Proceedings of the International Workshop, POLICY 2001, Policies for Distributed Systems and Networks, held in Bristol, UK, in January 2001. Main topics covered include policy specification and analysis, RBAC and security policy, network policy realization, and perspectives on policy architectures. Softcover.
Author(s): Morris Sloman, Jorge Lobo, Emil C. Lupu
Series: Lecture notes in physics 1995
Edition: 1
Publisher: Springer
Year: 2001
Language: English
Pages: 270
Lecture Notes in Computer Science......Page 1
Springer......Page 2
Policies for Distributed Systems and Networks......Page 3
Preface......Page 5
Sponsoring Institution......Page 6
Network Policy Realization......Page 7
Perspectives on Policy Architectures......Page 8
1. Introduction......Page 9
3. Framework for Specifying Policy......Page 12
4. Formalising the Policies......Page 14
5. Refinement of Policies......Page 15
6.1. Default Policies......Page 18
6.2. Dynamic Policies......Page 19
6.3. Delegation of Obligation......Page 20
6.3.2. Shared Obligation.......Page 21
6.3.4. Outsourced Obligation.......Page 22
6.6. One Action or Many Actions?......Page 23
7. Conclusions and Open Questions......Page 24
References......Page 25
Introduction......Page 26
Authorisation Policies......Page 28
Information Filtering Policies......Page 30
Delegation Policies......Page 31
Refrain Policies......Page 32
Obligation Policies......Page 33
Basic Policy Constraints......Page 34
Meta-policies......Page 35
Roles......Page 37
Type Specialisation and Role Hierarchies......Page 38
Relationships......Page 39
Management Structures......Page 40
Class Hierarchy......Page 41
Imports......Page 42
Related Work......Page 43
Conclusion and Further Work......Page 44
References......Page 45
1 Introduction......Page 47
2.1 Security Requirement Analysis......Page 50
2.2 Definitions of Security Requirements and Implementation Policies......Page 51
2.3.2 Security Coverage Requirement Satisfaction......Page 53
2.3.3 Content Access Requirement Satisfaction......Page 54
3.1 IPSec Policy Processing......Page 55
3.2 Policy Verification Algorithm......Page 56
4 IPSec Policy Conflict Resolution......Page 58
5 Celestial – An Inter-domain Security Management System......Page 61
6 Related Work......Page 62
References......Page 63
Introduction......Page 65
Policies......Page 67
Action Constraints......Page 70
Monitors......Page 71
Action Monitors......Page 72
Event Monitors......Page 73
General Properties of Monitors......Page 74
Temporal Action Constraints......Page 75
System Implementation......Page 76
Related Work......Page 78
References......Page 79
1 Background......Page 81
2 Legislative Framework......Page 82
3 Specification......Page 84
3.2 Access Rights......Page 85
4 Implementation......Page 86
4.1 Basic Issues, Creation of Information......Page 87
4.3 Anonymization......Page 88
5 Orthogonality with Partner Security Policies......Page 89
6 A Case Study......Page 92
7 Final Comments......Page 93
References......Page 94
1. Introduction......Page 96
2. A Language Based Approach......Page 97
3. Access Control Language: Tower......Page 98
4. Basic RBAC Structures......Page 100
4.2 Permissions......Page 101
4.3 Roles......Page 103
4.5 Ownership of Objects and Structures......Page 104
4.6 System Evolution : Alterations to Structure Values......Page 106
5.1 Role Hierarchy......Page 107
5.3 Separation of Duties......Page 108
5.4 Chinese Wall Policy......Page 109
5.6 Joint Action Based Policies......Page 110
5.7 Limiting Number of Accesses......Page 111
7. Brief Comparison with Other Work......Page 112
8. Concluding Remarks......Page 113
References......Page 114
Introduction......Page 115
Electronic Health Records: A Federated Management Problem......Page 116
Privacy Requirements for Virtual Health Records......Page 117
Legal and Ethical Constraints Governing Access......Page 118
Role-Based Access Control: Horn Clause Logic......Page 119
Expressing Policy for Role Entry (Authentication)......Page 120
