By Topic

Policies for Distributed Systems and Networks, 2003. Proceedings. POLICY 2003. IEEE 4th International Workshop on

Date 4-6 June 2003

Filter Results

Displaying Results 1 - 25 of 29
  • Spatial policies for sentient mobile applications

    Publication Year: 2003 , Page(s): 147 - 157
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (330 KB) |  | HTML iconHTML  

    Mobile applications are programs which are able to move themselves between hosts on the network. Sentient applications are programs which can exploit the existence of pervasive networked sensor devices to observe their environment and react accordingly. We believe that properly designed and constrained sentient mobile applications provide a good foundation for building applications for pervasive computing environments. The aims of this work are threefold: (i) motivate the use of sentient mobile applications in next-generation pervasive computing environments; (ii) describe the role of policy in building sentient mobile applications; (iii) demonstrate the need for policy to control sentient mobile applications once they have been deployed. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Inter-domains policy negotiation

    Publication Year: 2003 , Page(s): 239 - 242
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (251 KB) |  | HTML iconHTML  

    While the Internet offers a favorable interconnection medium, security issues are still crucial to its development. One major problem that limits the increased use of security protocols is the sharing related issues. We propose a solution, as part of a complete architecture, to enable geographically separated administrators to agree on a common dynamic security policy. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A policy based approach for automated topology management of peer to peer networks and a prototype implementation

    Publication Year: 2003 , Page(s): 235 - 238
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (232 KB) |  | HTML iconHTML  

    Peer-to-peer (P2P) is a flexible architecture that let a network grow up in an arbitrary way by adding more and more peers providing resources to the whole system. If uncontrolled, however, this growth might lead to stability and reliability problems, due to the fact that any host might join the network, no matter whether it may provide guarantees or not. Another problem that might occur is the difficulty to administrate the network due to its possibly uncontrolled growth and its frequent topological changes. We focus on the description of an approach to administration's automation based on the systematic use of policies. The goal is achieved by means of evaluation of the resources owned by each host, which addresses the problem of provision od reliable resources too. We believe this is a good solution to both problems. We explain how our approach works and the benefits rising from its use. In order to better test our approach we developed and tested a working prototype of the system. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards federated policy management

    Publication Year: 2003 , Page(s): 183 - 194
    Cited by:  Papers (4)  |  Patents (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (483 KB) |  | HTML iconHTML  

    In both data networks and telecommunication networks we are seeing a substantial growth in the number of policy engines and policy-enabled services and applications. We argue that end-users and network operators will need to have a unified, conceptually centralized "view" of the policies that they have specified and a unified understanding of how the policies will play out in the underlying infrastructure. We address the issue of "federated policy management", which allows users to specify preferences and policies at a high level and uses automated tools to map those preferences and policies into appropriate rule sets running on appropriate policy engines. As a key step in this direction, we develop a framework to support federated policy management in a restricted setting. Unlike previous work on distributed rule processing, the focus here is in the context of multiple policy decisions within a single process flow. Specifically, (in the terminology of IETF and Parlay/OSA) we study the case of a service or application that has multiple policy enforcement points (PEPs). We assume a policy language that supports production system style rules with chaining but no recursion (based on previous work on policy requirements for the telecommunications context). We present algorithms whereby users can specify a single coherent ruleset expressing their preferences, and this ruleset is mapped to multiple rulesets, one for each PEP in the application. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A PBNM system for integrated QoS and multicast management

    Publication Year: 2003 , Page(s): 243 - 246
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (262 KB) |  | HTML iconHTML  

    QoS and multicast are facilities that several modern applications require from networks. However, the management of such facilities is complex and not integrated. We present a policy-based management architecture and system for the integrated management of QoS and multicast-enabled networks. The definition of policies for this architecture is also presented. The proposed architecture is based on the IETF approach. However, we discuss how such approach had to be adapted in order to support not only QoS management but also multicast management. Finally, we also present the implementation of our proposal providing some management example scenarios. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Translating privacy practices into privacy promises - how to promise what you can keep

