By Topic

Policies for Distributed Systems and Networks, 2002. Proceedings. Third International Workshop on

Date 7-7 June 2002

Filter Results

Displaying Results 1 - 25 of 31
  • Proceedings Third International Workshop on Policies for Distributed Systems and Networks

    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (336 KB)  

    The following topics are dealt with: specification and analysis; policy management in the large; trust; access control; and network management. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The specification and enforcement of advanced security policies

    Page(s): 128 - 138
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (276 KB) |  | HTML iconHTML  

    In a distributed multi-user environment, the security policy must not only specify legitimate user privileges but also aid in the detection of the abuse of the privileges and adapt to perceived system threat conditions. This paper advocates extending authorization policy evaluation mechanisms with a means for generating audit data allowing immediate notification of suspicious application level activity. It additionally suggests that the evaluation of the policies themselves adapt to perceived network threat conditions, possibly affected by the receipt of such audit data by other processes. Such advanced policies assist in detecting and responding to intrusion and misuse and they allow more efficient utilization of security services, such as authentication, audit, and notification. We present an authorization framework, which enables the representation and enforcement of advanced security policies. Our approach is based on expanding the policy evaluation mechanism with the ability to generate real time actions, such as checking the current system threat level and sending a notification. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy-based management for ALAN-enabled networks

    Page(s): 181 - 192
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (467 KB) |  | HTML iconHTML  

    This paper presents the architecture, policy schema, and policy specifications necessary to accomplish effective management of the application level active networking (ALAN) environment. Using ALAN, developers can engineer applications through the network by utilising platforms (active servers) on which 3rd party software (Proxylets) can be dynamically loaded and run. Redirection of packets destined for active processing at the servers is performed by active routers. Management of such large, dynamic systems presents challenges to centralised approaches. Management based on policies locally interpreted in the context of local state is gaining acceptance as an alternative. The IST project ANDROID uses a flexible generic specification for policies, represented in XML, allowing a wide range of policies to be expressed and processed in a common framework. Policies given here focus on management of routers for VPN scenarios, the resource and security management of active servers running the Proxylets, and management of the information distribution mechanism. Preliminary results were demonstrated during the trial which included the scenario involving the inter-site connectivity and active server resource and security management. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policies in accountable contracts

    Page(s): 80 - 91
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (291 KB) |  | HTML iconHTML  

    In this paper, accounting policies explicitly control resource usage within a contract architecture. Combined with a virtual resource economy, this allows efficient exchange of high-level computer services between untrustworthy participants. These services are specified as contracts, which must be signed by the participants to take effect. Each contract expresses its accounting policy using a limited language, with high expressiveness but predictable execution times. This is evaluated within a novel resource economy, in which physical resources, trust and money are treated homogeneously. A second-order trust model continually updates trustworthiness opinions, based on contract performance; trust delegation certificates support flexible, distributed extension of these trust relationships. The introspectible contracts, resource and trust models together provide accountability and resilience, which are particularly important for large-scale distributed computation initiatives such as the Grid. Thus participants can take calculated risks, based on expressed policies and trust, and rationally choose which contracts to perform. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A system to specify and manage multipolicy access control models

    Page(s): 116 - 127
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (361 KB) |  | HTML iconHTML  

    This paper describes the architecture and the core specification language of an extensible access control system, called MACS-Multipolicy Access Control System. Several access control models are supported. by the proposed system, including the mandatory model, a flexible discretionary model, and RBAC. In addition, by using the core specification language, users can define their own access control models. The language is complemented by a number of tools supporting users in the tasks of model specification and analysis, and authorization management. The proposed system is a multipolicy system in that it allows one to apply different policies to different partitions of the set of objects to be protected. Therefore, different access control policies can co-exist, thus enhancing the flexibility of the system. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy driven data administration

    Page(s): 220 - 223
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (242 KB) |  | HTML iconHTML  

    This paper describes architecture for Policy Driven Data Administration (PDDA), a system for managing data using policies. The architecture supports policy specification, deployment and execution requirements of a system that can autonomically manage data based on pre-specified policies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Utilising the event calculus for policy driven adaptation on mobile systems

    Page(s): 13 - 24
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (301 KB) |  | HTML iconHTML  

    Adaptation is an important requirement for mobile applications due to the varying levels of resource availability that characterises mobile environments. However, without proper control, multiple applications can each adapt independently in response to a range of different adaptive stimuli, causing conflicts or suboptimal performance. In this paper, we present a policy-driven approach for mobile adaptive systems that can overcome the aforementioned problems. Our system is based on a policy language derived from the event calculus logic programming formalism. Important characteristics of our policy language are its support for explicit time-dependency expressions and its simple and user-friendly syntax View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • PoP - an automated policy replacement architecture for PBNM

