Abstract
This paper traces the history of policy-based management and how it evolved from the first security models dating back to the late 1960’s until today’s more elaborate frameworks, languages, and policy-based management tools. The focus will be on providing a synthesized chronicle of the evolution of ideas and research trends rather than on surveying the various specification formalisms, frameworks, and application domains of policy-based management.
Similar content being viewed by others
References
Keller, A., Al-Shaer, E., Hegering, H.-G. (eds.): Integrated Network Management X (IM 2007), moving from bits to business value. Munich, Germany, May 21–25, 2007. IFIP/IEEE
Anderson, J.P.: Computer security technology planning study. ESD-TR-73-51, AD-758 206, ESD/AFSC, Deputy for Command and Management Systems, HQ Electronic Systems Division (AFSC), Hanscom AFB, October 1972
Samarati, P., De Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: FOSAD ’00: Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design, pp. 137–196. Springer-Verlag, Bertinoro, Sept 2000
Lampson, B.W.: Dynamic protection structures. In: Proc. AFIPS Conf.35 (1969 FJCC), pp. 27–38 (1969)
Lampson, B.W.: Protection. In: Proceedings of the 5th Annual Princeton Conference on Information Sciences and Systems, pp. 437–443. Princeton University (1971). Reprinted in ACM SIGOPS Operating Systems Review 8(1), 18–24 (Jan 1974)
Dennis, J.B., Van Horn, E.C.: Programming semantics for multiprogrammed computations, p. 46 (1966)
Fabry, R.S.: Capability-based addressing. Commun. ACM (1974)
Bell, D.E., LaPadula, L.J.: Secure computer systems: Mathematical foundations. Technical report esd-tr-278, MITRE Corporation, Bedford (1973)
Biba, K.J.: Integrity considerations for secure computer systems. ESD-TR-76-372, ESD/AFSC, Hanscom AFB, Bedford, April 1977. NTIS ADA039324
Clark, D.D., Wilson, D.R.: A comparison of commercial and military computer security policies. In: IEEE Symposium on Security and Privacy, p. 184. Los Alamitos (1987). IEEE Computer Society
Brewer, D., Nash, M.: The Chinese Wall security policy. In: Security and Privacy, 1989. Proceedings, 1989 IEEE Symposium on, pp. 206–214. Oakland, May 1989
Bell, D.E.: Looking back at the Bell-la Padula model. 21st Annual Computer Security Applications Conference, December 2005
Estrin, D.: Inter-organizational networks: stringing wires across administrative boundaries. Comp. Networks ISDN Syst. 9(4), 281–295 (1985)
Estrin, D.: Inter-organization networks: implications of access control: Requirements for interconnection protocol. In: SIGCOMM ’86: Proceedings of the ACM SIGCOMM conference on Communications architectures & protocols, pp. 254–264. ACM Press, New York (1986)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control. Artech House, Computer Security Series (2007)
Ferraiolo, D., Kuhn, R.: Role-based access controls. In: 15th NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)
Sloman, M., Lupu, E.: Security and management policy specification. IEEE Network 16(2), 10–19 (2002)
InterNational Committee for Information Technology Standards (formerly NCITS). Information technology – role based access control. Ansi/incits standard, ANSI/INCITS 359-2004, 03-Feb 2004, 56 pp
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: POLICY ’01: Proceedings of the International Workshop on Policies for Distributed Systems and Networks, pp. 18–38. Springer-Verlag, London (2001)
Sun Microsystems Anne Anderson: XACML profile for role based access control (RBAC), committee draft 01. OASIS Open cs-xacml-rbac-profile-01, OASIS, XACML Technical Committee, 13 February 2004
Mockapetris, P.: Domain names-concepts and facilities. RFC 0882, Internet Engineering Task Force, Network Working Group, Dec 1983. Obsoleted by RFC1034
Mockapetris, P.: Domain names-concepts and facilities. RFC 1034, Internet Engineering Task Force, Network Working Group, Nov 1987
Levine, P.H.: The Apollo domain distributed file system. In: Paker, Y., et al. (eds.) Distributed Operating Systems: Theory and Practice, volume F28 of NATO ASI series, pp. 241–260. Springer Verlag, August 1986
Robinson, D.C.: Domains: A Uniform Approach to Distributed System Management. PhD thesis, Dept of Computing, Imperial College of Science and Technology, University of London, March 1988