    Publication Year: 2003 , Page(s): 135 - 146
    Cited by:  Papers (7)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (506 KB) |  | HTML iconHTML  

    Enterprises advertise privacy promises using the W3C Platform for Privacy Preferences (P3P). These privacy promises define what recipients can obtain what collected data for what purpose. Internally, enterprises can use fine-grained privacy practices such as defined by the Platform for Enterprise Privacy Practices (E-P3P) to enforce privacy. These internal privacy policies should guarantee and enforce the promises made to the customers. Since privacy practices reflect business internals, they can change frequently. As a consequence, it can be challenging to keep the promises up-to-date with the actual practices. To enable up-to-date privacy promises, we describe a methodology for enterprises to promise what they can keep. This is done by automatically transforming E-P3P privacy practices into corresponding P3P privacy promises that reflect the actual enterprise-internal behavior. These P3P promises can then be published on a regular basis. Whenever the internal policies change, the P3P promises can easily be updated as well. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy contexts: controlling information flow in parameterised RBAC

    Publication Year: 2003 , Page(s): 99 - 110
    Cited by:  Papers (5)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (448 KB) |  | HTML iconHTML  

    Many RBAC models have augmented the fundamental requirement of a role abstraction with features such as parameterised roles and environment-aware policy. We examine the potential for unintentional leakage of information during RBAC policy enforcement, either through the exchange of parameters with external services when checking environmental conditions, or through a policy design which does not appropriately separate policy subsections with different basic purposes. We propose a simple, robust mechanism for handling these problems, and illustrate our approach with a current application of our OASIS RBAC system. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards automated negotiation of access control policies

    Publication Year: 2003 , Page(s): 111 - 119
    Cited by:  Papers (4)  |  Patents (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (306 KB) |  | HTML iconHTML  

    We examine the problem of negotiating access control policies between autonomous domains. Our objective is to develop software agents that can automatically negotiate access control policies between autonomous domains with minimal human guidance. We show a mathematical framework that is capable of expressing many such negotiation problems, and illustrate its application to some practical scenarios. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A policy language for a pervasive computing environment

    Publication Year: 2003 , Page(s): 63 - 74
    Cited by:  Papers (75)  |  Patents (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (424 KB) |  | HTML iconHTML  

    We describe a policy language designed for pervasive computing applications that is based on deontic concepts and grounded in a semantic language. The pervasive computing environments under consideration are those in which people and devices are mobile and use various wireless networking technologies to discover and access services and devices in their vicinity. Such pervasive environments lend themselves to policy-based security due to their extremely dynamic nature. Using policies allows the security functionality to be modified without changing the implementation of the entities involved. However, along with being extremely dynamic, these environments also tend to span several domains and be made up of entities of varied capabilities. A policy language for environments of this sort needs to be very expressive but lightweight and easily extensible. We demonstrate the feasibility of our policy language in pervasive environments through a prototype used as part of a secure pervasive system. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using event calculus to formalise policy specification and analysis

    Publication Year: 2003 , Page(s): 26 - 39
    Cited by:  Papers (35)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (368 KB) |  | HTML iconHTML  

    As the interest in using policy-based approaches for systems management grows, it is becoming increasingly important to develop methods for performing analysis and refinement of policy specifications. Although this is an area that researchers have devoted some attention to, none of the proposed solutions address the issues of analysing specifications that combine authorisation and management policies; analysing policy specifications that contain constraints on the applicability of the policies; and performing a priori analysis of the specification that will both detect the presence of inconsistencies and explain the situations in which the conflict will occur. We present a method for transforming both policy and system behaviour specifications into a formal notation that is based on event calculus. Additionally it describes how this formalism can be used in conjunction with abductive reasoning techniques to perform a priori analysis of policy specifications for the various conflict types identified in the literature. Finally, it presents some initial thoughts on how this notation and analysis technique could be used to perform policy refinement. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy based electronic transmission of prescriptions

