Abstract
A key issue in managing distributed agents is the provision of effective policy-based frameworks. To help realise such frameworks we have developed a new policy language that features dynamic fine-grained access controls and event-triggered condition-action rules, with abstractions for grouping objects/agents (domains), and grouping policies (roles, relationships and management structures). In our language policies apply to domains of objects. By changing a policy we change the behaviour of a system. By adding an object or agent to a domain we cause the domain’s policies to be applied to the newly added object. The language is declarative, strongly typed and object-oriented, which makes the language flexible, extensible and adaptable to a wide range of management requirements
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bertino, E., Buccafurri, F., Ferrari, E., and Rullo, P.: A Logical Framework for Reasoning on Data Access Control Policies, In Proceeding of the 12th IEEE Computer Security Workshop, IEEE Computer Society Press, 1999.
Blaze, M., Ioannidis, J., Keromytis, A.D.: Trust Management and Network Layer Security Protocols, In Cambridge Protocols Workshop. Cambridge. Available from http://www.crypto.com/papers/networksec.pdf, 1999.
Corradi, A., Dulay, N., Montanari, R., Stefanelli C.: Policy-Driven Management of Agent Systems, In: Sloman, M., Lobo, J., Lupu, E.C. (eds): Policies for Distributed Systems and Networks. Lecture Notes in Computer Science, Vol. 1995. Springer-Verlag, Berlin Heidelberg New York (2001) 214–229.
Cuppens, F., Saurel, C.: Specifying a security policy: A Case Study. In IEEE Computer Society Computer Security Foundations Workshop (CSFW9), 1996, 123–135.
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language, In: Sloman, M., Lobo, J., Lupu, E.C. (eds): Policies for Distributed Systems and Networks. Lecture Notes in Computer Science, Vol. 1995. Springer-Verlag, Berlin Heidelberg New York (2001) 18–38.
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: Ponder: A Language for Specifying Security and Management Policies for Distributed Systems, Language Specification 2.3, Imperial College Research Report DoC 2000-1, October 2000. Available from http://www-dse.doc.ic.ac.uk/policies.
Dulay, N., Lupu, E., Sloman, M., Damianou, N.: A Policy Deployment Model for the Ponder Language, In: Pavlou, G., Anerousis, N., Liotta, A. (eds): Integrated Network Management VII, IEEE (2001) 529–543.
Feigenbaum, J.: Overview of the AT & T Labs Trust Management Project: Position Paper in Proceedings of the 1998 Cambridge University Workshop on Trust and Delegation, Lecture Notes in Computer Science. Springer Verlag, 1998
Herzberg, A., Mass, Y., Michaeli, J., Naor, D., Ravid, Y.: Access Control Meets Public Key Infrastructure, or: Assigning Roles to Strangers, In Proceedings of the 2000 IEEE Symposium on Security and Privacy.
Hitchens, M., Varadharajan, V.: Tower: A Language for Role Based Access Control, In: Sloman, M., Lobo, J., Lupu, E.C. (eds): Policies for Distributed Systems and Networks. Lecture Notes in Computer Science, Vol. 1995. Springer-Verlag, Berlin Heidelberg New York (2001) 88–106.
Hoagland, J.A., Pandey, R., Levitt, K. N.: Security Policy Specification Using a Graphical Approach. Technical report CSE-98-3, UC Davis Computer Science Department, 1998.
Jajodia, S., Samarati, P., Subrahmanian, V. S.: A Logical Language for Expressing Authorizations, In IEEE Symposium on Security and Privacy, Research in Security and Privacy, Oakland, CA, 1997. IEEE Computer Society Press 31–34.
Li, N., Feigenbaum, J., Grosof, B. N.: A Logic-Based Knowledge Representation for Authorization with Delegation, In Proceeding of the 12th IEEE Computer Security Workshop. IEEE Computer Society Press, 1999.
Lobo, J., Bhatia, R., Naqvi, S.: A Policy Description Language. In Proceedings of the AAAI, Orlando, Florida, USA, July 1999.
Lupu, E.C., Sloman, M.: Conflicts in Policy-Based Distributed Systems Management. In IEEE Transactions on Software Engineering, Vol 25(6): 852–869, Nov.1999.
Minsky, N.H., and V. Ungureanu, V.: Unified Support for Heterogeneous Security Policies in Distributed Systems, In Proceedings of the 7th USENIX Security Symposium (SECURITY-98), Berkeley, Usenix Association, 1998, 131–142.
Moore, B. Strassner J. Elleson, E.,: Policy Core Information Model V1, Available from http://www.ietf.org/draft-ietf-policy-core-info-model-05.txt, March 2000
Ortalo, R.: A Flexible Method for Information System Security Policy Specification. In Proceedings of the 5th European Symposium on Research in Computer Security (ESORICS 98). Louvain-la-Neuve, Belgium, Springer-Verlag. 1998.
Ribeiro, C., Zuquete, A., Ferreira, P., Guedes, P.: SPL: An Access Control Language for Security Policies with Complex Constraints, In: Network and Distributed System Security Symposium (NDSS 01), San Diego, Internet Society, Feb 2001.
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models, IEEE Computer, 29(2):38–47, 1996.
Virmani, A., Lobo, J., Kohli, M.: Netmon: Network Management for the SARAS Softswitch, In: Hong, J., Weihmayer, R. (eds): IEEE/IFIP Network Operations and Management Symposium, (NOMS2000), Hawaii, May 2000, 803–816.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dulay, N., Damianou, N., Lupu, E., Sloman, M. (2002). A Policy Language for the Management of Distributed Agents. In: Wooldridge, M.J., WeiĂź, G., Ciancarini, P. (eds) Agent-Oriented Software Engineering II. AOSE 2001. Lecture Notes in Computer Science, vol 2222. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-70657-7_6
Download citation
DOI: https://doi.org/10.1007/3-540-70657-7_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43282-1
Online ISBN: 978-3-540-70657-1
eBook Packages: Springer Book Archive