发布求助
文献互助 智能选刊 最新文献

Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)最新文献

筛选
英文 中文
Regulated delegation in distributed systems 分布式系统中的规范委托
Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06) Pub Date : 2006-06-05 DOI: 10.1109/POLICY.2006.27
X. Ao, N. Minsky
{"title":"Regulated delegation in distributed systems","authors":"X. Ao, N. Minsky","doi":"10.1109/POLICY.2006.27","DOIUrl":"https://doi.org/10.1109/POLICY.2006.27","url":null,"abstract":"Certificate-based delegation (CBD) is a prominent element of distributed access control, providing it with flexibility and scalability. But despite its elegance and effectiveness, CBD has inherent limitations that restrict its applicability. These limitations include, among others: lack of support for non-monotonic policies, such as separation of duties; the inability to support the transfer of privileges, where the delegator loses the privilege it delegates; and the lack of support for quotas, i.e., restrictions on the number of time a given privilege can be exercised. This paper describes an approach to the distributed delegation, which shares much of the flexibility and scalability of CBD, but is not encumbered by its limitations. This approach is based on the decentralized control mechanism called law-governed interaction (LGI), which is used to regulate the process of delegation itself","PeriodicalId":169233,"journal":{"name":"Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132879426","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Toward information sharing: benefit and risk access control (BARAC) 面向信息共享:利益与风险访问控制(BARAC)
Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06) Pub Date : 2006-06-05 DOI: 10.1109/POLICY.2006.36
Lei Zhang, A. Brodsky, S. Jajodia
{"title":"Toward information sharing: benefit and risk access control (BARAC)","authors":"Lei Zhang, A. Brodsky, S. Jajodia","doi":"10.1109/POLICY.2006.36","DOIUrl":"https://doi.org/10.1109/POLICY.2006.36","url":null,"abstract":"This paper describes an access control model, called BARAC, that is based on balancing risks of information disclosure with benefits of information sharing. The model configuration associates risk and benefit vectors with every read and update transaction. An allowed transactions graph captures allowed transactions and flow paths that can be used to carry out the transactions. The total system is required to be profitable, in that the total system benefit must overweigh the total system risk; and the allowed transaction graph is required to be optimal, in that its profit cannot be improved by adding transactions or removing transactions. Both the system configuration and the allowed transaction graph can be dynamically modified, while preserving the required properties. The dynamic modifications are done in the scope of hierarchies of tasks and responsible parties, that control the task structure and risk budget allocation to tasks","PeriodicalId":169233,"journal":{"name":"Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129610842","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 56
Distributed control enabling consistent MAC policies and IDS based on a meta-policy approach 分布式控制,支持基于元策略方法的一致MAC策略和IDS
Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06) Pub Date : 2006-06-05 DOI: 10.1109/POLICY.2006.15
M. Blanc, Jérémy Briffaut, Jean-François Lalande, C. Toinard
{"title":"Distributed control enabling consistent MAC policies and IDS based on a meta-policy approach","authors":"M. Blanc, Jérémy Briffaut, Jean-François Lalande, C. Toinard","doi":"10.1109/POLICY.2006.15","DOIUrl":"https://doi.org/10.1109/POLICY.2006.15","url":null,"abstract":"This paper presents a new framework based on a meta-policy linked to a new intrusion detection approach. It deploys a MAC kernel within a distributed system while guaranteeing the consistency of the security policy, preventing any accidental or malicious update of the local policies of each host. Access control decisions are resolved locally in accordance with a meta-policy. At the same time, the framework allows the evolution of the distributed policy without any network communication, and also guarantees that it satisfies the global security properties defined in the meta-policy. The combined policy and IDS approach relies on trusted operating systems integrating MAC and RBAC. The proposed architecture controls a wider set of attacks and provides increased fault-tolerance, compared to other existing distributed access control approaches and policy-based IDS techniques. Details are given about languages used for the meta-policy, and implementation of the framework","PeriodicalId":169233,"journal":{"name":"Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122719783","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Trust meta-policies for flexible and dynamic policy based trust management 用于灵活和动态的基于策略的信任管理的信任元策略
Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06) Pub Date : 2006-06-05 DOI: 10.1109/POLICY.2006.37
K. Quinn, D. Lewis, D. O’Sullivan, V. Wade
