Journal ArticleDOI
Conflicts in policy-based distributed systems management
Emil Lupu,Morris Sloman +1 more
TLDR
The paper discusses the various precedence relationships that can be established between policies in order to allow inconsistent policies to coexist within the system and presents a conflict analysis tool which forms part of a role based management framework.Abstract:
Modern distributed systems contain a large number of objects and must be capable of evolving, without shutting down the complete system, to cater for changing requirements. There is a need for distributed, automated management agents whose behavior also has to dynamically change to reflect the evolution of the system being managed. Policies are a means of specifying and influencing management behavior within a distributed system, without coding the behavior into the manager agents. Our approach is aimed at specifying implementable policies, although policies may be initially specified at the organizational level and then refined to implementable actions. We are concerned with two types of policies. Authorization policies specify what activities a manager is permitted or forbidden to do to a set of target objects and are similar to security access-control policies. Obligation policies specify what activities a manager must or must not do to a set of target objects and essentially define the duties of a manager. Conflicts can arise in the set of policies. Conflicts may also arise during the refinement process between the high level goals and the implementable policies. The system may have to cater for conflicts such as exceptions to normal authorization policies. The paper reviews policy conflicts, focusing on the problems of conflict detection and resolution. We discuss the various precedence relationships that can be established between policies in order to allow inconsistent policies to coexist within the system and present a conflict analysis tool which forms part of a role based management framework. Software development and medical environments are used as example scenarios.read more
Citations
More filters
Book ChapterDOI
The Ponder Policy Specification Language
TL;DR: The Ponder language provides a common means of specifying security policies that map onto various access control implementation mechanisms for firewalls, operating systems, databases and Java.
Journal ArticleDOI
A survey of autonomic computing—degrees, models, and applications
TL;DR: An introduction to the motivation and concepts of autonomic computing is provided and some research that has been seen as seminal in influencing a large proportion of early work is described, including the works that have provided significant contributions to an established reference model.
Proceedings ArticleDOI
A policy language for a pervasive computing environment
TL;DR: A policy language designed for pervasive computing applications that is based on deontic concepts and grounded in a semantic language that demonstrates the feasibility of the policy language in pervasive environments through a prototype used as part of a secure pervasive system.
Journal ArticleDOI
Delegation logic: A logic-based approach to distributed authorization
TL;DR: D1LP provides a concept of proof-of-compliance that is founded on well-understood principles of logic programming and knowledge representation, and provides a logical framework for studying delegation.
Proceedings ArticleDOI
KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement
A. Uszok,Jeffrey M. Bradshaw,R. Jeffers,Niranjan Suri,Patrick J. Hayes,M. Breedy,Larry Bunch,M. Johnson,S. Kulkarni,James Lott +9 more
TL;DR: The KAoS services rely on a DAML description-logic-based ontology of the computational environment, application context, and the policies themselves that enables runtime extensibility and adaptability of the system, as well as the ability to analyze policies relating to entities described at different levels of abstraction.
References
More filters
Journal ArticleDOI
Role-based access control models
TL;DR: Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed.
Journal ArticleDOI
Goal-directed requirements acquisition
TL;DR: An approach to requirements acquisition is presented which is driven by higher-level concepts that are currently not supported by existing formal specification languages, such as goals to be achieved, agents to be assigned, alternatives to be negotiated, etc.
Proceedings ArticleDOI
Towards modelling and reasoning support for early-phase requirements engineering
TL;DR: This paper argues that a different kind of modelling and reasoning support is needed for the early phase of requirements engineering, which aims to model and analyze stakeholder interests and how they might be addressed, or compromised, by various system-and-environment alternatives.
Proceedings ArticleDOI
A Comparison of Commercial and Military Computer Security Policies
David D. Clark,David R. Wilson +1 more
TL;DR: It is argued that a lattice model is not sufficient to characterize integrity policies, and that distinct mechanisms are needed to Control disclosure and to provide integrity.
Journal ArticleDOI
Representing and using nonfunctional requirements: a process-oriented approach
TL;DR: A comprehensive framework for representing and using nonfunctional requirements during the development process is proposed and evidence for the power of the framework is provided through the study of accuracy and performance requirements for information systems.