An Approach to Understanding Policy Based on Autonomy and Voluntary Cooperation

  • Mark Burgess
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3775)

Abstract

Presently, there is no satisfactory model for dealing with political autonomy of agents in policy based management. A theory of atomic policy units called ‘promises’ is therefore discussed. Using promises, a global authority is not required to build conventional management abstractions, but work is needed to bind peers into a traditional authoritative structure. The construction of promises is precise, if tedious, but can be simplified graphically to reason about the distributed effect of autonomous policy. Immediate applications include resolving the problem of policy conflicts in autonomous networks.

References

  1. 1.
    Sloman, M.S., Moffet, J.: Policy hierarchies for distributed systems management. Journal of Network and System Management 11(9), 1404 (1993)Google Scholar
  2. 2.
    Lupu, E.C., Sloman, M.: Towards a role based framework for distributed systems management. Journal of Network and Systems Management 5 (1996)Google Scholar
  3. 3.
    Parrow, J.: An Introduction to the π-Calculus. In: The Handbook of Process Algebra, p. 479. Elsevier, Amsterdam (2001)CrossRefGoogle Scholar
  4. 4.
    Fu, Z., Wu, S.F.: Automatic generation of ipsec/vpn security policies in an intra-domain environment. In: Proceedings of the 12th internation workshop on Distributed System Operation and Management (IFIP/IEEE), p. 279. INRIA Press (2001)Google Scholar
  5. 5.
    Sailer, R., Acharya, A., Beigi, M., Jennings, R., Verma, D.: Ipsecvalidate - a tool to validate ipsec configurations. In: Proceedings of the Fifteenth Systems Administration Conference (LISA XV) (USENIX Association: Berkeley, CA), p. 19 (2001)Google Scholar
  6. 6.
    Damianou, N., Dulay, N., Lupu, E.C., Sloman, M.: Ponder: a language for specifying security and management policies for distributed systems. Imperial College Research Report DoC 2000/1 (2000)Google Scholar
  7. 7.
    Burgess, M.: On the theory of system administration. Science of Computer Programming 49, 1 (2003)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Couch, A., Daniels, N.: The maelstrom: Network service debugging via ”ineffective procedures”. In: Proceedings of the Fifteenth Systems Administration Conference (LISA XV) (USENIX Association: Berkeley, CA), p. 63 (2001)Google Scholar
  9. 9.
    Burgess, M.: Cfengine’s immunity model of evolving configuration management. Science of Computer Programming 51, 197 (2004)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Burgess, M.: A site configuration engine. Computing systems, vol. 8, p. 309. MIT Press, Cambridge (1995)Google Scholar
  11. 11.
    Axelrod, R.: The Complexity of Cooperation: Agent-based Models of Competition and Collaboration. Princeton Studies in Complexity, Princeton (1997)Google Scholar
  12. 12.
    Axelrod, R.: The Evolution of Co-operation. Penguin Books 1990 (1984)Google Scholar
  13. 13.
    Carrillo, J.D., Dewatripont, M.: Promises, promises. Technical Report 172782000000000058, UCLA Department of Economics, Levines’s BibliographyGoogle Scholar
  14. 14.
    Snyder, L.: Formal models of capability-based protection systems. IEEE Transactions on Computers 30, 172 (1981)CrossRefMATHGoogle Scholar
  15. 15.
    Burgess, M.: Analytical Network and System Administration — Managing Human-Computer Systems. J. Wiley & Sons, Chichester (2004)CrossRefGoogle Scholar
  16. 16.
    Stang, T.H., Pourbayat, F., Burgess, M., Canright, G., Engø, K., Weltzien, Å.: Archipelago: A network security analysis tool. In: Proceedings of The 17th Annual Large Installation Systems Administration Conference (LISA 2003), San Diego, California, USA (October 2003)Google Scholar
  17. 17.
    Canright, G., Engø-Monsen, K.: A natural definition of clusters and roles in undirected graphs. Science of Computer Programming 53, 195 (2004)MathSciNetCrossRefMATHGoogle Scholar
  18. 18.
    Burgess, M., Canright, G., Engø, K.: A graph theoretical model of computer security: from file access to social engineering. International Journal of Information Security 3, 70–85 (2004)CrossRefGoogle Scholar
  19. 19.
    Ortalo, R.: A flexible method for information system security policy specifications. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 67–85. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  20. 20.
    Glasgow, J., MacEwan, G., Panagaden, P.: A logic for reasoning about security. ACM Transactions on Computer Systems 10, 226–264 (1992)CrossRefGoogle Scholar
  21. 21.
    Lupu, E., Sloman, M.: Conflict analysis for management policies. In: Proceedings of the Vth International Symposium on Integrated Network Management IM 1997, pp. 1–14. Chapman & Hall, Boca Raton (1997)Google Scholar
  22. 22.
    Chellas, B.F.: Modal Logic: An Introduction. Cambridge University Press, Cambridge (1980)CrossRefMATHGoogle Scholar
  23. 23.
    Prakken, H., Sergot, M.: Dyadic deontic logic and contrary-to-duty obligations. In: Defeasible Deontic logic: Essays in Nonmonotonic Normative Reasoning. Synthese library, vol. 263. Kluwer Academic Publishers, Dordrecht (1997)Google Scholar
  24. 24.
    Kripke, S.A.: Semantical considerations in modal logic. Acta Philosophica Fenica 16, 83–94 (1963)MATHGoogle Scholar
  25. 25.
    Fagernes, S., Burgess, M.: The effects of ‘tit for tat’ policy for rejecting ‘spam’ or denial of service floods. In: Proceedings of the 4th System Administration and Network Engineering Conference (SANE 2004) (2004)Google Scholar
  26. 26.
    Burgess, M., Fagernes, S.: Pervasive computing management ii: Voluntary cooperation. IEEE eTransactions on Network and Service Management (submitted)Google Scholar
  27. 27.
    Bandara, A.K., Lupu, E.C., Moffett, J., Russo, A.: A goal-based approach to policy refinement. In: Proceedings of the 5th IEEE Workshop on Policies for Distributed Systems and Networks (2004)Google Scholar
  28. 28.
    Bandara, A.K., Lupu, E.C., Moffett, J., Russo, A.: Using event calculus to formalise policy specification and analysis. In: Proceedings of the 4th IEEE Workshop on Policies for Distributed Systems and Networks (2003)Google Scholar
  29. 29.
    Lafuente, A.L., Montanari, U.: Quantitative mu-calculus and ctl defined over constraint semirings. Electronic Notes on Theoretical Computing Systems QAPL, 1–30 (2005)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2005

Authors and Affiliations

  • Mark Burgess
    • 1
  1. 1.Oslo University CollegeNorway

Personalised recommendations