D. A. Marriott, M. S. Sloman, and N. Yialelis. Management policy service for distributed systems. Technical Report DoC 95/10, Imperial College, London, 1995.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....types, which are used by the server for the access control decision. The active software capability framework uses credentials in the form of active objects, which means that our policy definition is more flexible. Finally, previous work done on flexible management for security policies [31, 16] has been of great influence. However, their framework still requires that a specific infrastructure exists, i.e. a policy editor can distribute the evaluation tokens via the policy server. Independent management of two separate domains, e.g. two companies in a virtual enterprise, becomes ....

D. A. Marriott, M. S. Sloman, and N. Yialelis. Management policy service for distributed systems. Technical Report DoC 95/10, Imperial College, London, 1995.

....1997 ) The only valid domains are those where the members have been explicitly inserted into or created in the domain. A domain can contain managed objects and also other domains. Policies are represented as objects, which were introduced in [MoSl91] A more refined design was describe in [MSY95], in which, the general format of a policy is presented as following (with optional attributes within brackets) description] policy id mode [trigger] subject action target [when constraint] parent parent] child child] xref xref] We will describe only the main attributes below (a detailed ....

.... of a policy is presented as following (with optional attributes within brackets) description] policy id mode [trigger] subject action target [when constraint] parent parent] child child] xref xref] We will describe only the main attributes below (a detailed description can be found in [MSY95]) Mode A policy has one of the following mode: A : positive authorization (permitting) A : negative authorization (forbidding) O : positive obligation (requiring) and O : negative obligation (deterring) Subject This attribute describes those objects which are to be obliged or ....

Marriott, D.A., Sloman, M.S. and Yialelis, N., "Management Policy Service for Distributed Systems", Research Report DoC 95/10, Imperial College, London, October 1995 ftp://dse.doc.ic.ac.uk/dse-papers/management/maps.ps.Z

....and component based applications to produce a list of events with a suggested list of required policies. Such automation should contribute to the generation of significantly more robust applications. Our initial policy representation used in this work is based upon the work of Sloman et al. 7] [8] that describes a policy notation for both authorisation (rights) policies and obligation (responsibility) policies. Because we want flexibility in policy definitions, we have also examined the representation of policies expressed using Ponder [9] being developed by Sloman et al. at Imperial ....

D. A. Marriott, M. Sloman, Nicholas Yialelis, "Management Policy Service for Distributed Systems", Imperial College Research Report DoC 95/10, September 1995.

....Joe may see that Building School encloses Fred 10 collocation, between Fred and Buidling School. However, such a policy cannot be expressed adequately in the conventional subject action target paradigm. This limitation can be somewhat alleviated by using policies with additional constraints [9]. By using constraints, we can actually express the required policy in a canonical form: This specifies that Joe is allowed to perform the action testForColocation(PERSON) on Building School when PERSON equals Fred. The action, here testForColocation(PERSON) contains Fred as an implicit target. ....

D. Marriott and M. Sloman. Management policy service for distributed systems. In Proceedings of the Third International Workshop on Services in Distributed and Networked Environments, pages 2-9, Macau, June 1996. IEEE CS Press.

....relationship between Fred and Buidling School. However, there is no equivalent policy of the form subject action target since the above policy is beyond the expressive power of a two dimensional access matrix. This limitation can be alleviated by using policies with additional constraints [5]. By using constraints, we can actually express the required policy in a canonical form: Joe seeat(PERSON) Building School WHEN PERSON=Fred This specifies that Joe is allowed to perform a certain action on Building School. The action, here seeat(PERSON) contains Fred as an implicit target. ....

D. Marriott and M. Sloman. Management policy service for distributed systems. In Third International Workshop on Services in Distributed and Networked Environments, pages 2--9, Macau, June 1996. IEEE CS Press.

....services for which they are responsible. This notation is the means of programming the automated agents in network components which interpret policy but can also be used to specify higher level abstract policies or goals which are interpreted by humans or are refined into implementable policies [12], 13] 14] Another reason to have a precise notation is that policies may be specified by multiple distributed administrators so conflicts between policies can arise. Our notation can be analysed by tools to detect and, in some cases, resolve conflicts. Implementable policies are directly ....

