Conference Paper

Dynamic Policy Analysis and Conflict Resolution for DiffServ Quality of Service Management.

Centre for Commun. Syst. Res., Surrey Univ., Guildford
DOI: 10.1109/NOMS.2006.1687560 Conference: Management of Integrated End-to-End Communications and Services, 10th IEEE/IFIP Network Operations and Management Symposium, NOMS 2006, Vancouver, Canada, April 3-7, 2006. Proceedings
Source: DBLP

ABSTRACT Policy-based dynamic resource management may involve interaction between independent decision-making components which can lead to conflicts. For example, conflicts can occur between the policies for allocating resources and those setting quotas for users or classes of service. These policy conflicts cannot be detected by static analysis of the policies at specification-time as the conflicts arise from the current state of the resources within the system and so can only be detected at run-time. In this paper we use policies related to quality of service (QoS) provisioning for configuring differentiated services (DiffServ) networks to illustrate techniques for the dynamic detection and resolution of conflicts. Configuration includes implementing network provisioning decisions, performing admission control, and adapting bandwidth allocation dynamically according to emerging traffic demands. We identify possible conflicts between policies that manage the allocation of resources, and we also investigate conflicts that may arise between these policies and higher-level directives refined at the dynamic resource management level, acting as constraints. The paper shows how event calculus can be used to detect conflicts, focusing on the ones that emerge at run-time, and provides an approach for specifying policies to automate conflict resolution. The latter is demonstrated through our initial implementation of a dynamic conflict analysis tool

  • [Show abstract] [Hide abstract]
    ABSTRACT: Dynamic system management may involve interaction between independent decision-making components which can lead to conflicts. Policy-based Managers Coordination (PobMC) was proposed as an adaptive framework that may handle such conflicts. In PobMC, policies are used to adapt the system behavior, coordinate managers' tasks and allow us to decouple the adaptation concerns from the application code. Thus, it is required to ensure whether the governing policies are enforced correctly. In this paper we check and evaluate the dynamic conflict avoidance algorithm proposed in our previous works. Policy combination algorithms (PACs) concepts are used in the analysis and the evaluation to avoid policy conflicts and to reach a unique decision.
    Computing and Convergence Technology (ICCCT), 2012 7th International Conference on; 01/2012
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Configuring a large number of routers and network devices to achieve quality of service (QoS) goals is a challenging task. In a differentiated services (DiffServ) environment, traffic flows are assigned specific classes of service, and service level agreements (SLA) are enforced at routers within each domain. We present a model for QoS configurations that facilitates efficient property-based verification. Network configuration is given as a set of policies governing each device. The model efficiently checks the required properties against the current configuration using computation tree logic (CTL) model checking. By symbolically modeling possible decision paths for different flows from source to destination, properties can be checked at each hop, and assessments can be made on how closely configurations adhere to the specified agreement. The model also covers configuration debugging given a specific QoS violation. Efficiency and scalability of the model are analyzed for policy per-hop behavior (PHB) parameters over large network configurations.
  • [Show abstract] [Hide abstract]
    ABSTRACT: Multi-policy supporting is a security mechanism which can control security system’s action based on more than one policy. This mechanism can enhance the security of system greatly. The exiting typical access cont 1 rol models, such as MAC, DAC, RBAC, are not multi-policy supporting. This paper provides a multi-policy supporting access control model (MPSAC). Because of the complexity of applying multiple policies in MPSAC, we not only define the model’s session and policy, but also illustrate session’s logic relationship, policy conflict, policy decision rules and the implementation method. Different from the exiting access models, a comprehensive description mechanism in MPSAC is proposed to depict the session’s property, and a systemic description and management method are proposed for policy. In order to enforce the policy effectively and improve the model’s flexibility, a new framework for MPSAC is provided, which separates application logic, security control logic and security policy from each other. The application of MPSAC is provided in a hospital information system.

Full-text (2 Sources)

Available from
May 21, 2014