Advertisement

Journal of Network and Systems Management

, Volume 2, Issue 4, pp 333–360 | Cite as

Policy driven management for distributed systems

  • Morris Sloman
Papers

Abstract

Separating management policy from the automated managers which interpret the policy facilitates the dynamic change of behavior of a distributed management system. This permits it to adapt to evolutionary changes in the system being managed and to new application requirements. Changing the behavior of automated managers can be achieved by changing the policy without having to reimplement them—this permits the reuse of the managers in different environments. It is also useful to have a clear specification of the policy applying to human managers in an enterprise. This paper describes the work on policy which has come out of two related ESPRIT funded projects, SysMan and IDSM. Two classes of policy are elaborated—authorization policies define what a manager is permitted to do and obligation policies define what a manager must do. Policies are specified as objects which define a relationship between subjects (managers) and targets (managed objects). Domains are used to group the objects to which a policy applies. Policy objects also have attributes specifying the action to be performed and constraints limiting the applicability of the policy. We show how a number of example policies can be modeled using these objects and briefly mention issues relating to policy hierarchy and conflicts between overlapping policies.

Key Words

Distributed systems management network management management policy security policy policy conflicts access rules domains 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    M. S. Sloman and J. D. Moffett, Domain Management for Distributed Systems,Integrated Network Management I, B. Meandzija and J. Wescott (eds.), North Holland, pp. 505–516, 1989.Google Scholar
  2. 2.
    M. S. Sloman, B. J. Varley, J. D. Moffett, and K. P. Twidle, Domain Management and Accounting in an International Cellular Network,Integrated Network Management III (C-12), H.-G Hegering, and Y. Yemini (eds.), North-Holland, pp. 193–206, 1993.Google Scholar
  3. 3.
    J. D. Moffett and M. S. Sloman, User and Mechanism Views of Distributed System Management,IEE/IOP/BCS Distributed Systems Engineering, Vol. 1, No. 1, pp. 37–47, 1993.Google Scholar
  4. 4.
    K. Becker, U. Raabe, M. Sloman and K. Twidle (eds.), Domain and Policy Service Specification.IDSM Deliverable D6, SysMan Deliverable MA2V2, Oct. 1993. Available by FTP from dse.doc.ic.ac.uk.Google Scholar
  5. 5.
    M. Sloman, J. Magee, K. Twidle, and J. Kramer, An Architecture for Managing Distributed Systems,Proc. 4th IEEE Workshop on Future Trends of Distributed Computing Systems, Lisbon, pp. 40–46, September 1993.Google Scholar
  6. 6.
    B. Alpers and H. Plansky, Domain and Policy Based Management: Concepts and Implementation Architecture,IEEE/IFIP Workshop on Distributed Systems Operations and Management, Toulouse, October 1994.Google Scholar
  7. 7.
    J. D. Moffett and M. S. Sloman, Content-Dependent Access Control,ACM SIGOPS Operating Systems Review, Vol. 25, No. 2, pp. 63–70, April 1991.Google Scholar
  8. 8.
    J. D. Moffett and M. S. Sloman, Policy Conflict Analysis in Distributed Systems Management, Ablex Publishing,Organizational Computing, Vol. 4, No. 1, pp. 1–22, 1994.Google Scholar
  9. 9.
    R. Wies, Policy Definition and Classification: Aspects, Criteria and Examples,IEEE/IFIP Workshop on Distributed Systems Operations and Management, Toulouse, October 1994.Google Scholar
  10. 10.
    J. D. Moffett and M. S. Sloman, The Representation of Policies as System Object,Proc. Conf. on Organizational Computer Systems (COCS 91), Atlanta, SIGOIS Bulletin, Vol. 12, Nos. 2&3, pp. 171–184, 1991.Google Scholar
  11. 11.
    J. D. Moffett, M. S. Sloman, and K. P. Twidle, Specifying Discretionary Access Control Policy for Distributed Systems,Computer Communications, Vol. 13, No. 9, pp. 571–580, 1990.Google Scholar
  12. 12.
    Information Technology, Open Systems Interconnection, Systems Management Overview, ISO/IEC 10040, November 1992.Google Scholar
  13. 13.
    K. P. Twidle, Domain Services for Distributed Systems Management, PhD Thesis, May 1993, Department of Computing, Imperial College.Google Scholar
  14. 14.
    M. Mansouri-Samani and M. Sloman GEM: A Language for Generalized Event ManagementImperial College Department of Computing, Research Report DoC 93/49, Nov. 1993, Available by FTP from dse.doc.ic.ac.uk.Google Scholar
