Results 1 - 10
of
45
Policy Hierarchies for Distributed Systems Management
- IEEE Journal on Selected Areas in Communications
, 1993
"... Distributed system management, involves monitoring the activity of a system, making management decisions and performing control actions to modify the behaviour of the system. Most of the research on management has concentrated on management mechanisms related to Network Management or Operating Syste ..."
Abstract
-
Cited by 122 (9 self)
- Add to MetaCart
(Show Context)
Distributed system management, involves monitoring the activity of a system, making management decisions and performing control actions to modify the behaviour of the system. Most of the research on management has concentrated on management mechanisms related to Network Management or Operating Systems. However, in order to automate the management of very large distributed systems, it is necessary to be able to represent and manipulate management policy within the system. These objectives are typically set out in the form of general policies which require detailed interpretation by the system managers. This paper explores the refinement of general high-level policies into a number of more specific policies to form a policy hierarchy in which each policy in the hierarchy represents, to its maker, his plans to meet his objectives and, to its subject, the objectives which he must plan to meet. Management action policies are introduced, and the distinction between imperatival and authority policies is made. The relationship of hierarchies of imperatival policies to responsibility, and to authority policies, is discussed. An outline approach to the provision of automated support for the analysis of policy hierarchies is provided, by means of a more formal definition of policy hierarchy refinement relationships in Prolog. Keywords: Management policy, policy specifications, authorisation, obligation.
Regis: A Constructive Development Environment for Distributed Programs
- Distributed Systems Engineering Journal
, 1994
"... Regis is a programming environment aimed at supporting the development and execution of distributed programs. It embodies a constructive approach to the development of programs based on separating program structure from communication and computation. The emphasis is on constructing programs from mul ..."
Abstract
-
Cited by 103 (24 self)
- Add to MetaCart
(Show Context)
Regis is a programming environment aimed at supporting the development and execution of distributed programs. It embodies a constructive approach to the development of programs based on separating program structure from communication and computation. The emphasis is on constructing programs from multiple parallel computational components which cooperate to achieve the overall goal. The environment is designed to easily accommodate multiple communication mechanisms and primitives. Both the computational and communication elements of Regis programs are programmed in the Object Oriented programming language C++. The elements are combined into distributed programs using the configuration language Darwin. The paper describes programming in Regis through a set of small example programs drawn from the implementation of an Active Badge system. Keywords configuration programming, dynamic reconfiguration, inter-process communication, distributed programming language, software development enviro...
Policy Conflict Analysis in Distributed System Management
, 1993
"... Distributed system management is concerned with the tasks needed to ensure that large distributed systems can function in accordance with the objectives of their users. These objectives are typically set out in the form of policies which are interpreted by the system managers. There are benefits to ..."
Abstract
-
Cited by 81 (11 self)
- Add to MetaCart
Distributed system management is concerned with the tasks needed to ensure that large distributed systems can function in accordance with the objectives of their users. These objectives are typically set out in the form of policies which are interpreted by the system managers. There are benefits to be gained by providing automated support for human managers, or actually automating routine management tasks. In order to do this, it is desirable to have a model of policies as objects which can be interpreted by the system itself. The model is summarised. It is clear that there is the potential for conflicts between policies. These conflicts may be resolved informally by human managers, but if an automated system is to recognise them and resolve them appropriately it is necessary first of all to analyse the types of conflict which may occur. We analyse the types of overlap which may occur between policies, and show that this analysis corresponds to several familiar types of policy conflict...
Policydriven Middleware for Self-Adaptation of Web Service Compositions
- In Proc. of the 7th International Middleware Conference (Middleware), volume 4290 of LNCS
, 2006
"... Abstract. We present our policy-based middleware, called Manageable and Adaptive Service Compositions (MASC), for dynamic self-adaptation of Web services compositions to various changes. MASC integrates and extends our earlier middleware called the Web Services Message Bus (wsBus). In particular, we ..."
Abstract
-
Cited by 30 (7 self)
- Add to MetaCart
(Show Context)
Abstract. We present our policy-based middleware, called Manageable and Adaptive Service Compositions (MASC), for dynamic self-adaptation of Web services compositions to various changes. MASC integrates and extends our earlier middleware called the Web Services Message Bus (wsBus). In particular, we discuss MASC support for customization of Web services compositions to address business exceptions and wsBus support for correction (fault management) of Web services compositions to improve reliability. We have evaluated the former support on a stock trading case study and the latter support on a supply chain management case study. Our solutions are complementary to the existing approaches and provide: coordination of fault management between SOAP messaging and business process orchestration, greater diversity of monitoring and control constructs, specification of both technical and business aspects used for adaptation decisions, higher level of abstraction easier for use by non-technical people, and externalization of monitoring and adaptation actions from definitions of business processes.
Authorisation and conflict resolution for hierarchical domains
- In Proc. IEEE Int. Workshop on Policies for Distributed Systems and Networks
, 2007
"... In this paper we generalise the authorisation policy model supported by the Ponder policy language for hierarchically organised domains of managed objects to support subject-based policies and return policies. We describe the authorisation conflicts that can occur and present a strategy to automatic ..."
Abstract
-
Cited by 21 (8 self)
- Add to MetaCart
(Show Context)
In this paper we generalise the authorisation policy model supported by the Ponder policy language for hierarchically organised domains of managed objects to support subject-based policies and return policies. We describe the authorisation conflicts that can occur and present a strategy to automatically resolve them. In our model each action has four endpoints: the subject call, the subject return, the target call and the target return. Each endpoint can have an associated policy which is used to define constraints on which subjects are permitted to call which targets, and what is permitted to be transferred between subjects and targets. Subject-based policies aim to protect the subject from untrusted targets, while target-based policies aim to protect the target from unauthorised subjects. Subject-based policies are defined for and enforced by the subject’s PEP, while target-based policies are defined for and enforced by the target’s PEP. Although subjectbased and target-based policies are separated, they can be uniformly specified in our framework. I.
