|
      
|
|
|
|
There is a need to be able to specify security policies relating to who can access resources, what operations they can perform and when they are permitted access. In order to cater for complex inter-organisational systems it must be possible to group objects to which policies apply and to specify policies in terms of roles related to organisational positions. Security management requires policies defining the actions to be performed when security violations occur.
Programmable networks are being deployed to support mobility and the Quality of Service required for modern multi-media applications. There is considerable interest in policy based management for programmable networks and distributed services, where policies are rules governing the choices in behaviour of the system. The behaviour of the system can then be modified by changing the policies without recoding the management system.
This seminar describes Ponder - a new declarative, object-oriented language for specifying policies for security and management of distributed systems. The language includes constructs for authorisation policies defining permitted actions; event triggered obligation policies specifying actions to be performed by manager agents; refrain policies specifying actions that subjects must refrain from performing; delegation policies defining what authorisations can be delegated and to whom. Filtered actions extend authorisations to define transformation of input or output parameters. Constraints specify limitations on the applicability of policies based on time or object state. Roles group the policies relating to a position in an organisation. A management structure defines a configuration of role instances as well as the relationship between roles. These concepts can be used to model roles, rights and duties relating to organisational patterns which occur in many large enterprises.
The specification of policies may also be distributed which can lead to conflicts. The types of modality and semantic policy conflicts which need to be detected and resolved are discussed.
Biography
Professor Morris Sloman has been involved in many research projects related to management of distributed systems funded by the UK Engineering and Physical Science Research Council (EPSRC), European Union as well as by industry. He has many journal and conference publications relating to Distributed Systems covering topics such as programming, design, security, configuration and management. He is editor of a reference book on Management of Network and Distributed Systems published by Addison Wesley and is on the editorial board of the Plenum Press Journal of Network and Systems Management. He was chairman of the EPSRC Multimedia and Network Applications Funding Program.