Robinson, D.C., Sloman, M.: Domains: A new approach to distributed system management. In: Proceedings, Workshop on the Future Trends of Distributed Computing Systems in the 1990s, 1988., pp. 154–163. ieeexplore.ieee.org, 14–16 Sep 1988
Robinson, D.C., Sloman, M.: Domain-based access control for distributed computing systems. Software Eng. J. 3(5), 161–170 (1988)
Moffett, J.D., Sloman, M.: Management domains. Technical Report DOC 88/6, University of London, Imperial College of Science and Technology, June 1988
Sloman, M., Moffett, J.D.: Domain model of autonomy. In: 3rd workshop on ACM SIGOPS European workshop: Autonomy or interdependence in distributed systems? pp. 1–4. Cambridge, Sept 18–21 1988. ACM Press, New York. portal.acm.org
Moffett, J.D.: Delegation of Authority Using Domain Based Access Rules. PhD thesis, Department of Computing, Imperial College, University of London, London, July 1990
Twidle, K., Sloman, M.: Domain based configuration and name management for distributedsystems. In: Distributed Computing Systems in the 1990s, 1988. Proceedings, Workshop on the Future Trends of, pp. 147–153. 14–16 Sep 1988
Twidle, K.: Domain Services for Distributed Systems Management. PhD thesis, Department of Computing, Imperial College, London (1993)
Boutaba, R., Benkiran, A.: A framework for distributed systems management. In: Raghavan, S.V., von Bochmann, G., Pujolle G. (eds.) NETWORKS ’92: Proceedings of the IFIP TC6 Working Conference on Computer Networks, Architecture, and Applications, volume C-13 of IFIP Transactions, pp. 287–298. Trivandrum, India, 28–29 Oct 1992
Clark, D.D.: Policy routing in internet protocols. IETF Network Working Group, RFC 1102, May 1989
Mills, D.L.: Exterior gateway protocol formal specification. IETF Network Working Group, RFC 904, April 1984
Lougheed, K., Rekhter, J.: A border gateway protocol (BGP). IETF Network Working Group, RFC 1105, June 1989
Kunzinger., C.: ISO/IEC 10747, protocol for the exchange of inter-domain routing information among intermediate systems to support forwarding of ISO 8473 PDUs. IETF Network Working Group, Internet Draft, April 1994, Expired October 1994
Steenstrup, M.: An architecture for inter-domain policy routing. IETF Network Working Group, rfc 1478, June 1993
Stone, G.N., Lundy, B., Xie, G.G.: Network policy languages: A survey and a new approach. IEEE Network 15(1), 10–21 (2001)
Waters, G., Wheeler, J., Westerinen, A., Rafalow, L., Moore, R.: Policy framework architecture. Internet-draft, IETF, Network Working Group, Feb 1999
DMTF. CIM Policy Model. White paper, February 2001
Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M., Quinn, B. Herzog, S., Huynh, A., Carlson, M., Perry, J., Waldbusser, S.: Terminology for policy-based management. IETF RFC 3198, November 2001
IETF. Policy framework. http://www.ietf.org/html.charters/OLD/policy-charter.html
Rajan, R., Verma, D., Kamat, S., Felstaine, E., Herzog, S.: A policy framework for integrated and differentiated services inthe internet. IEEE Network 13(5), 36–41 (1999)
Flegkas, P., Trimintzios, P., Pavlou, G.: A policy-based quality of service management system for IP diffservnetworks. IEEE Network 16(2), 50–56 (2002)
Ahmed, T., Mehaoua, A., Boutaba, R.: Dynamic QoS adaptation using COPS and network monitoring feedback. In: MMNS ’02: Proceedings of the 5th IFIP/IEEE International Conference on Management of Multimedia Networks and Services, pp. 250–262. Springer-Verlag, London, October 6–9 2002. Journal version published in Elsevier Computer Communications (ComCom), A measurement-based approach for dynamic QoS adaptation in DiffServ networks 28(18), 2020–2033 (2005)
Strassner, J.: DEN-ng: achieving business-driven network management. In Network Operations and Management Symposium, 2002. NOMS 2002. 2002 IEEE/IFIP, pp. 753–766, April 15–19 2002
Durham, D., Boyle, J., Cohen, R., Rajan, R., Herzog, S., Sastry, A.: The COPS (common open policy service) protocol. IETF Network Working Group, rfc 2748, January 2000
Yavatkar, R., Pendarakis, D., Guerin, R.: A framework for policy-based admission control. IETF Network Working Group, rfc 2753, January 2000