Delegation Of Authority
- in Integrated Network Management II, I. Krishnan and
, 1990
"... This paper is concerned with the specification of discretionary access control policy for commercial security and the delegation of access control authority in a way which gives flexibility while retaining management control. Large distributed processing systems have very large numbers of users and ..."
Abstract
-
Cited by 17 (6 self)
- Add to MetaCart
This paper is concerned with the specification of discretionary access control policy for commercial security and the delegation of access control authority in a way which gives flexibility while retaining management control. Large distributed processing systems have very large numbers of users and resource objects so that it is impractical to specify access control policy in terms of individual objects or individual users. We need to be able to specify it as relationships between groups of users and groups of objects. The systems typically consist of multiple interconnected networks and span a number of different organisations. Authority cannot be delegated or imposed from one central point, but has to be negotiated between independent managers who wish to cooperate but who may have a very limited trust in each other. The paper proposes the use of access rules to specify, in terms of their domain memberships, what operations a user can perform on a target object. The delegation of aut...
On Quality Of Service Adaptation In Distributed Multimedia Applications
, 1997
"... : Emerging high-speed networks and powerful end-systems give rise to a new class of applications, such as video-on-demand and teleconferencing. Such applications are very demanding on Quality of Service (QoS) because of the isochronous nature of media they are using. To provide QoS support in an end ..."
Abstract
-
Cited by 16 (3 self)
- Add to MetaCart
: Emerging high-speed networks and powerful end-systems give rise to a new class of applications, such as video-on-demand and teleconferencing. Such applications are very demanding on Quality of Service (QoS) because of the isochronous nature of media they are using. To provide QoS support in an end-to-end basis, the need for the integration of network, transport and operating services arises. Thus to support the new emerging services, QoS guarantees are required. However, even with service guarantees exceptions may occur because of resources shortage, e.g. short time congestion. Hence, protocols for QoS adaptation must be provided to deal with QoS violation. In this paper we propose adaptation protocols that allow to recover from QoS violation (1) by redistributing the levels of QoS that should be supported, in the future, by the components, (2) by renegotiating a degraded QoS with the applications that accept varying QoS, or (3) by redistributing the levels of QoS that should be supp...
Configuration Management For Distributed Software Services
- Integrated Network Management IV
, 1995
"... The paper describes the SysMan approach to interactive configuration management of distributed software components (objects). Domains are used to group objects to apply policy and for convenient naming of objects. Configuration Management involves using a domain browser to locate relevant objects wi ..."
Abstract
-
Cited by 12 (6 self)
- Add to MetaCart
The paper describes the SysMan approach to interactive configuration management of distributed software components (objects). Domains are used to group objects to apply policy and for convenient naming of objects. Configuration Management involves using a domain browser to locate relevant objects within the domain service; creating new objects which form a distributed service; allocating these objects to physical nodes in the system and binding the interfaces of the objects to each other and to existing services. Dynamic reconfiguration of the objects forming a service can be accomplished using this tool. Authorisation policies specify which domains are accessible by which managers and which interfaces can be bound together. Keywords Domains, object creation, object binding, object allocation, graphical management interface. 1 INTRODUCTION The object-oriented approach brings considerable benefits to the design and implementation of software for distributed systems (Kramer 1992). Con...
An Architecture for Building Scalable, Web-based Management Services
- Journal of Networks and Systems Management, special issue on enterprise management
, 1999
"... We present the architecture of Marvel, a distributed computing environment for building scalable management services using intelligent agents and the world-wide web. Marvel is based on an information model that generates computed views of management information and a distributed computing model t ..."
Abstract
-
Cited by 12 (1 self)
- Add to MetaCart
(Show Context)
We present the architecture of Marvel, a distributed computing environment for building scalable management services using intelligent agents and the world-wide web. Marvel is based on an information model that generates computed views of management information and a distributed computing model that makes these views available to a variety of client applications. Computed views consist of monitoring, control and event views of information collected from network elements and subsequently aggregated using a series of spatial and temporal filters. Marvel does not replace existing element management agents but rather builds on top of them a hierarchy of servers that generate computed views and present them to client applications in a number of formats, including Java-enriched web pages. It uses a distributed persistent store to reduce the cost associated with centralized network management systems and mobile agent technology to a) support thin clients by uploading the necessary c...
Specifying Discretionary Access Control Policy For Distributed Systems
- Computer Communications
, 1990
"... This paper discusses a proposed framework for specifying access control policy for very large distributed processing systems. These typically consist of multiple interconnected networks and span the computer systems belonging to different organisations. This implies the need for cooperation between ..."
Abstract
-
Cited by 10 (4 self)
- Add to MetaCart
This paper discusses a proposed framework for specifying access control policy for very large distributed processing systems. These typically consist of multiple interconnected networks and span the computer systems belonging to different organisations. This implies the need for cooperation between independent managers to specify access control policy. The policy specification should permit interaction between organisations while limiting the scope of what objects can be accessed and what operations can be performed on them. The large numbers of objects in such systems make it impractical to specify access control policy in terms of individual objects. The paper explains how domains can be used to group objects and structure the management of access control policy. Access Rules are introduced as a means of specifying the access rights between a domain of user objects and a domain of target object in terms of the permitted operations as well as constraints such as user location and time...
