctness of their operation when SMCs are composed or federated. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An Entropy-Based Countermeasure against Intelligent DoS Attacks Targeting Firewalls

    Page(s): 41 - 44
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (306 KB) |  | HTML iconHTML  

    Denial of service (DoS) attacks are very dangerous as they consume resources at the network and transport layers. Firewalls are considered as the first line of defense in any network. An attacker may use probing to learn a firewallpsilas policy, and then launch a DoS attack that floods the firewall with traffic targeting the rules at the bottom of this policy. In this paper, we propose a countermeasure that enables the firewall to endure the attack attempts without denying service to legitimate clients. The goal of this work is to use an entropy-based scheme to distinguish between the legitimate and attack traffic. Then, the legitimate traffic will be placed in a queue with a higher priority than the queue holding the attack traffic. The results show that the proposed scheme improves on the performance of the firewall under a DoS attack. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Apply Measurable Risk to Strengthen Security of a Role-Based Delegation Supporting Workflow System

    Page(s): 45 - 52
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (376 KB) |  | HTML iconHTML  

    Workflow systems often use delegation to enhance the flexibility of authorization. However, using delegation also weakens security because users may have difficulties understand and design correct delegation policies. In this paper, we propose the Measurable Risk Adaptive Role-based Delegation (MRARD) framework to address this problem.MRARD employs measurable risk for SSOs (System Security Officers) to provide a complementary protection mechanism in role-based delegation supporting workflow systems. In MRARD, when another enterprise user wants to use a delegated role to execute a task, a fuzzy logic based inference processor will infer the risk level. Based on simple risk adaptive decision policies, a decision module will determine whether the access should be granted under a certain risk mitigation action. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy-Based Real-Time Decision-Making for Personalized Service Delivery

    Page(s): 53 - 59
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (465 KB) |  | HTML iconHTML  

    Personalization of service delivery is an important means for the telecommunication industry of keeping their customers in spite of their market becoming more open to other players. Personalization involves using user-specific, dynamic information about communication activities, device capabilities, user context, and service availability for making real-time decisions about handling running sessions according to the user's preferences. This paper proposes a flexible mechanism for making such decisions based on policies, and defines an extension to the XACML 2.0 language which enables it to be used for this purpose. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Model Checking Firewall Policy Configurations

    Page(s): 60 - 67
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (399 KB) |  | HTML iconHTML  

    The use of firewalls to enforce access control policies can result in extremely complex networks. Each individual firewall may have hundreds or thousands of rules, and when combined in a network, they may result in unexpected combined behavior. To mitigate this problem, there has been interest in the use of model checking techniques for analyzing the behavior of firewall policy configurations, and reporting anomalies. Existing techniques for firewall policy analysis are based on decision diagrams, most normally reduced ordered binary decision diagrams (BDDs). BDDs are a rich data structure, supporting more logical operations than just solving Boolean formulae. Typically, search algorithms for Boolean satisfiability (so-called SAT-solvers) outperform BDDs. In this paper, we show that the extra structure provided by BDDs is not necessary for firewall policy analysis, and that SAT solvers are sufficient. This argument is supported both by theoretical analysis and by experimental data. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • ChangeRefinery: Assisted Refinement of High-Level IT Change Requests

    Page(s): 68 - 75
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (295 KB) |  | HTML iconHTML  

    The IT Infrastructure Library (ITIL) is a set of best practices that are widely accepted for IT service management. Change management is a core ITIL process that oversees the handling of IT changes and ensures that all change requests are carefully prioritized and authorized, that business and technical impacts are understood, and that required resources are available. During this process, IT operations teams first need to understand the change requests that are generated by business and IT personnel. They must then develop and execute concrete IT change plans for each request. The increasingly large and complex IT environment (people, technology and processes) presents a number of challenges to the efficient and effective design of the ever higher volume of IT changes: Change requests can be ill-defined, company policies and best practices are not systematically captured and enforced, manually designing changes is time consuming and error-prone. To overcome these issues we propose in this paper an automated planning based approach to change design. We illustrate how change knowledge can be represented to encode best practices and how to refine high-level change requests into concrete plans. A prototypical implementation shows the feasibility of the approach and demonstrates the concept of a change catalogue that can be presented to business users. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Realizing the CDL Cross-Domain Language in the Ponder2 Policy Framework: Experiences and Research Directions

    Page(s): 76 - 83
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (396 KB) |  | HTML iconHTML  

    In this paper, we first present the design of the Cross-Domain Language (CDL), the first attempt to date to design a high-level end-user language for the specification of cross-domain information-release policies. We then discuss our experiences and lessons learned in implementing CDL policies on lower-level general-purpose language frameworks such as Ponder2 and highlight future directions for language design. CDL addresses the need for a high level, understandable and interoperable language targeted at policy management staff such as dissemination and release officers, security officers etc., as opposed to software developers. The ease of policy specification in CDL comes from the fact that policies are centered on the ontologies and metaphors of cross-domain information release. Combining this with the mature and time-tested features offered by general-purpose policy specification and execution environments such as Ponder2 will allow for the rapid prototyping of interoperable and efficient cross-domain solutions. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Delegation Assistance

    Page(s): 84 - 91
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (467 KB) |  | HTML iconHTML  

    Today's IT systems typically comprise a fine-grained access control mechanism based on complex policies. The strict enforcement of these policies, at runtime, always contains the risk of hindering people in their regular work. An efficient support for assisted delegation can help in resolving the conflict between too tight access control and the required flexibility as well as support the resolution of conflicts. Here, assisted delegation means that, additional to denying the access, a user is informed about a list of users that could either grant him access to the requested resource or which could execute this task in behalf of the user. In this paper, we present an approach for determining a set of users which are able to resolve an access control conflict. This set is based on various information sources and are ordered with respect to different distance functions. We show that one distance function can be used to serve different types of contextual input, e.g., role hierarchies, geospatial information as well as shared business object structure data or social network graphs. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • ProActive Caching - A Framework for Performance Optimized Access Control Evaluations

    Page(s): 92 - 94
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (383 KB) |  | HTML iconHTML  

    Users expect that systems react instantly. This is specifically the case for user-centric workflows running in multi-layered enterprise system landscapes which demand fine-grained access control mechanisms and support for dynamic security policies. Thus, efficient evaluation of security policies becomes an important factor for the overall system performance. Caching approaches may help to address this issue. In previous work we introduced ProActive Caching as an approach that consists of two phases: first, in an offline phase, we automatically determine a workflow-specific heuristic for pre-computing and caching access decisions during a process execution. Second, in an online phase, we use the determined heuristic for the cache management. Hence, ProActive Caching provides a framework which is able to pre-compute access decisions based on an offline analysis of the system. In this paper we present a demonstrator for this framework. It comprises a tool for generating the workflow-specific heuristics, as well as a ProActive Caching enabled business process system which uses the generated heuristics for pre-computing access decisions during process execution. An additional performance monitor shows the performance increase of the system. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Policy-Based Sensor Selection System with Goal Oriented Singular Value Decomposition Technique

    Page(s): 95 - 97
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (559 KB) |  | HTML iconHTML  

    Modern data center relies on the use of numerous sensors to collect system and environment data to guide the optimal operations of the data centers to meet the desired business goals. The amount of sensors and monitored systems in the data center could be huge, and it includes many types of sensors generating seemingly unrelated data. This presents a challenge to the efficient utilization of these data to determine problems and how well the data center will deliver to the business. In this demo, we present an automatic policy selection management approach with goal guided singular value decomposition technique integrated into IBM Tivoli monitoring system (ITM) to efficiently utilize the sensor data. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • XACML Policy Profile for Multidomain Network Resource Provisioning and Supporting Authorisation Infrastructure

    Page(s): 98 - 101
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (305 KB) |  | HTML iconHTML  

    Policy definition is an important component of the consistent authorisation service infrastructure that could be effectively integrated with the general resource provisioning workflow and network control and management plane. The paper describes the proposed XACML-NRP policy and attributes profile for network resource provisioning. In addition to specifying a set of subject, resource, action attributes that are required for consistent XACML policy definition, the proposed profile allows also handling network path information what is especially important for QoS enforcement. To overcome stateless character of XACML policies, the proposed authorisation infrastructure provides a number of security mechanisms to support such important for NRP functionality as authorisation session and interdomain security context management, simple delegation, conditional authorisation decisions, and policy obligations handling. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enabling Distributed Management for Dynamic Airborne Networks

    Page(s): 102 - 105
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (446 KB) |  | HTML iconHTML  

    In this paper we describe our experience with integrating a distributed policy-based management system (DRAMA) with an open-source network management system (OpenNMS). Network operations seeking the benefits of policy-based network management often have pre-existing network monitoring systems. While these pre-existing systems are capable of monitoring the network, they are limited in their: 1) ability to provide distributed network management, 2)support for automatically reconfiguring the network in response to network events, and 3) ability to adjust management traffic bandwidth consumption based on network conditions. For dynamic networks such as those consisting of airborne platforms, there is a need to provide the above capabilities in any management solution while preserving any underlying management systems. As a result, we integrated DRAMA with OpenNMS to add distributed policy management capability to a commonly used network management system. In this paper, we describe the background for this effort, our approach for integrating OpenNMS with DRAMA, and the design of a distributed resource indirection framework that allows the use of the same policies across different distributed policy decision points managing network devices with different attribute values. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.