Expressing Policy in Pseudo-natural Language......Page 121
Representing Policy in Higher Order Logic......Page 122
Translation to First-Order Predicate Calculus......Page 123
Design and Use of Audit Records......Page 124
Evaluation and Future Work......Page 125
Acknowledgements......Page 126
1. Introduction......Page 128
2. Model-Based Management......Page 130
3. Linux IPchains......Page 131
4. Model......Page 132
4.1. Level RO......Page 133
4.2. Level SR......Page 134
4.3. Level ND......Page 135
5. Interactive Filter Design......Page 137
6. Tool......Page 142
7. Concluding Remarks......Page 143
References......Page 144
1. Introduction......Page 145
2. The QoS Management Tool......Page 147
3. QoS Views......Page 149
4. View Transformation Logic......Page 152
5.1 Configuration Distributor......Page 154
5.2 Resource Discovery Mechanisms......Page 155
6. Sample QoS Configuration......Page 156
7. Conclusions and Future Work......Page 158
8. Acknowledgements......Page 159
References......Page 160
Introduction......Page 161
Related Work......Page 162
The Core Goals Schema......Page 163
Schema Extension for Application-Level QoS Goals......Page 166
Schema Extension for Resource Utilization Goals......Page 167
Schema Extension for Resource Access Permission Goals......Page 168
Schema Applied to Example Goals......Page 169
Prototype Implementation......Page 172
Graphical Interface for Goal Specification......Page 174
Use of Software Components for Policy Enforcement Logic......Page 175
Summary......Page 176
References......Page 177
1. Introduction......Page 179
2. Methods for Passing Information......Page 180
3.1 Concatenation......Page 181
3.2 Parallel Application......Page 182
3.3 Selection......Page 183
3.4 Repetition......Page 185
4.1 Definitions......Page 186
4.2 Examples......Page 187
5.1 Clarification of the Semantics......Page 189
5.3 Adaptation to a Variety of Devices......Page 190
6. Summary and Conclusion......Page 191
References......Page 192
Introduction......Page 193
Strategy......Page 194
Enforcement......Page 195
Specifying Application QoS Policies......Page 196
Enforcement Architecture......Page 197
Instrumented Process......Page 198
Coordinator......Page 200
Quality of Service Host Manager and Domain Manager......Page 201
Information Model......Page 202
Description of Components......Page 203
Prototype......Page 204
Dynamic QoS Management......Page 205
Discussion......Page 206
References......Page 208
1. Introduction......Page 210
2. ALAN......Page 211
3. Management Architecture......Page 213
4. Autonomous Controller......Page 215
5. Policy Classification......Page 216
6. Policy Store......Page 218
7. Discussion......Page 220
References......Page 221
1 Introduction......Page 222
2 Policy Requirements for Agent Systems......Page 224
3 The Ponder Language for Agent Systems......Page 225
4 The SOMA Policy Enforcement Architecture......Page 227
4.1 The Policy Specification Service......Page 228
4.3 The Policy Coordinator Service......Page 230
4.4 The Authorisation Enforcement Service......Page 231
4.5 The Obligation Enforcement Service......Page 232
5 Case Study......Page 234
6 Conclusions......Page 235
References......Page 236
Introduction......Page 238
Policy-Based Management in the Research Community......Page 239
IETF Policy-Based Networking......Page 241
Policies as Means for Programmable, Extensible Management Systems......Page 242
Hierarchical Policies......Page 244
The TEQUILA Functional Architecture......Page 247
Hierarchical Policy Management in the TEQUILA System......Page 248
An Example of Hierarchical Policy Decomposition......Page 250
Summary and Future Work......Page 253
References......Page 254
Introduction......Page 255
The Motivation......Page 257
General Overview......Page 259
The Entities......Page 262
Parameter Optimization......Page 265
Representation of Policies in the iPDP......Page 266
Communication between PDP and PEP......Page 267
References......Page 268
Author Index......Page 270