    Page(s): 140 - 146
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (310 KB) |  | HTML iconHTML  

    This paper introduces the notion of PoP (Policy of Policies) used to define standard policy replacement strategies in a policy-based network. We also propose an architecture to support PoP within PDPs (Policy Decision Points originally defined by the IETF). The notion of PoP, and the proposed architecture allow the automation of the policy replacement task currently manually executed by the network administrator based on the network business plan. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • PEM3 - the policy enhanced memory management model

    Page(s): 194 - 197
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (335 KB) |  | HTML iconHTML  

    Over the past decade, clusters of workstations have become widely accepted as a cost efficient way of obtaining computational power. Moreover, clusters have increasingly been used to support multi-application environment, such as web servers and application servers, and to concurrently support a number of different services. In such an environment, resources become difficult to manage, e.g., it is difficult to adequately support the varying memory usage requirements of each application with a single strategy. In this paper we propose a policy-based model that provides applications with an interface to the underlying system in order to adapt the behavior of system services at runtime. The use of policies is illustrated by presenting the design of a memory management model for distributed shared memory systems, which allows different memory placement policies, while providing the ability to change consistency and coherency protocols at runtime. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards practical automated trust negotiation

    Page(s): 92 - 103
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (320 KB)  

    Exchange of attribute credentials is a means to establish mutual trust between strangers that wish to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive credentials by using access control policies. Existing ATN work makes unrealistic simplifying assumptions about credential-representation languages and credential storage. Moreover while existing work protects the transmission of credentials, it fails to hide the contents of credentials, thus providing uncontrolled access to potentially sensitive attributes. To protect information about sensitive attributes, we introduce the notion of attribute acknowledgment policies (Ack policies). We then introduce the trust target graph (TTG) protocol, which supports a more realistic credential language, Ack policies, and distributed storage of credentials. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How policy empowers business-driven device management

    Page(s): 214 - 217
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (327 KB) |  | HTML iconHTML  

    Existing network management architectures suffer from the inability to define and use business processes to drive the configuration and management of network resources. Business-Driven Device Management is a new paradigm that enables business rules to manage the construction of configuration files and commands for a device as well as enforce how the configuration of a device is created, verified, approved, and deployed BDDM uses different types of policies to manage the different aspects of providing network services. These policies form a continuum that represents the complete life cycle (from order to creation to tear-down) of network services, bridge the automation gap between the service and element layers, and controls which network services and resources are allocated to which users. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Revocation schemes for delegated authorities

    Page(s): 210 - 213
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (262 KB) |  | HTML iconHTML  

    We deal with an existing framework for updating privileges and creating management structures by means of authority certificates. These are used both to create access-level permissions and to delegate authority to other agents. Here we extend the framework to support a richer set of revocation schemes. The discussion of revocation follows an existing classification in the literature based on three separate dimensions: resilience, propagation, and dominance. The first one does not apply to this framework. The second one is specified straightforwardly. The third one can be encoded but raises a number of further questions for future investigation. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A weakly coupled adaptive gossip protocol for application level active networks

    Page(s): 244 - 247
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (276 KB) |  | HTML iconHTML  

    With the sharp increase in heterogeneity and distribution of elements in wide-area networks, more flexible, efficient and autonomous approaches for management and information distribution are needed. This paper proposes a novel approach, based on gossip protocols and firefly synchronisation theory, for the management policy distribution and synchronisation over a number of nodes in an application level active network (ALAN). The work is presented in the context of the IST project ANDROID (Active Network Distributed Open Infrastructure Development), which is developing an autonomous policy-based management system for ALAN. The preliminary simulation results suggest that with the appropriately optimised parameters, the algorithms developed are scalable, can work effectively in a realistic random network, and allow the policy updates to be distributed efficiently throughout the active network with a lower latency than other similar types of gossip protocols. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A multi-domain security policy distribution architecture for dynamic IP based VPN management

    Page(s): 224 - 227
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (304 KB) |  | HTML iconHTML  

    Nowadays, VPN technologies are frequently used to secure communications between remote sites. If creating a VPN is under control, managing it is still problematic. The main problem is providing scalability in the deployment process. Deploying a VPN means that some common security rules have to be shared between partners. But tools for doing this are not interoperable because of lack of standards. Moreover the security rules sharing must be dynamic to follow the need of today requirements for collaborative working. Proposals for this purpose fail to offer a sound solution to the policy distribution issues between multiple independent administrative domains. In this paper we propose an upgradeable architecture enabling policy distribution for multiple purposes. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Delegation of obligations

    Page(s): 25 - 35
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (444 KB) |  | HTML iconHTML  

    Obligation policies are one main means of exercising control within an organisation. They specify the actions that some subject has to perform. The authority over these actions needs to be specified in authorisation policies. Current policy notations provide us with the needed structure to represent authorisations and obligations as policy objects for distributed systems management. They support the delegation of authorisations but not of obligations, yet there is a strong relationship between the two policy types, and the delegation of obligations needs to be supported as well, requiring the introduction of a new type of policy which we call a "review". This paper investigates the general principles underlying the delegation of policy objects, putting specific emphasis on the delegation of obligations. The Alloy specification language is used to specify and illustrate these principles. The main issues that are discussed are: the balance between authorisation and obligation policies; the source of obligations and reasons for their delegation; and the need for review policies to help control the delegation of obligations View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A policy-based infrastructure for the dynamic control of agent mobility

    Page(s): 206 - 209
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (266 KB) |  | HTML iconHTML  

    There is an increasing research interest toward the mobility of software components. However, mobility adds complexity to the design of applications because programmers have to decide when, where and which components to migrate. The typical approach to mobility is to embed migration directives into component code at design time. This makes difficult to dynamically change migration strategies in order to adapt to evolving conditions of the execution environment. This paper advocates a policy-based approach for the specification and dynamic control of component mobility and presents a framework obtained by integrating a policy-based management system in a mobile agent environment. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An adaptive policy based management framework for differentiated services networks

    Page(s): 147 - 158
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (322 KB) |  | HTML iconHTML  

    This paper presents a framework for specifying policies for the management of differentiated services (DiffServ) networks. Although policy-based management has been the subject of intensifying research efforts, the proposed solutions are often restricted to condition-action rules where conditions are matched against incoming traffic flows. This results in static policy configurations where manual intervention is required to cater for configuration changes and to enable policy deployment. The framework presented supports automated policy deployment and flexible event triggers to permit dynamic policy configuration. Whilst current research focuses mostly on rules for low-level device configuration, significant challenges remain to be addressed in order to: 1) provide policy specification and adaptation across different abstraction layers; and 2) provide tools and services for the engineering of policy-driven systems. In particular, this paper focuses on solutions for dynamic adaptation of policy in DiffServ networks according to changes in requirements. Policy adaptation includes both dynamically changing policy parameters and reconfiguring the policy objects. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Applying trust policies for protecting mobile agents against DoS

    Page(s): 198 - 201
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (376 KB)  

    In the world of mobile agents, security aspects are extensively being discussed. Denial of service (DoS) attacks are of considerable interest, i.e., when malicious hosts either delete received agents or prevent them from continuing their route. This paper presents a method for a posteriori identification of such malicious hosts to build a trust policy. Depending on how much the agent owner trusts the hosts, he can either define an appropriate order in which selected hosts should be visited, or he can decide which hosts he does not want to contact again. We also show how the sequence of hosts should be determined in order to minimize some costs. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Originator control in usage control

    Page(s): 60 - 66
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (364 KB) |  | HTML iconHTML  

    Originator control is an access control policy that requires recipients to gain originator's approval for re-dissemination of disseminated digital object. Originator control policies are one of the generic and key concerns of usage control. Usage control is an emerging concept which encompasses traditional access control and digital rights management solutions. However, current commercial digital rights management (DRM) solutions lack enforcement of access control policies because their control of access to digital object is mainly based on payment. In this paper, we attempt to combine originator control policies and usage control. Then we show how this can extend traditional originator control solutions to enforce access control policies even outside of a local control environment where a central control authority is not available. License and ticket concepts are proposed and used for originator control in usage control. Also, we define seven different solution approaches to deal with various dissemination situations. In addition, we discuss some published DRM solutions and relate these to our solution approaches. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Web-based policy deployment management system

    Page(s): 240 - 243
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (261 KB) |  | HTML iconHTML  

    Ericsson's Policy Deployment Manager (PDM) allows high-level business ideas and services to be mapped into the underlying network configurations. This enables the elimination of the need to manually enter low-level parameters into an IP network for virtual private network (VPN) provisioning. By avoiding a manual configuration, PDM greatly reduces the risk of mis-configurations of the IP network. PDM provides the network operators and administrators with abstractions of important data in the working network alongside a clear picture of what is about to be deployed. PDM therefore offers a solution to low-level complex configurations for quality of service (QoS) and virtual private network (VPN) set up. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Obligation monitoring in policy management

    Page(s): 2 - 12
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (295 KB) |  | HTML iconHTML  

    Policies are widely used in modern systems and applications. Recently, it has been recognized that simple decisions are just not enough for many systems and applications. Many policies require actions to be performed after a decision is made in accordance with the policy. To address this need, this paper studies the notion of obligations, which are those conditions or actions that must be fulfilled by either the users or the system after the decision. This paper formalizes the obligations and investigates mechanisms for monitoring obligations. In particular, the paper discusses various aspects of how the system may compensate for unfulfilled obligations View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A hierarchical policy specification language, and enforcement mechanism, for governing digital enterprises

    Page(s): 38 - 49
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (311 KB) |  | HTML iconHTML  

    This paper is part of a research program based on the thesis that the only reliable way for ensuring that a heterogeneous distributed community of software modules and people conforms to a given policy is for this policy to be enforced. We have devised a mechanism called law-governed interaction (LGI) for this purpose. LGI can be used to specify a wide range of policies to govern the interactions among the members of large and heterogeneous communities of agents dispersed throughout a distributed enterprise, and to enforce such policies in a decentralized and efficient manner. What concerns us in this paper is the fact that a typical enterprise is bound to be governed by a multitude of policies. Stich policies are likely to be interrelated in complex ways, forming an ensemble of policies that is to govern the enterprise as a whole. As a step toward organizing such an ensemble of policies, we introduce a hierarchical inter-policy relation called a superior/subordinate relation. This relation is intended to serve two distinct but related purposes: first, it helps to organize and classify a set of enterprise policies; second, it helps regulate the long-term evolution of the various policies that govern an enterprise. For this purpose, each policy in the hierarchy should circumscribe the authority and the structure of those policies that are subordinate to it, in some way analogous to the manner in which a constitution in American jurisprudence constrains the laws which are subordinate to it. Broadly speaking, the hierarchical structure of the ensemble of policies that govern a given enterprise should reflect the hierarchical structure of the enterprise itself View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Dynamically extensible policy server and agent

    Page(s): 236 - 239
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (349 KB) |  | HTML iconHTML  

    This paper proposes a method, called the policy-extension-by-policy method, for quickly and dynamically adding policy classes with new functionality to policy servers and agents. In this method, users can add a new policy class to the policy server by using policy-definition (PD) policies, and they can define a method to translate a policy of the new class and to send to network nodes of different vendors through various types of device interfaces, such as CLI, MIBs, PIBs, APIs or hardware tables, by using policy-embedding (PE) policies. A PE policy also enables translating a policy of an existing class and sending the result to a new type of network node. PE policies contain command templates and methods for filling the templates. A program interpreter is embedded in policy agents to make flexible policy-to-configuration translation possible. A prototype system and example policies, i.e., access control, Diffserv, and VPN policies, were developed. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A community authorization service for group collaboration

    Page(s): 50 - 59
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (286 KB) |  | HTML iconHTML  

    In "grids" and "collaboratories", we find distributed communities of resource providers and resource consumers, within which often complex and dynamic policies govern who can use which resources for which purpose. We propose a new approach to the representation, maintenance and enforcement of such policies that provides a scalable mechanism for specifying and enforcing these policies. Our approach allows resource providers to delegate some of the authority for maintaining fine-grained access control policies to communities, while still maintaining ultimate control over their resources. We also describe a prototype implementation of this approach and an application in a data management context View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Meta-policies for distributed role-based access control systems

    Page(s): 106 - 115
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (290 KB)  

    In this paper meta-policies for access control policies are presented. There has been a lot of research into the various ways of specifying policy for a single domain. Such domains are autonomous and can be managed by the users or by a specific system administrator It is often helpful to have a more general policy description in order to restrict the ways in which policy can be modified. Meta-policies fill this particular role. With their help changes to policy can be made subject to predefined constraints. Meta-policies are long lived and so can provide users with stable information about the policy of the system. In addition they can provide bodies external to a domain with relevant but restricted information about its policies, so forming a basis for co-operation between domains. For example, a domain's meta-policy can function as a policy interface, thus establishing a basis for agreement on the structure of the objects accessed In this way it is possible to build service level agreements between domains automatically. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.