Skip to main content

Distributed Policy Specification and Interpretation with Classified Advertisements

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNPSE,volume 7149)

Abstract

In a distributed system, the principle of separation of policy and mechanism provides the flexibility to revise policies without altering mechanisms and vice versa. This separation can be achieved by devising a language for specifying policy and an engine for interpreting policy. In the Condor [14] high throughput distributed system the ClassAd language [16] is used to specify resource selection policies and matchmaking algorithms are used to interpret that policy by matching jobs with available machines. We extend this framework to specify and interpret authorization policies using the SPKI/SDSI [6] public key infrastructure. SPKI/SDSI certificates are represented using the ClassAd language and certificate chain discovery is implemented using a modified matchmaking algorithm. This extension complements the resource selection policy capabilities of Condor with the authorization policy capabilities of SPKI/SDSI. Techniques for policy analysis in the context of resource selection and authorization are also presented.

Keywords

  • Policy Language
  • Resource Selection
  • Access Control Policy
  • Tuple Space
  • Authorization Policy

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bettini, C., Jajodia, S., Wang, S., Wijesekera, D.: Provisions and obligations in policy rule management and security applications. In: Proceedings of 28th International Conference on Very Large Data Bases (VLDB), Hong Kong, China, pp. 502–513 (August 2002)

    Google Scholar 

  2. Clarke, D., Elien, J.-E., Ellison, C., Fredette, M., Morcos, A., Rivest, R.: Certificate chain discovery in SPKI/SDSI. Journal of Computer Security 9(4), 285–322 (2001)

    CrossRef  Google Scholar 

  3. Coleman, N., Raman, R., Livny, M., Solomon, M.: Distributed policy management and comprehension with classified advertisements. Technical Report UW-CS-TR-1481, University of Wisconsin (April 2003)

    Google Scholar 

  4. Coleman, N.: A Matchmaking Approach to Distributed Policy Specification and Interpretation. PhD thesis, University of Wisconsin-Madison (August 2007)

    Google Scholar 

  5. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  6. Ellison, C., Frantz, B., Lampson, B., Rivest, R.L., Thomas, B., Ylonen, T.: SPKI certificate theory. RFC 2693 (September 1999)

    Google Scholar 

  7. Finin, T., Fritzson, R., McKay, D., McEntire, R.: KQML as an agent communication language. In: Proc. of the Third Int’l Conf. on Information and Knowledge Management, CIKM 1994. ACM Press (November1994)

    Google Scholar 

  8. Gelernter, D.: Generative communication in linda. ACM Trans. Program. Lang. Syst. 7(1), 80–112 (1985)

    CrossRef  MATH  Google Scholar 

  9. Genesereth, M., Singh, N., Syed, M.: A distributed anonymous knowledge sharing approach to software interoperation. In: Proc. of the Int’l Symposium on Fifth Generation Computing Systems, pp. 125–139 (1994)

    Google Scholar 

  10. Godfrey, P.: Minimization in cooperative response to failing database queries. International Journal of Cooperative Information Systems (IJCIS) 6(2), 95–149 (1997)

    CrossRef  Google Scholar 

  11. Jha, S., Reps, T.: Analysis of SPKI/SDSI certificates using model checking. In: Proceedings of IEEE Computer Security Foundations Workshop (CSFW). IEEE Computer Society Press (2002)

    Google Scholar 

  12. Jha, S., Reps, T.W.: Model checking spki/sdsi. Journal of Computer Security 12(3-4), 317–353 (2004)

    CrossRef  Google Scholar 

  13. Lobo, J., Bhatia, R., Naqvi, S.: A policy description language. In: AAAI/IAAI, pp. 291–298 (1999)

    Google Scholar 

  14. Raman, R., Livny, M., Solomon, M.: Matchmaking: Distributed resource management for high-throughput computing. In: Proceedings of the Seventh IEEE International Symposium on High Performance Distributed Computing, HPDC7 (July 1998)

    Google Scholar 

  15. Raman, R., Livny, M., Solomon, M.: Policy driven heterogeneous resource co-allocation with gangmatching. In: Proceedings of the Twelfth IEEE International Symposium on High Performance Distributed Computing (HPDC12), Seattle, WA (June 2003)

    Google Scholar 

  16. Solomon, M.: The ClassAd language reference manual version 2.4 (May 2004), http://www.cs.wisc.edu/condor/classad/refman/

  17. Sycara, K., Decker, K., Pannu, A., Williamson, M., Zeng, D.: Distributed intelligent agents. IEEE Expert, 36–46 (December 1996)

    Google Scholar 

  18. Tonti, G., Bradshaw, J.M., Jeffers, R., Montanari, R., Suri, N., Uszok, A.: Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 419–437. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  19. Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M., Quinn, B., Herzog, S., Huynh, A., Carlson, M., Perry, J., Waldbusser, S.: Policy terminology. RFC 3198 (November 2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Coleman, N. (2012). Distributed Policy Specification and Interpretation with Classified Advertisements. In: Russo, C., Zhou, NF. (eds) Practical Aspects of Declarative Languages. PADL 2012. Lecture Notes in Computer Science, vol 7149. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27694-1_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-27694-1_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-27693-4

  • Online ISBN: 978-3-642-27694-1

  • eBook Packages: Computer ScienceComputer Science (R0)