发布求助
文献互助 智能选刊 最新文献

Proceedings Third International Workshop on Policies for Distributed Systems and Networks最新文献

筛选
英文 中文
A hierarchical policy specification language, and enforcement mechanism, for governing digital enterprises 用于管理数字企业的分层策略规范语言和执行机制
Proceedings Third International Workshop on Policies for Distributed Systems and Networks Pub Date : 2002-06-05 DOI: 10.1109/POLICY.2002.1011292
X. Ao, N. Minsky, Thu D. Nguyen
{"title":"A hierarchical policy specification language, and enforcement mechanism, for governing digital enterprises","authors":"X. Ao, N. Minsky, Thu D. Nguyen","doi":"10.1109/POLICY.2002.1011292","DOIUrl":"https://doi.org/10.1109/POLICY.2002.1011292","url":null,"abstract":"This paper is part of a research program based on the thesis that the only reliable way for ensuring that a heterogeneous distributed community of software modules and people conforms to a given policy is for this policy to be enforced. We have devised a mechanism called law-governed interaction (LGI) for this purpose. LGI can be used to specify a wide range of policies to govern the interactions among the members of large and heterogeneous communities of agents dispersed throughout a distributed enterprise, and to enforce such policies in a decentralized and efficient manner. What concerns us in this paper is the fact that a typical enterprise is bound to be governed by a multitude of policies. Stich policies are likely to be interrelated in complex ways, forming an ensemble of policies that is to govern the enterprise as a whole. As a step toward organizing such an ensemble of policies, we introduce a hierarchical inter-policy relation called a superior/subordinate relation. This relation is intended to serve two distinct but related purposes: first, it helps to organize and classify a set of enterprise policies; second, it helps regulate the long-term evolution of the various policies that govern an enterprise. For this purpose, each policy in the hierarchy should circumscribe the authority and the structure of those policies that are subordinate to it, in some way analogous to the manner in which a constitution in American jurisprudence constrains the laws which are subordinate to it. Broadly speaking, the hierarchical structure of the ensemble of policies that govern a given enterprise should reflect the hierarchical structure of the enterprise itself.","PeriodicalId":370124,"journal":{"name":"Proceedings Third International Workshop on Policies for Distributed Systems and Networks","volume":"116 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127370018","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
A weakly coupled adaptive gossip protocol for application level active networks 用于应用层活动网络的弱耦合自适应八卦协议
Proceedings Third International Workshop on Policies for Distributed Systems and Networks Pub Date : 2002-06-05 DOI: 10.1109/POLICY.2002.1011318
I. Wokoma, Ioannis Liabotis, O. Prnjat, L. Sacks, I. Marshall
{"title":"A weakly coupled adaptive gossip protocol for application level active networks","authors":"I. Wokoma, Ioannis Liabotis, O. Prnjat, L. Sacks, I. Marshall","doi":"10.1109/POLICY.2002.1011318","DOIUrl":"https://doi.org/10.1109/POLICY.2002.1011318","url":null,"abstract":"With the sharp increase in heterogeneity and distribution of elements in wide-area networks, more flexible, efficient and autonomous approaches for management and information distribution are needed. This paper proposes a novel approach, based on gossip protocols and firefly synchronisation theory, for the management policy distribution and synchronisation over a number of nodes in an application level active network (ALAN). The work is presented in the context of the IST project ANDROID (Active Network Distributed Open Infrastructure Development), which is developing an autonomous policy-based management system for ALAN. The preliminary simulation results suggest that with the appropriately optimised parameters, the algorithms developed are scalable, can work effectively in a realistic random network, and allow the policy updates to be distributed efficiently throughout the active network with a lower latency than other similar types of gossip protocols.","PeriodicalId":370124,"journal":{"name":"Proceedings Third International Workshop on Policies for Distributed Systems and Networks","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127442056","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
Cross-domain access control via PKI 通过PKI实现跨域访问控制
Proceedings Third International Workshop on Policies for Distributed Systems and Networks Pub Date : 2002-06-05 DOI: 10.1109/POLICY.2002.1011308
G. Denker, J. Millen, Yutaka Miyake
{"title":"Cross-domain access control via PKI","authors":"G. Denker, J. Millen, Yutaka Miyake","doi":"10.1109/POLICY.2002.1011308","DOIUrl":"https://doi.org/10.1109/POLICY.2002.1011308","url":null,"abstract":"In this note we consider how role-based access control can be managed on a large scale over the Internet and across organizational boundaries. We take a PKI approach, in which users are identified using public key certificates, as are the servers. The main features of our approach are: access control by (client, role) pair; implied revocation based on the role hierarchy; automatic generation of certificate validity tickets; and certificate chains to prove a client role hierarchy to a server.","PeriodicalId":370124,"journal":{"name":"Proceedings Third International Workshop on Policies for Distributed Systems and Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129702537","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Web-based policy deployment management system 基于web的策略部署管理系统