Reichmeyer, F., Seligson, J., Yavatkar, R., Smith, A.: COPS usage for policy provisioning (COPS-PR). IETF Network Working Group, rfc 3084, March 2001
Chan, K.H., Sahita, R., Hahn, S., McCloghrie, K.: Differentiated services quality of service policy information base. IETF Network Working Group, rfc 3317, March 2003. First version published in Michael Fine et al. Differentiated services quality of service policy information base. IETF Internet Draft, Expired Sep 2001, March 2, 2001
Sahita, R., Hahn, S., Chan, K.H., McCloghrie, K.: Framework policy information base. IETF Network Working Group, RFC 3318, March 2003
3GPP TSG SA WG2. IP multimedia subsystem (IMS); stage 2 (release 8). Technical Report SP-36 v8.1.0, 3GPP, 19 June 2007. Version SP-10 v1.4.0 published in 10 Jan 2001
Nossik, M., Welfeld, F., Richardson, M.: PAX PDL: A Non-Procedural Packet Description Language. Technical report, Sept. 30, 1998
Brownlee, N.: SRL: A language for describing traffic flows and specifying actions for flow groups. IETF Internet draft, Expird February 2000, Aug 1999
Damianou, N.: A Policy Framework for Management of Distributed Systems. PhD thesis, Imperial College of Science, April 2002
Lobo, J., Bhatia, R., Naqvi, S.: A policy description language. In: AAAI ’99/IAAI ’99: Proceedings of the sixteenth national conference on Artificial intelligence and the eleventh Innovative Applications of Artificial Intelligence conference, pp. 291–298. American Association for Artificial Intelligence, Menlo Park (1999)
Virmani, A., Lobo, J., Kohli, M.: Netmon: network management for the SARAS softswitch. In: Network Operations and Management Symposium, 2000. NOMS 2000. 2000 IEEE/IFIP, pp. 803–816. Honolulu (2000)
Chomicki, J., Lobo, J., Naqvi, S.: A logic programming approach to conflict resolution in policy management. In: Cohn, A.G., Giunchiglia, F., Selman, B. (eds.) 7th Int. Conf. on Principles of Knowledge Representation and Reasoning (KR2000), pp. 121–132. Morgan Kaufmann, San Francisco (2000)
Damianou, N., Dulay, N., Lupu, E.C., Sloman, M.: Ponder: A language for specifying security and management policies for distributed systems. Imperial College Research Report DoC 2000/1, 2000
Moffett, J.D., Sloman, M.S.: The representation of policies as system objects. In: Proceedings of the Conference on Organizational Computer Systems (COCS), ACM SIGOIS Bulletin, 12(2–3), pp. 171–184. Atlanta, Georgia, 5–8 Nov 1991
Sloman, M., Moffett, J., Twidle, K.: Domino domains and policies: An introduction to the project results. Technical report, Imperial College of Science, Technology and Medicine, London (1992)
Marriott, D.: Policy Service for Distributed Systems. PhD thesis, Imperial College London, October 1997
Polyrakis, A., Boutaba, R.: The meta-policy information base. Network IEEE 16(2), 40–48 (2002)
Boutaba, R.: A methodology for structuring management of networked systems. In: Proceedings of the IFIP TC6/WG6. 4 International Conference on Advanced Information Processing Techniques for LAN and MAN Management, pp. 225–242. North-Holland Publishing Co, Amsterdam (1993)
Sloman, M.: Policy driven management for distributed systems. JNSM 2(4), 333–360 (1994)
Wies, R.: Policies in network and systems management-Formal definition and architecture. J. Network Syst. Manage. 2(1), 63–83 (1994)
Hasan, M.Z.: An active temporal model for network management databases. In: Proceedings of the Fourth International Symposium on Integrated network management IV, pp. 524–535. Chapman & Hall, Ltd, London (1995)
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorisations. In: IEEE Symposium on Security and Privacy (1997)
Ortalo, R.: A flexible method for information system security policy specification. In: ESORICS ’98: Proceedings of the 5th European Symposium on Research in Computer Security, pp. 67–84. Springer-Verlag, London (1998)
James, H., Pandey, R., Levitt, K.: Security policy specification using a graphical approach. Technical Report CSE-98-3, University of California, Davis Department of Computer Science (1998)
Koch, T., Krell, C., Kramer, B.: Policy definition language for automated management of distributed systems. In: Systems Management, 1996., Proceedings of IEEE Second International Workshop on, pp. 55–64. Toronto, June 19–21, 1996