{"title":"Trust meta-policies for flexible and dynamic policy based trust management","authors":"K. Quinn, D. Lewis, D. O’Sullivan, V. Wade","doi":"10.1109/POLICY.2006.37","DOIUrl":"https://doi.org/10.1109/POLICY.2006.37","url":null,"abstract":"It is possible to impose the will of the user or administrator through the specification of policies. These policies reflect the users or administrators goals; however the context in which these goals operate can vary greatly. This paper builds on our previous work where we demonstrated the creation and use of policies that had trust conditions embedded. The work reported on here exposes these trust conditions explicitly as trust meta-policies","PeriodicalId":169233,"journal":{"name":"Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)","volume":"302 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124319353","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Coordination between distributed PDPs 分布式pdp之间的协调
Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06) Pub Date : 2006-06-05 DOI: 10.1109/POLICY.2006.14
D. Chadwick, L. Su, S. Otenko, R. Laborde
{"title":"Coordination between distributed PDPs","authors":"D. Chadwick, L. Su, S. Otenko, R. Laborde","doi":"10.1109/POLICY.2006.14","DOIUrl":"https://doi.org/10.1109/POLICY.2006.14","url":null,"abstract":"For distributed applications, using a centralised policy decision point (PDP) with a common policy allows coordination between multiple resources that are being accessed. But the central PDP is a bottleneck to performance because every request needs to be diverted to it. Having a set of distributed PDPs co-located with resources can overcome the performance bottleneck, but any form of coordination is then lost. Furthermore, even a centralised PDP sometimes needs to coordinate its access control decision making over time. Therefore, coordination between decision making, for both centralised and distributed PDPs, is needed. This paper addresses issues of coordination between distributed or centralised decision making, by examining when coordination is needed, providing a conceptual model for coordination, defining policy elements that can control coordination, and rules for the refinement of coordination policies. The paper provides a detailed example of coordination policy refinement, and provides an outline of how we are implementing the model in our system","PeriodicalId":169233,"journal":{"name":"Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115718885","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
A scalable history-based policy engine 一个可扩展的基于历史的策略引擎
Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06) Pub Date : 2006-06-05 DOI: 10.1109/POLICY.2006.8
P. Gama, Carlos Ribeiro, Paulo Ferreira
{"title":"A scalable history-based policy engine","authors":"P. Gama, Carlos Ribeiro, Paulo Ferreira","doi":"10.1109/POLICY.2006.8","DOIUrl":"https://doi.org/10.1109/POLICY.2006.8","url":null,"abstract":"The increasing complexity and heterogeneity in distributed systems is drawing system administrators into applying usage and access control policy engines. Higher-level policy languages allow policy administrators to demarcate themselves from implementation details, thus focusing on business rule definition. More specifically, history-based policies allow the specification of rules based on events that occurred in the past, such as separation-of-duty related rules (e.g. an employee cannot both issue a voucher and approve the payment). Several policy engines already support history-based semantics. However, they either provide limited expressiveness in policy rules or they neglect critical scalability issues. Individual policy definitions are disregarded in storage and lookup implementations, thus ignoring the potential for important performance optimizations. Furthermore, purging meta-policy semantics are not provided, inducing the growth of the past event repository until policy evaluation becomes unmanageable. We present an extension to the Heimdall system, a history-enabled policy engine which allows the definition, enforcement and auditing of history-based policies. This extension targets the scalability of Heimdall in practical environments, introducing an evaluation optimizer and the concept of purging meta-policy tags. An evaluation built on selected usage patterns corroborates the effectiveness of our approach, denoting encouraging performance results","PeriodicalId":169233,"journal":{"name":"Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130627833","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Workload class importance policy in autonomic database management systems 自主数据库管理系统中的工作负载等级重要性策略
Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06) Pub Date : 2006-06-05 DOI: 10.1109/POLICY.2006.39
H. Boughton, Patrick Martin, W. Powley, Randy Horman
