-
[show abstract]
[hide abstract]
ABSTRACT: In a disaster-recovery mission, rescuers need to coordinate their operations and exchange information to make the right judgments and perform their statutory duties. The information exchanged may be privileged or sensitive and not generally in the public domain. For instance, the assessment of the risk level in the disaster area where a chemical plant is located requires data about the nature of the potential chemical hazards and the probability of an hazardous event to occur. Such data may contain information that could be of value to a rival company and may generate chaos if released to the public. Retaining control of data that is shared between organisations can be achieved by deploying Enterprise Rights Management (ERM) systems. However, ERM systems rely on centralised authorities that must be contacted by client applications to obtain access rights. Such centralised solutions are not practical in a disaster scenario where communication infrastructure may have been damaged by the event making very difficult to establish reliable wide-are communications. In this paper, we propose a solution for the enforcement of usage control policies that leverage on the data dissemination model of Opportunistic Networks (oppnets). Our solution, named xDUCON, relies on the data abstraction of the Shared Data Space (SDS). Data and usage control policies are represented as tuples that are disseminated across the available SDSs connected through the oppnets.
Policies for Distributed Systems and Networks (POLICY), 2010 IEEE International Symposium on; 08/2010
-
[show abstract]
[hide abstract]
ABSTRACT: Body sensor networks (BSNs) for healthcare have more stringent security and context adaptation requirements than required in large-scale sensor networks for environment monitoring. Policy-based management enables flexible adaptive behavior by supporting dynamic loading, enabling and disabling of policies without shutting down nodes. This overcomes many of the limitations of sensor operating systems, such as TinyOS, which do not support dynamic modification of code. Alternative schemes for adaptation, such as network programming, have a high communication cost and suffer from operational interruption. In addition, a policy-driven approach enables fine-grained access control through specifying authorization policies. This paper presents the design, implementation and evaluation of an efficient policy system called Finger which enables policy interpretation and enforcement on distributed sensors to support sensor level adaptation and fine-grained access control. It features support for dynamic management of policies, minimization of resources usage, high responsiveness and node autonomy. The policy system is integrated as a TinyOS component, exposing simple, well-defined interfaces which can easily be used by application developers. The system performance in terms of processing latency and resource usage is evaluated.
IEEE Transactions on Network and Service Management 10/2009;
-
[show abstract]
[hide abstract]
ABSTRACT: Firewalls remain the main perimeter security protection for corporate networks. However, network size and complexity make firewall configuration and maintenance notoriously difficult. Tools are needed to analyse firewall configurations for errors, to verify that they correctly implement security requirements and to generate configurations from higher-level requirements. In this paper we extend our previous work on the use of formal argumentation and preference reasoning for firewall policy analysis and develop means to automatically generate firewall policies from higher-level requirements. This permits both analysis and generation to be done within the same framework, thus accommodating a wide variety of scenarios for authoring and maintaining firewall configurations. We validate our approach by applying it to both examples from the literature and real firewall configurations of moderate size (ap 150 rules).
Integrated Network Management, 2009. IM '09. IFIP/IEEE International Symposium on; 07/2009
-
[show abstract]
[hide abstract]
ABSTRACT: Policy-based management provides the ability to (re-)configure differentiated services networks so that desired Quality of Service (QoS) goals are achieved. This requires implementing network provisioning decisions, performing admission control, and adapting bandwidth allocation to emerging traffic demands. A policy-based approach facilitates flexibility and adaptability as policies can be dynamically changed without modifying the underlying implementation. However, inconsistencies may arise in the policy specification. In this paper we provide a comprehensive set of QoS policies for managing Differentiated Services (DiffServ) networks, and classify the possible conflicts that can arise between them. We demonstrate the use of Event Calculus and formal reasoning for the analysis of both static and dynamic conflicts in a semi-automated fashion. In addition, we present a conflict analysis tool that provides network administrators with a user-friendly environment for determining and resolving potential inconsistencies. The tool has been extensively tested with large numbers of policies over a range of conflict types.