Proceedings Third International Workshop on Policies for Distributed Systems and Networks Pub Date : 2002-06-05 DOI: 10.1109/POLICY.2002.1011317
Hosoon Ku, Hee-Gweon Son, Janos Facsko, Jason Tyrell, Alan Haines
{"title":"Web-based policy deployment management system","authors":"Hosoon Ku, Hee-Gweon Son, Janos Facsko, Jason Tyrell, Alan Haines","doi":"10.1109/POLICY.2002.1011317","DOIUrl":"https://doi.org/10.1109/POLICY.2002.1011317","url":null,"abstract":"Ericsson's Policy Deployment Manager (PDM) allows high-level business ideas and services to be mapped into the underlying network configurations. This enables the elimination of the need to manually enter low-level parameters into an IP network for virtual private network (VPN) provisioning. By avoiding a manual configuration, PDM greatly reduces the risk of mis-configurations of the IP network. PDM provides the network operators and administrators with abstractions of important data in the working network alongside a clear picture of what is about to be deployed. PDM therefore offers a solution to low-level complex configurations for quality of service (QoS) and virtual private network (VPN) set up.","PeriodicalId":370124,"journal":{"name":"Proceedings Third International Workshop on Policies for Distributed Systems and Networks","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121577857","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
The specification and enforcement of advanced security policies 高级安全策略的规范和实施
Proceedings Third International Workshop on Policies for Distributed Systems and Networks Pub Date : 2002-06-05 DOI: 10.1109/POLICY.2002.1011300
T. Ryutov, C. Neuman
{"title":"The specification and enforcement of advanced security policies","authors":"T. Ryutov, C. Neuman","doi":"10.1109/POLICY.2002.1011300","DOIUrl":"https://doi.org/10.1109/POLICY.2002.1011300","url":null,"abstract":"In a distributed multi-user environment, the security policy must not only specify legitimate user privileges but also aid in the detection of the abuse of the privileges and adapt to perceived system threat conditions. This paper advocates extending authorization policy evaluation mechanisms with a means for generating audit data allowing immediate notification of suspicious application level activity. It additionally suggests that the evaluation of the policies themselves adapt to perceived network threat conditions, possibly affected by the receipt of such audit data by other processes. Such advanced policies assist in detecting and responding to intrusion and misuse and they allow more efficient utilization of security services, such as authentication, audit, and notification. We present an authorization framework, which enables the representation and enforcement of advanced security policies. Our approach is based on expanding the policy evaluation mechanism with the ability to generate real time actions, such as checking the current system threat level and sending a notification.","PeriodicalId":370124,"journal":{"name":"Proceedings Third International Workshop on Policies for Distributed Systems and Networks","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126347236","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 49
Policies in accountable contracts 负责任合同中的政策
Proceedings Third International Workshop on Policies for Distributed Systems and Networks Pub Date : 2002-06-05 DOI: 10.1109/POLICY.2002.1011296
B. Shand, J. Bacon
{"title":"Policies in accountable contracts","authors":"B. Shand, J. Bacon","doi":"10.1109/POLICY.2002.1011296","DOIUrl":"https://doi.org/10.1109/POLICY.2002.1011296","url":null,"abstract":"In this paper, accounting policies explicitly control resource usage within a contract architecture. Combined with a virtual resource economy, this allows efficient exchange of high-level computer services between untrustworthy participants. These services are specified as contracts, which must be signed by the participants to take effect. Each contract expresses its accounting policy using a limited language, with high expressiveness but predictable execution times. This is evaluated within a novel resource economy, in which physical resources, trust and money are treated homogeneously. A second-order trust model continually updates trustworthiness opinions, based on contract performance; trust delegation certificates support flexible, distributed extension of these trust relationships. The introspectible contracts, resource and trust models together provide accountability and resilience, which are particularly important for large-scale distributed computation initiatives such as the Grid. Thus participants can take calculated risks, based on expressed policies and trust, and rationally choose which contracts to perform.","PeriodicalId":370124,"journal":{"name":"Proceedings Third International Workshop on Policies for Distributed Systems and Networks","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126990512","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Policy driven data administration 策略驱动的数据管理
Proceedings Third International Workshop on Policies for Distributed Systems and Networks Pub Date : 2002-06-05 DOI: 10.1109/POLICY.2002.1011312
Vishal S. Batra, Jaijit Bhattacharya, Harish Chauhan, Ajay Gupta, M. Mohania, Upendra Sharma
{"title":"Policy driven data administration","authors":"Vishal S. Batra, Jaijit Bhattacharya, Harish Chauhan, Ajay Gupta, M. Mohania, Upendra Sharma","doi":"10.1109/POLICY.2002.1011312","DOIUrl":"https://doi.org/10.1109/POLICY.2002.1011312","url":null,"abstract":"This paper describes architecture for Policy Driven Data Administration (PDDA), a system for managing data using policies. The architecture supports policy specification, deployment and execution requirements of a system that can autonomically manage data based on pre-specified policies.","PeriodicalId":370124,"journal":{"name":"Proceedings Third International Workshop on Policies for Distributed Systems and Networks","volume":"115 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117313033","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