Dini, P., v. Bochmann, G., Koch, T., Krämer, B.: Agent based management of distributed systems with variable polling frequency policies. In: Proceedings of the fifth IFIP/IEEE international symposium on Integrated network management V: Integrated management in a virtual world, pp. 553–564. Chapman & Hall, Ltd., London (1997)
DMTF.: CIM core model, version 2.4. White Paper (2000)
Moore, B., Ellesson, E., Strassner, J., Westerinen, A.: Policy core information model – version 1 specification. IETF RFC 3060, February 2001
Moore, B. (ed.): Policy core information model (PCIM) extensions, rfc 3460, January 2003
Snir, Y., Ramberg, Y., Strassner, J., Cohen, R., Moore, B.: IBM. Policy quality of service (QoS) information model. IETF Internet standards track protocol, November 2003
Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z., Weiss, W.: An Architecture for Differentiated Services. IETF Differentiated Services group, RFC 2475, Dec 1998
Shenker, S., Wroclawski, J.: General characterization parameters for integrated service network elements. IETF Internet Draft 2215, Integrated Services group, Dec 1998
Lobo, J.: CIM Simplified Policy Language (CIM-SPL). Specification DSP0231 v1.0.0a, Distributed Management Task Force (DMTF), 10 Jan 2007
International Business Machines (IBM). Autonomic computing policy language. White paper, IBM Trivoli, Nov 2005
Godik, S., Moses, T.: eXtensible Access Control Markup Language (XACML) version 1.0. OASIS Standard Document identifier: oasis-xacml-1.0.pdf, OASIS, XACML Technical Committee, 18 February 2003
Anderson, A.: A Brief Introduction to XACML. Posted to the XACML TC mailing list, 14 March 2003
Agrawal, D., Lee, K.-W., Lobo, J.: Policy-based management of networked computing systems. IEEE Commun. Mag. 43(10), October 2005
IBM. Autonomic computing: Creating self-managing computing systems. http://www.researchweb.watson.ibm.com/autonomic/, 2004
Agrawal, D., et al.: Autonomic computing expression language. IBM DeveloperWorks Tutorial, Mar 2005
Bandara, A.: A Formal Approach to Analysis and Refinement of Policies. PhD thesis, University College London, University of London, July 2005
Boutaba R., Znaty S. (1995) An architectural approach for integrated network and systems management. SIGCOMM Comput. Commun. Rev. 25(5), 13–38
Verma, D.C.: Policy-Based Networking: Architecture and Algorithms. Technology series. SAMS, 2000 edition, Novermber 14, 2000
Beigi, M.S., Calo, S., Verma, D.: Policy transformation techniques in policy-based systems management. In: Fifth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY’04), p. 13. IEEE Computer SocietyLos Alamitos, CA, USA, 2004.
Delcourt, B., van Lamsweerde, A., Dardenne, A., Dubisy, F.: The KAOS project: Knowledge acquisition in automated specification of software. In: AAAI Spring Symposium Series, Track: “Design of Composite Systems”, pp. 59–62. Stanford University, March 1991
Darimont, R., van Lamsweerde, A.: Formal refinement patterns for goal-driven requirements elaboration. In: SIGSOFT ’96: Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering, pp. 179–190. ACM Press, New York (1996)
Bandara, A.K., Lupu, E.C., Moffett, J., Russo, A.: A goal-based approach to policy refinement. In: Policies for Distributed Systems and Networks, 2004. POLICY 2004. Proceedings. Fifth IEEE International Workshop on, pp. 229–239, June 7–9 2004
Bandara, A.K., Lupu, E.C., Russo, A., Dulay, N., Sloman, M., Flegkas, P., Charalambides, M., Pavlou, G.: Policy refinement for DiffServ quality of service management. IEEE eTrans. Network Ser. Manage. (eTNSM), 3(2), 12, 2nd uarter 2006
Rubio-Loyola, J., Serrat, J., Charalambides, M., Flegkas, P., Pavlou, G., Lluch-Lafuente, A.: Using linear temporal model checking for goal-oriented policy refinement frameworks. In: POLICY, pp. 181–190. IEEE Computer Society (2005)
Rubio-Loyola, J., Serrat, J., Charalambides, M., Flegkas, P., Pavlou, G.: A functional solution for goal-ooriented policy refinement. In: POLICY ’06: Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY’06), pp. 133–144. IEEE Computer Society, Washington (2006)
Dwyer, M., Avrunin, G.S., Corbett, J.C.: Property specification patterns for finite-state verification. In: Ardis, M. (ed.) Proc. 2nd Workshop on Formal Methods in Software Practice (FMSP-98), pp. 7–15. ACM Press, New York (1998)