....or can be internal to the agent. The functionality of an agent could be dynamically modified using Management by Delegation techniques to load new code, but this has not been implemented in our prototype. More details on the syntax, and implementation issues of the policy service can be found in [12], 13] 14] Java Interpreter CORBA interaction service Load, Remove, Enable, Disable, policies Policies Application specific, predefined management functions Events Operations on target objects Ge ne r c Interface Application Specific Interface Fig. 3 Obligation Policy Agent ....

Marriott, D., Sloman, M.: Management Policy Service for Distributed Systems. 3 rd IEEE Int. Workshop on Services in Distributed and Networked Environments, Macau, 2--9, 1996.

No context found.

Marriott, D. and M. Sloman (1996a). Management Policy Service for Distributed Systems. Proceedings of the 3 rd IEEE International Workshop on Services in Distributed and Networked Environments (SDNE 96), Macau, pp. 2--9.

....policies is given below with optional arguments within brackets: policy id mode [ trigger ] subject action target [ when constraint ] where Subject and Target denote sets of managers and target objects specified by domain scope expressions. The policy format and use is described in [Marriott 95] Example policies are: anonymous users are authorised to browse the Presentation Agent p purchase 1 A u:users browse( Presentation AG when u.type = anonymous ; on a connection request event, the security manager has to authenticate the user p access 1 O on ....

....authorised to purchase p purchase 3 A u:users purchase( Presentation AG when u.type = anonymous ; Policies can specify actions at different levels of abstraction. A refinement hierarchy can therefore be built from the more abstract policies to the enactable leaf level policies (rules) Marriott 95] Abstract policies can only be interpreted by humans while leaf level policies are interpreted by automated components. The management policies, grouped in a role, scope the responsibilities relating to that role in terms of the activities to be performed, the target objects to which the ....

D. A. Marriott, M. Sloman, and N. Yialelis, "Management Policy Service for Distributed Systems," Imperial College - London Research Report DoC 95/10, Sep. 1995.

No context found.

Marriott, D. and M. S. Sloman (1996b). "Management Policy Service for Distributed Systems", IEEE International Workshop on Services in Distributed and Networked Environments (SDNE 96), Macau.

....sets are specified using domain scope expressions. Obligation policies can be triggered by time or by composite events detected within the monitoring system [16] Constraints limit the applicability of the policy e.g. between the hours of 09.00 and 17.00. The policy format and use is described in [17]. Examples of policies are: payment 1 O at [31 Dec ] accountant pay(percentage of profits, credit transfer, pounds sterling) subcontractor ; On 31 of December of every year the accountant is obliged to pay a percentage of the profits in pounds by credit transfer to the subcontractor. ....

....A refinement hierarchy can therefore be built from the more abstract policies, which can only be interpreted by humans, to the enactable leaf level policies or rules which can be interpreted by automated components. Tools for policy editing and services have been implemented and are described in [17]. 4 3. Concepts for Role Based Management In this section we elaborate on how the concepts of domains and policies can be applied to modeling roles. In [1] a Role is defined as a collection of rights and duties and a Position describes a status within the organization. The role specifies ....

[Article contains additional citation context not shown here]

D. A. Marriott, M. S. Sloman, and N. Yialelis, "Management Policy Service for Distributed Systems," Department of Computing - Imperial College (London), Research Report DoC 95/10, September 1995.

No context found.

Marriott, D. and Sloman M. (1996a). Management Policy Service for Distributed Systems.

....Objects are maintained within Policy Servers (see figure 2.6) which collectively provide the policy service. A policy server object is the factory that creates policy objects. A user that has the necessary access privileges can create, edit, activate and delete policies using a Policy Editor [8]. When a policy is activated, Policy scope Evaluation Tokens (PETs) are propagated down the domain structure by the domain service. These tokens contain the OID of the policy object and information related to the scope 4 expressions of the policy. This information is used by the domain service ....