    Publication Year: 2003 , Page(s): 197 - 206
    Cited by:  Papers (3)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (728 KB) |  | HTML iconHTML  

    We describe the PERMIS PMI role based authorisation policy, and show how it has been applied to the electronic transfer of prescriptions (ETP). The assignment of roles is distributed to the appropriate authorities in the health care and government sectors. This includes the assignment of both professional roles such as doctor and dentist, as well as patient roles that entitle patients to free prescriptions. All roles are stored as X.509 attribute certificates (ACs) in LDAP directories, which are managed by the assigning authorities. The PERMIS policy based decision engine subsequently retrieves these role ACs in order to make granted or denied access control decisions required by the ETP applications. The source of authority for setting the ETP policy is assumed to be the Secretary of State for Health. The ETP policy says what roles are recognised, who is authorised to assign the roles, what privileges are granted to each role and what conditions are attached to these privileges. The ETP policy is then formatted in XML, embedded in an X.509 attribute certificate, digitally signed by the Secretary of State for Health, and then stored in an LDAP directory. From here it can be accessed by all the ETP applications in the UK National Health Service that contain embedded policy based PERMIS decision engines. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enforcement of communications policies in software agent systems through mobile code

    Publication Year: 2003 , Page(s): 247 - 250
    Cited by:  Papers (4)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (267 KB) |  | HTML iconHTML  

    We introduce the use of mobile agents as the mechanism for policy enforcement in multiagent multidomain systems. The focus is on the effective application of communication policies in the setup and maintenance of spanning data streams that cross multiple hosts in different domains. We have designed and implemented a mobile agent based framework (FlexFeed) that works in concert with the KAoS framework for policy management. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Toward explicit policy management for virtual organizations

    Publication Year: 2003 , Page(s): 173 - 182
    Cited by:  Papers (16)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (277 KB) |  | HTML iconHTML  

    A virtual organization (VO) is a dynamic collection of distributed resources that are shared by a dynamic collection of users from one or more physical organizations. As grid computing technology is starting to facilitate truly large-scale VOs, issues are being raised regarding the purpose, architecture and operational mechanism of the VO. The emerging approach is essentially to define the VO as a particular set of users, whereby a "VO server" issues tokens to humans attesting to their membership in the VO. The problem with this approach is that there is little in the way of rules that describe the operation of the virtual organization or rules that govern the behavior of VO users and resources (and the ramifications of failing to meet the intent of the VO itself). Where such rules exist, they are implicit and therefore difficult to enforce in a consistent or automated manner. We identify two representative policies for existing and future VOs and, more generally, identifies issues and approaches for addressing the practical concerns for implementing any explicit VO policy: utilization measurement, accounting, enforcement conditions, enforcement actions, and security. A prototype implementation using .NET is described. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enforcing history-based security policies in mobile agent systems

    Publication Year: 2003 , Page(s): 231 - 234
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (256 KB) |  | HTML iconHTML  

    The mobile agent paradigm used in modern distributed systems has revealed some new forms of common security threats, such as abusive resource consumption or illegitimate information flow between different and noncooperative entities. This problem is aggravated when an agent's host doesn't know anything about the agent's past activities, visited hosts and interactions with other agents. Thus, robust and efficient authorization platforms should be considered in order to avoid undesired actions from malicious agents. We present an authorization platform designed for a mobile agent system, MobileTrans, which supports the definition and enforcement of history-based security policies, allowing hosts to decide on the authorization of an agent's action upon its past behaviour. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement

    Publication Year: 2003 , Page(s): 93 - 96
    Cited by:  Papers (54)  |  Patents (36)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (372 KB) |  | HTML iconHTML  

    We describe our initial implementation of the KAoS policy and domain services. While primarily oriented to the dynamic and complex requirements of software agent applications, the services are also being adapted to general-purpose grid computing and Web services environments as well. The KAoS services rely on a DAML description-logic-based ontology of the computational environment, application context, and the policies themselves that enables runtime extensibility and adaptability of the system, as well as the ability to analyze policies relating to entities described at different levels of abstraction. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Analysis of integrity policies using soft constraints

    Publication Year: 2003 , Page(s): 77 - 80
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (268 KB) |  | HTML iconHTML  

    An integrity policy defines the situations when modification of information is authorized and is enforced by the security mechanisms of the system. However, in a complex application system it is possible that an integrity policy may have been incorrectly specified and, as a result, a user may be authorized to modify information that can lead to an unexpected system compromise. We outline a scalable and quantitative technique that uses constraint solving to model and analyze the effectiveness of application system integrity policies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A toolkit-based approach to policy-managed storage

    Publication Year: 2003 , Page(s): 89 - 92
    Cited by:  Patents (6)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (260 KB) |  | HTML iconHTML  

    The goal of policy-based storage management is to allow storage resources in an IT complex to be managed by setting comparatively high-level policies, rather than by doing low-level manual configuration. We describe the policy management and rule execution architecture in a prototype autonomic storage manager being developed in IBM Research. The prototype uses generic communication, a policy repository, and policy translation and execution services provided by an autonomic manager toolkit. The prototype supports a set of policy templates developed from a policy-based storage management framework. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Organization based access control

    Publication Year: 2003 , Page(s): 120 - 131
    Cited by:  Papers (63)  |  Patents (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (380 KB) |  | HTML iconHTML  

    None of the classical access control models such as DAC, MAC, RBAC, TBAC or TMAC is fully satisfactory to model security policies that are not restricted to static permissions but also include contextual rules related to permissions, prohibitions, obligations and recommendations. This is typically the case of security policies that apply to the health care domain. We suggest a new model that provides solutions to specify such contextual security policies. This model, called organization based access control, is presented using a formal language based on first-order logic. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using UML and Maude for writing and reasoning about ODP policies

    Publication Year: 2003 , Page(s): 15 - 25
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (457 KB) |  | HTML iconHTML  

    We present a graphical UML-based notation for writing ODP actions and policies, which can be directly mapped to Maude specifications. Our approach may introduce important benefits to the (usually ambiguous) UML specifications, such as formal support, provision for rigorous specifications, and easy access to Maude's toolkit. We have developed a tool for automating the translation process and for giving access to Maude's analysis tools. In this way we try to bridge the current gap between graphical and formal notations, by providing an easy-to-use environment for modeling enterprise business systems with UML, but still with formal support. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using policies in the checking of business to business contracts

    Publication Year: 2003 , Page(s): 207 - 218
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (347 KB) |  | HTML iconHTML  

    The mechanization of business-to-business contract enforcement requires a clear architecture and a clear and unambiguous underpinning model of the way permissions and obligations are managed within organizations. Policies need to be expressed in terms of the basic model, and the expressive power available depends, in part, on the ability to compose sets of policies derived from different sources. The models used must reflect the structure of the organizations concerned and how the behaviour of organizations is constrained by broader shared rules. We consider a contract monitoring system intended to provide automated checking of business to business contracts, sets out a suitable model and explain how it can be used to guide the representation and control of contracts in a prototype monitoring system. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards policy-based information management for the Joint Battlespace Infosphere

    Publication Year: 2003 , Page(s): 85 - 88
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (332 KB) |  | HTML iconHTML  

    The vision of a Joint Battlespace Infosphere has evolved within the US department of defense as an Internet-like foundation to provide tailored information services and flow among producers and consumers of information needed to conduct military operations. The architecture envisioned for realizing this vision is based on a loosely coupled information environment using commercial standard Web protocols. One of the main obstacles to widespread acceptance of loosely coupled systems is the difficulty of establishing and maintaining control consistent with overall mission constraints and objectives. Policy-based information dissemination management is a mechanism for influencing the flow of information between publishers and subscribers in order to support diverse mission objectives. We describe research being done on the selection and integration of policy-based management services, effectively bridging the gap between those services and the information brokering capabilities of a JBI platform. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy-driven licensing model for component software

    Publication Year: 2003 , Page(s): 219 - 228
    Cited by:  Papers (4)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (871 KB)  

    Today, it is almost inevitable that software is licensed, rather than sold outright. As a part of the licensing policy, some protection mechanisms, whether hardware, legal or code-based, are invariably built into the license. The application of such mechanisms has primarily been in the realm of off-the-shelf, packaged, consumer software. However, as component-based software gradually becomes mainstream in software development, new component-oriented licensing systems are required. We propose an enterprise component licensing model for the management of software component licenses. The model provides a comprehensive license management framework allowing for extensibility and flexibility. Furthermore, we identify differences between standalone software and component software, describe a high level model for policy-driven component licensing, and discuss both the benefits and drawbacks of the enterprise component licensing model for the management of software component licenses. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Analyzing security-enhanced Linux policy specifications

    Publication Year: 2003 , Page(s): 158 - 169
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1163 KB)  

    NSA's security-enhanced (SE) Linux enhances Linux by providing a specification language for security policies and a flask-like architecture with a security server for enforcing policies defined in the language. It is natural for users to expect to be able to analyze the properties of a policy from its specification in the policy language. But this language is very low level, making the high level properties of a policy difficult to deduce by inspection. For this reason, tools to help users with the analysis are necessary. The NRL project on analyzing SE Linux policies aims first to use mechanized support to analyze an example policy specification and then to customize this support for use by practitioners in the open source software community. We describe the model policies in the analysis tool TAME, the kinds of analysis we can support, and prototype mechanical support to enable others to model their policies in TAME. We conclude with some general observations on desirable properties for a policy language. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Chisel: a policy-driven, context-aware, dynamic adaptation framework

    Publication Year: 2003 , Page(s): 3 - 14
    Cited by:  Papers (26)  |  Patents (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (372 KB) |  | HTML iconHTML  

    We argue that the software user, the developer, the designer and indeed the application logic itself all possess invaluable intelligence to gear how software should adapt itself to changing requirements and changing context. We present Chisel, an open framework for dynamic adaptation of services using reflection in a policy-driven, context-aware manner. The system is based on decomposing the particular aspects of a service object that do not provide its core functionality into multiple possible behaviours. As the execution environment, user context and application context change, the service object will be adapted to use different behaviours, driven by a human-readable declarative adaptation policy script. To demonstrate this framework we will provide a dynamically adaptive middleware for mobile computing. The framework will allow users and applications to make mobile-aware dynamic changes to the behaviour of various services of the middleware, and allow the addition of new unanticipated behaviours at run-time, without changing or stopping the middleware or an application that may be using it. This is achieved by implementing the behaviours as metatypes in Iguana/J, which supports non-invasive dynamic associations of metatypes to service objects without any requirement to interrupt, change or access the object's source code. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • PECAN: policy-enabled configuration across networks

    Publication Year: 2003 , Page(s): 52 - 62
    Cited by:  Papers (8)  |  Patents (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (316 KB) |  | HTML iconHTML  

    The Internet is growing to the point of needing more serious, scalable management infrastructure. Telecommunications companies and Internet service providers alike face the pressures of upgrading and provisioning their networks while constraining their infrastructure costs to maintain profitability and to stay competitive in an industry that is financially stressed with tight profit margins. In order to be financially successful in this environment, service providers will have to support a variety of services and applications on a combined packet infrastructure, carrying increased varieties of traffic with different performance characteristics and predictable levels of managed quality of service (QoS). Multi-protocol label switching (MPLS) traffic engineering enables service providers to engineer their networks to provide such QoS; however, this task brings along with it a plethora of management challenges. We discuss these management challenges and our experience with the design and implementation of a policy-based management system, PECAN, for managing MPLS networks. PECAN provides the ability for a network operator to define high-level policies that control the operation of the management system. These high-level policies control admission of traffic into the network based on the QoS guarantees required; placement of traffic flows on MPLS traffic engineered paths; and the feedback loop between network fault/performance monitoring and reconfiguration of the network to alleviate the effects of any observed problems. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.