  15. 15.
    H. Schwingel-Horner and G. Bonn, IDSM Authorization Policy Specification and Enforcement in a Hierarchical Management Environment,IEEE/IFIP Workshop on Distributed Systems Operations and Management, Toulouse, October 1994.Google Scholar
  16. 16.
    The OSF Distributed Management Environment architecture. Open Software Foundation, 11 Cambridge Center, Cambridge, Massachusetts, May 1992.Google Scholar
  17. 17.
    ANSAware 4.1: Application Programming in ANSAware, Document RM.102.02, Architecture Projects Management, Poseidon House, Castle Park, Cambridge CM3 0RD, UK, February 1993.Google Scholar
  18. 18.
    Object Management Group, The Common Object Request Broker Architecture (CORBA) and Specification VI. 1, OMG, December 1991.Google Scholar
  19. 19.
    E. Thomas and B. Biddle,Role Theory: Concepts and Research, Krieger Publishing, 1979.Google Scholar
  20. 20.
    Esprit Project 5165, DOMAINS Basic Concepts, Version 2.0 (Nov 1991), Philips Gmbh, PO Box 1980, W 5100 Aachen, Germany.Google Scholar
  21. 21.
    J. D. Moffett and M. S. Sloman, Policy Hierarchies for Distributed System,Proc. IEEE JSAC, Vol. 11, No. 9, pp. 1404–1414, 1993.Google Scholar
  22. 22.
    M. J. Masullo and S. B. Calo, Policy Management: An Architecture and Approach,Proc. IEEE Workshop on Systems Management, UCLA, California, April 1993.Google Scholar
  23. 23.
    A. Heydon, M. Maimone, J. Tygar, J. Wing, and A. Zaremski, Miró: Visual Specification of Security,IEEE Trans. on Software Eng., Vol. 16, No. 10, pp. 1185–1197, October 1990.Google Scholar
  24. 24.
    Esprit Project 5165, DOMAINS Deliverable 2c Version 1.0, DOMAINS-Management Architecture, Philips Gmbh, PO Box 1980, W 5100 Aachen, Germany, May 1992.Google Scholar
  25. 25.
    K. Becker and D. Holden, Specifying the Dynamic Behavior of Management Systems, Plenum Press,Journal of Network and Systems Management, Vol. 1, No. 3, pp. 281–298, 1993.Google Scholar
  26. 26.
    J. Roos, P. Putter, and C. Bekker, Modelling Management Policy Using Enriched Managed Objects,Integrated Network Management III (C-12), H.-G Hegering and Y. Yemini (eds.), North-Holland, pp. 207–215, 1993.Google Scholar
  27. 27.
    R. Wies, Policies in Network and Systems Management-Formal Distribution and Architecture, Plenum Press,Journal of Network and Systems Management, Vol. 2, No. 1, pp. 63–83, 1994.Google Scholar
  28. 28.
    B. Meyer, and C. Popien, Defining Policies for Performance Management in Open Distributed Systems,IEEE/IFIP Workshop on Distributed Systems Operations and Management, Toulouse, October 1994.Google Scholar
  29. 29.
    Information Technology, Open Systems Interconnection, Systems Management Overview, Amendment 2: Management Domains Architecture, PDAM 10042, November 1993.Google Scholar
  30. 30.
    Information Technology, Open Systems Interconnection, Systems Management, Part 19: Management Domain and Management Policy Management Function, ISO/IEC CD 10164-19, January 1994.Google Scholar
  31. 31.
    D. Brewer and M. Nash, The Chinese Wall Security Policy,Proc. IEEE Symposium on Security and Privacy, IEEE Computer Society, 1989.Google Scholar
  32. 32.
    D. Clark, and D. R. Wilson. A Comparison of Commercial and Military Computer Security Policies,Proc. IEEE Symposium on Security and Privacy, 1987.Google Scholar
  33. 33.
    D. Jonscher, Extending Access Control with Duties Realized by Active Mechanism,IFIP WG 11.3 Sixth Working Conference on Database Security, Vancouver, August 1992.Google Scholar
  34. 34.
    K. Marzullo, R. Cooper, M. Wood, and K. Birman, Tools for Distributed Application Management,IEEE Computer, Vol. 24, No. 8, pp. 42–51, 1991.Google Scholar
  35. 35.
    M. J. Masullo and E. Mozes, A Methods Specification Langugage for object oriented Databases,Research Report 16360, 1990, IBM TJ Watson Research Center, Yorktown Heights, New York.Google Scholar
  36. 36.
    K. Ong, and R. Lee, A Logic Model for Maintaining Consistency of Bureaucratic Policies, Proc. 26th Annual Hawaii Conf. on System Sciences, Vol. III, pp. 503–512, 1993.Google Scholar
  37. 37.
    D. Marriott, Management Policy Specification, Imperial College Department of Computing, Research Report DoC. 94/1, Nov. 93, Available by FTP from dse.doc.ic.ac.uk.Google Scholar

Copyright information

© Plenum Publishing Corporation 1994

Authors and Affiliations

  • Morris Sloman
    • 1
  1. 1.Department of ComputingImperial CollegeLondon

Personalised recommendations