D. Marriott and M. Sloman, "Management Policy Service for Distributed Systems", Imperial College Research Report DoC 95/10, 1995, ftp://dse.doc.ic.ac.uk/dsepapers /management/maps.ps.Z.

....shut down or corrupt the system being managed. Only authorised users should be able to modify the management policy i.e. access control and authentication mechanisms are needed for security control (Yialelis et al. 1996) We have defined a notation for specifying two kinds of management policy (Marriott et al. 1996): Authorisation policies define what activities a subject (manager or agent) can perform on a set of target objects or what monitored information can be received e.g. A Sregion agents lu1 , lu2 : enable( disable( reset( off( Sregion when (time 08:00) time 18:00) Sregion ....

Marriott, D., Sloman, M. (1996) Management Policy Service for Distributed Systems, IEEE Services in Distributed and Network Environments (SDNE 96), Macau, June 1996.

....Policy Objects are maintained within Policy Servers (see figure 2.6) A Policy Server Object in the address space of a policy server is the factory that creates the policy objects. A user that has the necessary access privileges can create, edit, activate and delete policies using a Policy Editor [Marriott et al. 1995]. When a policy is activated, Policy scope Evaluation Tokens (PETs) are propagated down the domain structure by the domain service. These tokens contain the OID of the policy object and information related to the scope expressions of the policy. This information is used by the domain service and ....

Damian Marriott and Morris Sloman, "Management Policy Service for Distributed Systems", Research Report DoC 95/10, Imperial College, 1995.

....this membership. 2.2 Access control policies We consider a policy in its simplest form to be a relationship between a subject and a target. An obligation policy determines what operations the subject must (or must not) invoke on the target object, but are beyond the scope of this paper see [5] for further details. An authorisation or access control policy determines what operations the subject is permitted (positive authorisation) or forbidden (negative authorisation) to perform on the target. We allow the use of negative authorisation policies at the specification level as they are ....

....(see Fig. 3.1) 3.1 Policy Service Policy Objects are maintained within the servers of the policy service and are registered within domains. An administrator who has the necessary access privileges to the domain can create, edit, activate, disable and delete policies using a Policy Editor [5]. When an (extended) access control policy is activated, it is distributed to the ACAs of the hosts maintaining objects to which the policy applies (see Fig. 3.2) The domain service is queried to determine which objects are in the subject, target and grantee scope of the policy. The scopes of an ....

D. Marriott and M. Sloman, "Management Policy Service for Distributed Systems," IEEE Third Int. Workshop on Services in Distributed and Networked Environments (SDNE'96), June 1996, Macau, pp. 2-9

....using domain scope expressions. Positive obligation policies can be triggered by time or by composite events detected within the monitoring system [8] Constraints limit the applicability of the policy e.g. between the hours of 09.00 and 17.00. The policy format and use is further described in [9]. Examples of policies are: every day nurses are obliged to generate a status log of the drugs used O every [1 day] n: nurses generate log(n) drugs db; nurses are not authorised to validate discharges A nurses validate patients discharges; Policies can specify ....

....A refinement hierarchy can therefore be built from the more abstract policies, which can only be interpreted by humans, to the enactable leaf level policies or rules which can be interpreted by automated components. Tools for policy editing and services have been implemented and are described in [9], 10] Authorisation policies are translated into access control lists which are interpreted by security agents in the target system [11] and obligation policies are disseminated to distributed automated management agents for interpretation [10] 2.3 Meta Policies Several policies may apply to ....

D. Marriott and M. Sloman, "Management Policy Service for Distributed Systems", IEEE Third Int. Workshop on Services in Distributed and Networked Environments (SDNE'96), pp. 29, Macau , June 1996.

No context found.

Damian A. Marriott, Morris S. Sloman. Management Policy Service for Distributed Systems. IEEE 3 rd International Workshop on Services in Distributed and Networked Environments (SDNE'96), Macau, June 1996, IEEE Computer Society Press.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC