An Approach to Understanding Policy Based on Autonomy and Voluntary Cooperation
Conference paper
Abstract
Presently, there is no satisfactory model for dealing with political autonomy of agents in policy based management. A theory of atomic policy units called ‘promises’ is therefore discussed. Using promises, a global authority is not required to build conventional management abstractions, but work is needed to bind peers into a traditional authoritative structure. The construction of promises is precise, if tedious, but can be simplified graphically to reason about the distributed effect of autonomous policy. Immediate applications include resolving the problem of policy conflicts in autonomous networks.
Keywords
Modal Logic Temporal Logic Service Level Agreement Pervasive Computing Deontic Logic
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download
to read the full conference paper text
References
- 1.Sloman, M.S., Moffet, J.: Policy hierarchies for distributed systems management. Journal of Network and System Management 11(9), 1404 (1993)Google Scholar
- 2.Lupu, E.C., Sloman, M.: Towards a role based framework for distributed systems management. Journal of Network and Systems Management 5 (1996)Google Scholar
- 3.Parrow, J.: An Introduction to the π-Calculus. In: The Handbook of Process Algebra, p. 479. Elsevier, Amsterdam (2001)CrossRefGoogle Scholar
- 4.Fu, Z., Wu, S.F.: Automatic generation of ipsec/vpn security policies in an intra-domain environment. In: Proceedings of the 12th internation workshop on Distributed System Operation and Management (IFIP/IEEE), p. 279. INRIA Press (2001)Google Scholar
- 5.Sailer, R., Acharya, A., Beigi, M., Jennings, R., Verma, D.: Ipsecvalidate - a tool to validate ipsec configurations. In: Proceedings of the Fifteenth Systems Administration Conference (LISA XV) (USENIX Association: Berkeley, CA), p. 19 (2001)Google Scholar
- 6.Damianou, N., Dulay, N., Lupu, E.C., Sloman, M.: Ponder: a language for specifying security and management policies for distributed systems. Imperial College Research Report DoC 2000/1 (2000)Google Scholar
- 7.Burgess, M.: On the theory of system administration. Science of Computer Programming 49, 1 (2003)MathSciNetCrossRefMATHGoogle Scholar
- 8.Couch, A., Daniels, N.: The maelstrom: Network service debugging via ”ineffective procedures”. In: Proceedings of the Fifteenth Systems Administration Conference (LISA XV) (USENIX Association: Berkeley, CA), p. 63 (2001)Google Scholar
- 9.Burgess, M.: Cfengine’s immunity model of evolving configuration management. Science of Computer Programming 51, 197 (2004)MathSciNetCrossRefGoogle Scholar
- 10.Burgess, M.: A site configuration engine. Computing systems, vol. 8, p. 309. MIT Press, Cambridge (1995)Google Scholar
- 11.Axelrod, R.: The Complexity of Cooperation: Agent-based Models of Competition and Collaboration. Princeton Studies in Complexity, Princeton (1997)Google Scholar
- 12.Axelrod, R.: The Evolution of Co-operation. Penguin Books 1990 (1984)Google Scholar
- 13.Carrillo, J.D., Dewatripont, M.: Promises, promises. Technical Report 172782000000000058, UCLA Department of Economics, Levines’s BibliographyGoogle Scholar
- 14.Snyder, L.: Formal models of capability-based protection systems. IEEE Transactions on Computers 30, 172 (1981)CrossRefMATHGoogle Scholar
- 15.Burgess, M.: Analytical Network and System Administration — Managing Human-Computer Systems. J. Wiley & Sons, Chichester (2004)CrossRefGoogle Scholar
- 16.Stang, T.H., Pourbayat, F., Burgess, M., Canright, G., Engø, K., Weltzien, Å.: Archipelago: A network security analysis tool. In: Proceedings of The 17th Annual Large Installation Systems Administration Conference (LISA 2003), San Diego, California, USA (October 2003)Google Scholar
- 17.Canright, G., Engø-Monsen, K.: A natural definition of clusters and roles in undirected graphs. Science of Computer Programming 53, 195 (2004)MathSciNetCrossRefMATHGoogle Scholar
- 18.Burgess, M., Canright, G., Engø, K.: A graph theoretical model of computer security: from file access to social engineering. International Journal of Information Security 3, 70–85 (2004)CrossRefGoogle Scholar
- 19.Ortalo, R.: A flexible method for information system security policy specifications. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 67–85. Springer, Heidelberg (1998)CrossRefGoogle Scholar
- 20.Glasgow, J., MacEwan, G., Panagaden, P.: A logic for reasoning about security. ACM Transactions on Computer Systems 10, 226–264 (1992)CrossRefGoogle Scholar
- 21.Lupu, E., Sloman, M.: Conflict analysis for management policies. In: Proceedings of the Vth International Symposium on Integrated Network Management IM 1997, pp. 1–14. Chapman & Hall, Boca Raton (1997)Google Scholar
- 22.Chellas, B.F.: Modal Logic: An Introduction. Cambridge University Press, Cambridge (1980)CrossRefMATHGoogle Scholar
- 23.Prakken, H., Sergot, M.: Dyadic deontic logic and contrary-to-duty obligations. In: Defeasible Deontic logic: Essays in Nonmonotonic Normative Reasoning. Synthese library, vol. 263. Kluwer Academic Publishers, Dordrecht (1997)Google Scholar
- 24.Kripke, S.A.: Semantical considerations in modal logic. Acta Philosophica Fenica 16, 83–94 (1963)MATHGoogle Scholar
- 25.Fagernes, S., Burgess, M.: The effects of ‘tit for tat’ policy for rejecting ‘spam’ or denial of service floods. In: Proceedings of the 4th System Administration and Network Engineering Conference (SANE 2004) (2004)Google Scholar
- 26.Burgess, M., Fagernes, S.: Pervasive computing management ii: Voluntary cooperation. IEEE eTransactions on Network and Service Management (submitted)Google Scholar
- 27.Bandara, A.K., Lupu, E.C., Moffett, J., Russo, A.: A goal-based approach to policy refinement. In: Proceedings of the 5th IEEE Workshop on Policies for Distributed Systems and Networks (2004)Google Scholar
- 28.Bandara, A.K., Lupu, E.C., Moffett, J., Russo, A.: Using event calculus to formalise policy specification and analysis. In: Proceedings of the 4th IEEE Workshop on Policies for Distributed Systems and Networks (2003)Google Scholar
- 29.Lafuente, A.L., Montanari, U.: Quantitative mu-calculus and ctl defined over constraint semirings. Electronic Notes on Theoretical Computing Systems QAPL, 1–30 (2005)Google Scholar
Copyright information
© IFIP International Federation for Information Processing 2005