{"title":"Workload class importance policy in autonomic database management systems","authors":"H. Boughton, Patrick Martin, W. Powley, Randy Horman","doi":"10.1109/POLICY.2006.39","DOIUrl":"https://doi.org/10.1109/POLICY.2006.39","url":null,"abstract":"A key advantage of autonomic computing systems will be their ability to manage according to business policies. A key challenge to realizing this ability is the problem of automatically translating high-level business policies into low-level system tuning policies, which is the result of the different semantics used at the two levels. Economic models, which are expressed using business level concepts, have been used successfully in computer resource allocation problems. In this paper, we utilize an economic model to map business policies to resource allocation decisions in a database management system (DBMS). We focus on business policies that describe the relative importance of competing workloads on a DBMS. We present experiments with a simulation of the model that investigate a number of meanings of importance and identify how this additional information can be used to effectively allocate main memory resources in a commercial DBMS","PeriodicalId":169233,"journal":{"name":"Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128107640","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
A Functional Solution for Goal-Ooriented Policy Refinement 面向目标策略细化的功能解决方案
Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06) Pub Date : 2006-06-05 DOI: 10.1109/POLICY.2006.5
J. Rubio-Loyola, J. Serrat, M. Charalambides, P. Flegkas, G. Pavlou
{"title":"A Functional Solution for Goal-Ooriented Policy Refinement","authors":"J. Rubio-Loyola, J. Serrat, M. Charalambides, P. Flegkas, G. Pavlou","doi":"10.1109/POLICY.2006.5","DOIUrl":"https://doi.org/10.1109/POLICY.2006.5","url":null,"abstract":"Policy refinement is a key but still unsolved area of policy based management. Goal oriented requirements engineering methodologies have been suggested as a prominent alternative to address policy refinement. Practical approaches that capture the administrative requirements and enable systematic policy refinement are still missing although such integrated solutions are rather convenient to make policy-based management systems really useful. In this paper we present a functional solution for goal oriented policy refinement grounded in linear temporal logic and reactive systems analysis techniques. We describe the technical foundations and demonstrate how these were used to develop an integrated solution for policy refinement, focusing on the details of the implemented prototype. Our policy analysis techniques that enable systematic policy refinement are demonstrated through a scenario applied to the domain of QoS management for differentiated services (DiffServ) networks","PeriodicalId":169233,"journal":{"name":"Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132321356","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 41
A policy-based management system with automatic policy selection and creation capabilities by using a singular value decomposition technique 基于策略的管理系统,通过使用奇异值分解技术,具有自动策略选择和创建功能
Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06) Pub Date : 2006-06-05 DOI: 10.1109/POLICY.2006.6
H. Chan, T. Kwok
{"title":"A policy-based management system with automatic policy selection and creation capabilities by using a singular value decomposition technique","authors":"H. Chan, T. Kwok","doi":"10.1109/POLICY.2006.6","DOIUrl":"https://doi.org/10.1109/POLICY.2006.6","url":null,"abstract":"On demand and autonomic computing will benefit from policy-based management systems which are responsive to new and ambiguous situations and learn from them. In a typical data center, there are thousands of different events reporting system faults, status, and performance information. Their occurrences are unpredictable. In addition, new events and conditions can occur as operating environment changes. Traditional approaches of authoring policies and techniques of implementing policy-based management systems, such as relying entirely on static authoring of simple \"if [condition] then [actions]\" rules, become insufficient. Hence, new approaches, such as goal policy, utility function etc., to the design and implementation of policy-based management systems have emerged. However, none of these approaches provides a systematic way to enable policies in a policy-based management system to be responsive to new and ambiguous situations. In this paper, we describe a novel method by which policies can be selected or created automatically based on events observed and knowledge learned. This new approach treats the observed event-policy relationship represented by an event-policy matrix as a statistical problem. Using singular value decomposition (SVD) technique, implicit higher order correlations among policies and their associated events are used to estimate the selection or creation of recommended policies based on events found in the observed event set. Initial results have indicated that this approach to policy-based management system is very promising","PeriodicalId":169233,"journal":{"name":"Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126922989","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信