IEEE Transactions on Network and Service Management 04/2009;
-
[show abstract]
[hide abstract]
ABSTRACT: This paper describes a reconfigurable architecture based on field-programmable gate-array (FPGA) technology for monitoring and analyzing network traffic at increasingly high network data rates. Our approach maps the performance-critical tasks of packet classification and flow monitoring into reconfigurable hardware, such that multiple flows can be processed in parallel. We explore the scalability of our system, showing that it can support flows at multi-gigabit rate; this is faster than most software-based solutions where acceptable data rates are typically no more than 100 million bits per second.
IEEE Transactions on Very Large Scale Integration (VLSI) Systems 02/2008; · 1.22 Impact Factor
-
[show abstract]
[hide abstract]
ABSTRACT: With the proliferation of personal computing devices users are creating a variety of digitized personal information, from personal contact databases and multimedia content to context data such as location, activity and mood. Preventing unintended disclosure of such information is a key motivator for developing privacy management frameworks. It is equally critical that protecting privacy does not prevent users from completing essential tasks. Current efforts in privacy management have focussed on notations for privacy policy specification and on user interaction design for privacy management. However, little has been done to support automated analysis and learning of privacy policies. We advocate an approach based on inductive logic programming (ILP) for automatic learning of privacy policies. ILP is preferred over statistical learning techniques because it produces rules (privacy policies) which are comprehensible to the user and amenable to automated analysis.
Policies for Distributed Systems and Networks, 2007. POLICY '07. Eighth IEEE International Workshop on; 07/2007
-
[show abstract]
[hide abstract]
ABSTRACT: Policy-based management provides the ability to (re-) configure differentiated services networks so that desired quality of service (QoS) goals are achieved. Relevant configuration involves implementing network provisioning decisions, performing admission control, and adapting bandwidth allocation dynamically according to emerging traffic demands. A policy-based approach facilitates flexibility and adaptability in that the policies can be changed without changing the implementation. However, as with any other complex system, conflicts and inconsistencies may arise in the policy specification. In this work, we concentrate on the policy conflicts that may occur for static resource management aspects of QoS provisioning, known as network dimensioning. The paper shows how conflict detection can be achieved using event calculus in conjunction with abductive reasoning techniques to detect the existence of potential conflicts in partial specification and generate explanations for the conditions under which the conflicts arise. We finally present some conflict detection examples from our initial implementation of a policy conflict analysis tool. Although we focus on network dimensioning, many of the types of conflicts we illustrate could arise in other applications.
Policies for Distributed Systems and Networks, 2005. Sixth IEEE International Workshop on; 07/2005
-
[show abstract]
[hide abstract]
ABSTRACT: As the interest in using policy-based approaches for systems management grows, it is becoming increasingly important to develop methods for performing analysis and refinement of policy specifications. Although this is an area that researchers have devoted some attention to, none of the proposed solutions address the issue of deriving implementable policies from high-level goals. A key part of the solution to this problem is having the ability to identify the operations, available on the underlying system, which can achieve a given goal. This work presents an approach by which a formal representation of a system, based on the event calculus, can be used in conjunction with abductive reasoning techniques to derive the sequence of operations that will allow a given system to achieve a desired goal. Additionally it outlines how this technique might be used for providing tool support and partial automation for policy refinement. Building on previous work on using formal techniques for policy analysis, the approach presented here applies a transformation of both policy and system behaviour specifications into a formal notation that is based on event calculus. Finally, it shows how the overall process could be used in conjunction with UML modelling and illustrates this by means of an example.