A policy based QoS management system for the IntServ/DiffServ based Internet 基于IntServ/DiffServ的Internet的基于策略的QoS管理系统
Proceedings Third International Workshop on Policies for Distributed Systems and Networks Pub Date : 2002-06-05 DOI: 10.1109/POLICY.2002.1011303
Appan Ponnappan, L. Yang, R. Pillai, Peter Braun, Peter Braun
{"title":"A policy based QoS management system for the IntServ/DiffServ based Internet","authors":"Appan Ponnappan, L. Yang, R. Pillai, Peter Braun, Peter Braun","doi":"10.1109/POLICY.2002.1011303","DOIUrl":"https://doi.org/10.1109/POLICY.2002.1011303","url":null,"abstract":"This paper reports the design, implementation, and performance evaluation of a policy based QoS management system for the IntServ/DiffServ based Internet which is based on COPS for interfacing with the network device and on LDAP for interfacing with a directory for storing policies. The design is based on distributed components and CORBA is used as a middleware for component interaction. The Diffserv policies are installed based on the role combination assigned to the network device interfaces and policy caching is used to improve the performance. The feasibility and performance of managing and deploying IntServ and Diffserv, policies for QoS management is demonstrated using Linux-based routers. The preliminary performance measurements show that the policy server response time is below 5 ms per request for 20 COPS-RSVP requests per second. COPS-PR processing takes more time compared to COPS-RSVP requests. It is found that the directory access could become a bottleneck in scaling the performance of the policy server and it can be improved substantially by employing appropriate policy caching mechanisms.","PeriodicalId":370124,"journal":{"name":"Proceedings Third International Workshop on Policies for Distributed Systems and Networks","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126393360","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 57
Towards practical automated trust negotiation 实现实际的自动信任协商
Proceedings Third International Workshop on Policies for Distributed Systems and Networks Pub Date : 2002-06-05 DOI: 10.1109/POLICY.2002.1011297
W. Winsborough, Ninghui Li
{"title":"Towards practical automated trust negotiation","authors":"W. Winsborough, Ninghui Li","doi":"10.1109/POLICY.2002.1011297","DOIUrl":"https://doi.org/10.1109/POLICY.2002.1011297","url":null,"abstract":"Exchange of attribute credentials is a means to establish mutual trust between strangers that wish to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive credentials by using access control policies. Existing ATN work makes unrealistic simplifying assumptions about credential-representation languages and credential storage. Moreover while existing work protects the transmission of credentials, it fails to hide the contents of credentials, thus providing uncontrolled access to potentially sensitive attributes. To protect information about sensitive attributes, we introduce the notion of attribute acknowledgment policies (Ack policies). We then introduce the trust target graph (TTG) protocol, which supports a more realistic credential language, Ack policies, and distributed storage of credentials.","PeriodicalId":370124,"journal":{"name":"Proceedings Third International Workshop on Policies for Distributed Systems and Networks","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123791007","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 267
Delegation of obligations 义务的委托
Proceedings Third International Workshop on Policies for Distributed Systems and Networks Pub Date : 2002-06-05 DOI: 10.1109/POLICY.2002.1011290
A. Schaad, J. Moffett
{"title":"Delegation of obligations","authors":"A. Schaad, J. Moffett","doi":"10.1109/POLICY.2002.1011290","DOIUrl":"https://doi.org/10.1109/POLICY.2002.1011290","url":null,"abstract":"Obligation policies are one main means of exercising control within an organisation. They specify the actions that some subject has to perform. The authority over these actions needs to be specified in authorisation policies. Current policy notations provide us with the needed structure to represent authorisations and obligations as policy objects for distributed systems management. They support the delegation of authorisations but not of obligations, yet there is a strong relationship between the two policy types, and the delegation of obligations needs to be supported as well, requiring the introduction of a new type of policy which we call a \"review\". This paper investigates the general principles underlying the delegation of policy objects, putting specific emphasis on the delegation of obligations. The Alloy specification language is used to specify and illustrate these principles. The main issues that are discussed are: the balance between authorisation and obligation policies; the source of obligations and reasons for their delegation; and the need for review policies to help control the delegation of obligations.","PeriodicalId":370124,"journal":{"name":"Proceedings Third International Workshop on Policies for Distributed Systems and Networks","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132938633","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 43
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信