Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)最新文献

{"title":"Analysis of Policy and Standards for Joint C4ISR Network Technologies","authors":"M. Ceruti, L. Duffy, Y. Arias-Thode","doi":"10.1109/POLICY.2007.6","DOIUrl":"https://doi.org/10.1109/POLICY.2007.6","url":null,"abstract":"The focus of this poster is on an analysis of the relationships between U.S. Department of Defense (DoD) networks and policy, including policy about technology acquisition and usage. Policy affects technology research, development, test, evaluation, transition and refresh. Specific network-related technology areas support military command, control, and communications (C3). Some of these technologies are described with a view toward assessing the status of policy in specific areas. The relationship between policy and network technology is explored with questions such as, \"What is policy doing for technology and vice versa?\" and \"How should we set policy priorities?\" Network policy can be divided into at least two categories. The first is policy that governs acquisition and life cycle support, such as research, development, test, evaluation, fielding, funding, and upgrading existing network technology. The other category of network policy pertains to how networks are used, user requirements for protocol, training, and rules to prevent user-created problems of all kinds. Factors that affect military network policy include the following. a. Policy has a cascading affect that is similar to the inheritance property in object-oriented design. b. Changes in user requirements and funding levels affect policy and vice versa. c. An increase in the number of deployed networks and their use has increased the number, frequency, and level of detail of policy changes and refinements. d. Policy should support new ways to use network technology. New and recently available network technologies necessitate policy updates. e. A trend is developing toward an increase in the need for training of network administrators. More training is required to include network policy and its interpretation in the context of heightened threats and greater reliance on networks for distributed, secure communications. f. Technology that enables multi-level security usage and development needs to rely on sound technologically sensible policy for its implementation. g. Policy relies on modern, dependable technology for communication, refinement, and enforcement, h. When policy changes, technology must be designed to accommodate that change without degrading every other aspect of the system, i. Systems must be change compliant and change tolerant. Policy must reflect this, j. Policy must meet the need for constant usage of critical, mission-essential technology (such C3). k. Policy must address how new networks and network types will be funded, tested, certified, fielded, and maintained. Policy should promote design and implementation of an open-network architecture with \"plug-and- play\" modularity, m. Scientists, technology developers, and users need to suggest policy changes that affect all aspects of science and technology. The defense community needs to improve methods of selecting priorities with regard to military network policy, its formulation, enforcement, and modification. As the","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123809085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"POSITIF: A Policy-Based Security Management System","authors":"C. Basile, A. Lioy, G. Pérez, F. J. G. Clemente, A. Gómez-Skarmeta","doi":"10.1109/POLICY.2007.37","DOIUrl":"https://doi.org/10.1109/POLICY.2007.37","url":null,"abstract":"The POSITIF project - funded by the EU in FP6 - has developed a framework and tools to configure in a policy- based way the security services of networked systems and applications.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122679146","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On Parametric Obligation Policies: Enabling Privacy-Aware Information Lifecycle Management in Enterprises","authors":"M. C. Mont, Filipe Beato","doi":"10.1109/POLICY.2007.30","DOIUrl":"https://doi.org/10.1109/POLICY.2007.30","url":null,"abstract":"Enterprises that collect and process personal data must deal with related privacy management issues. It is not just a matter of privacy-aware access control: privacy obligation policies, dictating duties and expectations on how personal data has to be handled, must be considered too. The management of obligation policies is a promising area but it is still underestimated. Enterprises require solutions that enable automation and can leverage their current identity management solutions. HP Labs have been working on this topic in the last few years, also in the context of the EU PRIME project. In this paper we present our recent work on parametric obligation policies and a related obligation management framework to deal with a scalable management of these policies on large amounts of data, stored in distributed data repositories.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114171658","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Performance Evaluation of Privacy-Preserving Policy Reconciliation Protocols","authors":"Jonathan Voris, S. Ioannidis, S. Wetzel, Ulrike Meyer","doi":"10.1109/POLICY.2007.32","DOIUrl":"https://doi.org/10.1109/POLICY.2007.32","url":null,"abstract":"The process of policy reconciliation allows multiple parties with possibly different policies to resolve differences in order to reach an agreement on an acceptable policy. Previous solutions for policy reconciliation required the participants to reveal their entire security policy in order to reach an agreement. It was not until recently that new protocols were developed which take into account the privacy concerns of reconciliating parties. In this paper we present a performance evaluation of these privacy-preserving reconciliation protocols with a focus on quantifying the added cost due to the privacy guarantees.