Policies for Distributed Systems and Networks, 2004. POLICY 2004. Proceedings. Fifth IEEE International Workshop on; 07/2004
-
[show abstract]
[hide abstract]
ABSTRACT: As the interest in using policy-based approaches for systems management grows, it is becoming increasingly important to develop methods for performing analysis and refinement of policy specifications. Although this is an area that researchers have devoted some attention to, none of the proposed solutions address the issues of analysing specifications that combine authorisation and management policies; analysing policy specifications that contain constraints on the applicability of the policies; and performing a priori analysis of the specification that will both detect the presence of inconsistencies and explain the situations in which the conflict will occur. We present a method for transforming both policy and system behaviour specifications into a formal notation that is based on event calculus. Additionally it describes how this formalism can be used in conjunction with abductive reasoning techniques to perform a priori analysis of policy specifications for the various conflict types identified in the literature. Finally, it presents some initial thoughts on how this notation and analysis technique could be used to perform policy refinement.
Policies for Distributed Systems and Networks, 2003. Proceedings. POLICY 2003. IEEE 4th International Workshop on; 07/2003
-
[show abstract]
[hide abstract]
ABSTRACT: Modern distributed systems contain a large number of objects and
must be capable of evolving, without shutting down the complete system,
to cater for changing requirements. There is a need for distributed,
automated management agents whose behavior also has to dynamically
change to reflect the evolution of the system being managed. Policies
are a means of specifying and influencing management behavior within a
distributed system, without coding the behavior into the manager agents.
Our approach is aimed at specifying implementable policies, although
policies may be initially specified at the organizational level and then
refined to implementable actions. We are concerned with two types of
policies. Authorization policies specify what activities a manager is
permitted or forbidden to do to a set of target objects and are similar
to security access-control policies. Obligation policies specify what
activities a manager must or must not do to a set of target objects and
essentially define the duties of a manager. Conflicts can arise in the
set of policies. Conflicts may also arise during the refinement process
between the high level goals and the implementable policies. The system
may have to cater for conflicts such as exceptions to normal
authorization policies. The paper reviews policy conflicts, focusing on
the problems of conflict detection and resolution. We discuss the
various precedence relationships that can be established between
policies in order to allow inconsistent policies to coexist within the
system and present a conflict analysis tool which forms part of a role
based management framework. Software development and medical
environments are used as example scenarios
IEEE Transactions on Software Engineering 12/1999; · 1.98 Impact Factor
-
-
[show abstract]
[hide abstract]
ABSTRACT: This book summarizes the state of research and practice in this emerging field of network and system administration, in an anthology of chapters written by the top academics in the field. The authors include members of the IST-EMANICS Network of Excellence in Network Management.
-
[show abstract]
[hide abstract]
ABSTRACT: Policy-based dynamic resource management may involve interaction between independent decision-making components which can lead to conflicts. For example, conflicts can occur between the policies for allocating resources and those setting quotas for users or classes of service. These policy conflicts cannot be detected by static analysis of the policies at specification-time as the conflicts arise from the current state of the resources within the system and so can only be detected at run-time. In this paper we use policies related to quality of service (QoS) provisioning for configuring differentiated services (DiffServ) networks to illustrate techniques for the dynamic detection and resolution of conflicts. Configuration includes implementing network provisioning decisions, performing admission control, and adapting bandwidth allocation dynamically according to emerging traffic demands. We identify possible conflicts between policies that manage the allocation of resources, and we also investigate conflicts that may arise between these policies and higher-level directives refined at the dynamic resource management level, acting as constraints. The paper shows how event calculus can be used to detect conflicts, focusing on the ones that emerge at run-time, and provides an approach for specifying policies to automate conflict resolution. The latter is demonstrated through our initial implementation of a dynamic conflict analysis tool
-
[show abstract]
[hide abstract]
ABSTRACT: Firewalls remain the main perimeter security protection for corporate networks. However, network size and complexity make firewall configuration and maintenance notoriously difficult. Tools are needed to analyse firewall configurations for errors, to verify that they correctly implement security requirements and to generate configurations from higher-level requirements. In this paper we extend our previous work on the use of formal argumentation and preference reasoning for firewall policy analysis and develop means to automatically generate firewall policies from higher-level requirements. This permits both analysis and generation to be done within the same framework, thus accommodating a wide variety of scenarios for authoring and maintaining firewall configurations. We validate our approach by applying it to both examples from the literature and real firewall configurations of moderate size (ap 150 rules).