Danciu, V., Kempter, B.: From processes to policies – concepts for large scale policy generation. In: Boutaba, R., Kim, S.-B. (eds.) Managing Next Generation Convergence Networks and Services, pp. 17–30. IFIP/IEEE, IEEE Publishing, apr 2004
Brownston, L., Farrell, R., Kant, E., Martin, N.: Programming Expert Systems in OPS5: An Introduction to Rule-based Programming. Addison-Wesley Longman Publishing Co., Inc., Boston (1985)
Ioannidis, Y.E., Sellis, T.K.: Supporting inconsistent rules in database systems. J. Intell. Inf. Syst. 1(3), 243–270 (1992)
Büning, Hk., Löwen, U., Schmitgen, S.: Inconsistency of production systems. Data Knowl. Eng. 3(4), 245–260 (1988)
Jagadish, H.V., Mendelzon, A.O., Mumick, I.S.: Managing conflicts between rules (extended abstract). In: PODS ’96: Proceedings of the fifteenth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems, pp. 192–201. ACM Press, New York (1996)
Lupu, E.C., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE Trans. Software Eng., Special Issue Inconsistencies Manage. 25(6), 852–869 (1999)
Chomicki, J., Lobo, J., Naqvi, S.: Conflict resolution using logic programming. IEEE Trans. Knowl. Data Eng. 15(1), 244–249 (2003)
Al-Shaer, E.S., Hamed, H.H.: Firewall policy advisor for anomaly discovery and rule editing. In: Integrated Network Management, 2003. IFIP/IEEE Eighth International Symposium on, pp. 17–30, March 24–28, 2003
Al-Shaer, E., Hamed, H., Boutaba, R., Hasan, M.: Conflict classification and analysis of distributed firewall policies. IEEE J. Sel. Areas Commun. 23(10), 2069–2084 (2005)
Agrawal, D., Giles, J.,won Lee, K., Lobo, J.: Policy ratification. In: IEEE, editor, IEEE International Workshop on Policies for Distributed Systems and Networks (Policy 2005), IBM Thomas J. Watson Research Center, Yorktown Heights, New York, June 2005
Aib, I., Boutaba, R.: Business-Driven optimization of Policy-Based Management Solutions. In: Integrated Network Management, 2007. IM ’07. 10th IFIP/IEEE International Symposium on, pp. 254–263. Munich, May 21–25, 2007. IEEE
Aib, I., Boutaba, R.: PS: A policy simulator. IEEE Commun. Mag. 45(4), 130–137 (2007)
Maullo M.J., Calo, S.B.: Policy management: An architecture and approach. In: Systems Management, 1993, Proceedings of the IEEE First International Workshop on, pp. 13–26. Los Angeles, 14–16 Apr 1993. IEEE
Moffet, J.D., Sloman, M.: Policy hierarchies for distributed systems management. IEEE J. Sel. Areas Commun., Special Issue Network Manage.t 11, 1404–14 (1993)
Strassner, J.: How policy empowers business-driven device management. In: IEEE, editor, IEEE Third International workshop on Policies for Distributed Systems and Networks (POLICY’02), pp. 214–217 (2002)
Horn, P.: Autonomic Computing: IBM’s Perspective on the State of Information Technology. IBM Corporation, 8 March 2001
IBM. An architectural blueprint for autonomic computing. White paper 4, IBM, June 2006
White, S.R., Hanson, J.E., Whalley, I., Chess, D.M., Kephart, J.O.: An architectural approach to autonomic computing. In: Autonomic Computing (ICAC), 2004. Proceedings. International Conference on, pp. 2–9, May 2004
Aib, I., Salle, M., Bartolini, C., Boulmakoul, A., Boutaba, R., Pujolle, G.: Business-aware policy-based management. In: The First IEEE/IFIP International Workshop on Business-Driven IT Management (BDIM 2006), in conjunction with NOMS 2006, pp. 55–62. IEEE, April 7 2006. Previously published in HP technical report HPL-2004-171, Oct 2004, Bristol
TMF John Strassner.: Shared information/data (SID) model, Common Business Entity Definitions – Policy NGOSS Release 4.0. GB922 Addendum – 1-POL TMF Approved Version 1.1, TMF, August 2004
Jeng, J.-J., Chang, H., Bhaskaran, K.: Policy-driven business performance management. In: Proc. Of 151h IFIP/IEEE International Workshop on Distributed Systems, Operations, and Management, DSOM 2004, pp. 52–63. Springer LNCS 3278, 2004
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Boutaba, R., Aib, I. Policy-based Management: A Historical Perspective. J Netw Syst Manage 15, 447–480 (2007). https://doi.org/10.1007/s10922-007-9083-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10922-007-9083-8