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128515665","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Infrastructure-Aware Autonomic Manager for Change Management","authors":"H. AbdelSalam, K. Maly, R. Mukkamala, M. Zubair","doi":"10.1109/POLICY.2007.27","DOIUrl":"https://doi.org/10.1109/POLICY.2007.27","url":null,"abstract":"Typical IT environments of medium to large size organizations consist of tens of networks that connect hundreds of servers to support the running of a large variety of business-relevant applications; usually from different vendors. Change management is an important management processes that, if automated, can have a direct impact on increasing service availability in IT environments. Although such automation is considered important, the requirements of the appropriate policy engine, and policy language to express both high level and low level policies are far from clear. In this paper, we report our experiences in addressing these problems. In particular, we concentrate on availability policies - policies through which IT managers express the required availability of systems - and the autonomic manager that enforces them.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129807340","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Web Rule Languages to Carry Policies","authors":"N. Kaviani, D. Gašević, M. Hatala, Gerd Wagner","doi":"10.1109/POLICY.2007.49","DOIUrl":"https://doi.org/10.1109/POLICY.2007.49","url":null,"abstract":"Recent efforts in the area of Web policy languages show concerns on how to better represent both context and rules of a domain to deal with large number of resources and users and let them interact. Web rule languages have been recently introduced as a means to facilitate interactions between parties with dissimilar policies and business rules. In this paper, we introduce REWERSE rule markup language (R2ML) as a Web rule language that can be employed to make concepts, policies, and elements of a domain digestible by another domain through the use of vocabularies, rules, and annotations. We also show how R2ML elements can model the concepts and elements of different policy languages.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"148 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132885683","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DUKE--Distributed Usage Control Enforcement","authors":"M. Hilty, A. Pretschner, C. Schaefer, T. Walter","doi":"10.1109/POLICY.2007.17","DOIUrl":"https://doi.org/10.1109/POLICY.2007.17","url":null,"abstract":"Usage control is concerned with what happens to data once the data have been released to a data consumer who is, in principle, able to use the data in any imaginable way. Considerations relating to privacy, intellectual property, and public security, however, suggest that data providers are often interested in imposing a certain amount of control on the data that they release. In the DUKE project, we address the problem how the usage of data can be controlled once the data have been given away.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126650831","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Confidentiality, Privacy and Trust Policy Enforcement for the Semantic Web","authors":"B. Thuraisingham","doi":"10.1109/POLICY.2007.12","DOIUrl":"https://doi.org/10.1109/POLICY.2007.12","url":null,"abstract":"In this position paper we describe aspects of securing the semantic Web. In particular, we discuss ways of enforcing confidentiality privacy and trust polices. We also discuss our research on secure geospatial semantic Web. Our application of secure semantic Web technologies for assured information sharing is also discussed.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126345327","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Using SAML and XACML for Complex Resource Provisioning in Grid Based Applications","authors":"Y. Demchenko, L. Gommans, C. D. Laat","doi":"10.1109/POLICY.2007.48","DOIUrl":"https://doi.org/10.1109/POLICY.2007.48","url":null,"abstract":"This paper presents ongoing research and current results on the development of flexible access control infrastructure for complex resource provisioning (CRP) in Grid-based applications. The paper proposes a general CRP model and specifies major requirements to the Authorisation (AuthZ) service infrastructure to support multidomain CRP, focusing on two main issues - policy expression for complex resource models and AuthZ session support. The paper provides suggestions about using XACML and its special profiles to describe access control policies to complex resources and briefly describes proposed XML based AuthZ ticket format to support extended AuthZ session context. Additionally, the paper discusses what specific functionality can be added to the gLite Java Authorisation Framework (gJAF), to handle dynamic security context including AuthZ session support. The paper is based on experiences gained from major Grid based and Grid oriented projects such as EGEE, Phosphorus and GigaPort Research on Network.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"252 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116066127","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Policy Analysis Using a Hybrid Semantic Reasoning Engine","authors":"Kris Verlaenen, Bart De Win, W. Joosen","doi":"10.1109/POLICY.2007.33","DOIUrl":"https://doi.org/10.1109/POLICY.2007.33","url":null,"abstract":"Policies enable configuring services by declaratively specifying the (desired) behavior of these services in various, specific circumstances. Different policy languages allow the specification of policies in specific areas such as security, quality of service, functional user preferences, etc. Semantic Web technologies can be used to express the semantics of these policies and the domain they are applied to. In a large, distributed environment, the number of actual policies can quickly become substantial. Moreover, different stakeholders can each describe a set of policies. Such a set may interact with the policies of other actors. Therefore, reasoning about policies has become a necessity, for instance for detecting possible conflicts, inclusion, etc. Semantic Web technologies offer support for reasoning - but this support is insufficient. This paper presents an approach to support enhanced reasoning capabilities by combining the best of two worlds: a solution based on Semantic Web technologies on the one hand, and a general-purpose rule language on the other hand. We illustrate how such a hybrid reasoning system can improve policy management in complex distributed service platforms.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131121061","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}