Adding Policy-based Control to Mobile Hosts Switching between Streaming Proxies

We add a simple policy-based control component to mobile hosts that enables them to control the continuous reception of live multimedia content (e.g. a TV broadcast) while they switch between different distributors of that content. Policy-based control provides a flexible means to automate the switching behavior of mobile hosts. The policies react to changes in the mobile host's environment (e.g. when a hotspot network appears) and determine when and how to invoke an earlier developed application-level protocol to discover the capabilities (e.g. supported encodings) of the content distributors and to execute the switches. The design of the control component is based on the IETF policy model, but extended and applied at the application-level instead of at the network-level. We implemented the system and deployed it in a small-scale test bed

Study of the CAC mechanisms for telecommunications systems with adaptive links according to propagation conditions

This paper presents the framework and the activities of a PhD research work in progress supported by Alcatel Alenia Space in collaboration with TeSA and SUPAERO. It deals with Connection Admission Control (CAC) for Telecommunications Systems with adaptive links according to propagation conditions. Indeed, in high frequency bands communications, deep fadings may occur because of atmospheric propagation losses. The mitigation techniques used to counteract fades impacts the system capacity, therefore the CAC mechanism. The CAC which only uses current capacity information may lead to intolerable dropping of admitted connection, and thus breaches the QoS guarantees made upon connection acceptance. New CAC mechanisms shall be studied to take into account the capacity variation and the mitigation techniques (IFMT) developed to compensate the attenuation in Ka and above frequency range

ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments

The enforcement of security policies in outsourced environments is still an open challenge for policy-based systems. On the one hand, taking the appropriate security decision requires access to the policies. However, if such access is allowed in an untrusted environment then confidential information might be leaked by the policies. Current solutions are based on cryptographic operations that embed security policies with the security mechanism. Therefore, the enforcement of such policies is performed by allowing the authorised parties to access the appropriate keys. We believe that such solutions are far too rigid because they strictly intertwine authorisation policies with the enforcing mechanism. In this paper, we want to address the issue of enforcing security policies in an untrusted environment while protecting the policy confidentiality. Our solution ESPOON is aiming at providing a clear separation between security policies and the enforcement mechanism. However, the enforcement mechanism should learn as less as possible about both the policies and the requester attributes.Comment: The final version of this paper has been published at ARES 201

Framework for GRID metascheduling with SLAs

Integration of heterogeneous resources in different administrative domains makes control and management of these environments a hard task, and this could be even worse if organizations intend to use these resources in a coordinate manner. Our goal is to simplify these labors with a policy based management schema. Policies with a high level of abstraction will be transform automatically in business rules to the right entities. In this paper we define a framework and several design aspects to show how this policy based management schema can be done. Besides we will give an example of a task scheduler for a computer cluster and how the latest version of grid tools available in the market fit in this proposal.VI Workshop de Procesamiento Distribuido y Paralelo (WPDP)Red de Universidades con Carreras en Informática (RedUNCI

Framework for GRID metascheduling with SLAs

Integration of heterogeneous resources in different administrative domains makes control and management of these environments a hard task, and this could be even worse if organizations intend to use these resources in a coordinate manner. Our goal is to simplify these labors with a policy based management schema. Policies with a high level of abstraction will be transform automatically in business rules to the right entities. In this paper we define a framework and several design aspects to show how this policy based management schema can be done. Besides we will give an example of a task scheduler for a computer cluster and how the latest version of grid tools available in the market fit in this proposal.VI Workshop de Procesamiento Distribuido y Paralelo (WPDP)Red de Universidades con Carreras en Informática (RedUNCI

Towards transactional integrity issues in policy based network management systems

As networks increase in size, heterogeneity, complexity and pervasiveness, effective management of such networks becomes more important and increasingly difficult. In this context, PBNM (Policy-Based Network Management) has been gaining popularity in the recent years. New demands on internetworking, services specification, QoS and generically on network management functionality have been driving users to consider this paradigm in their own networks. As people start exploiting PBNM, another aspect comes to attention: transactional integrity. Transactional control envisages achieving consistent state changes along the network. In other words, state transition in network devices is only authorized if all the related operations are successfully taken. In this paper we propose a transactional control mechanism for PBNM systems, namely its assurance across different systems and different network domains

Integration of service, network and system management: current and forthcoming trends

A major problem that industry is being faced with is related to the miscellaneous of management requirements and to the explosion of management information. Network and systems management often make use of different tools and technologies. The introduction of Quality of Service in the Internet will bring increased needs for efficient service management approaches in the network. The integration of these different kinds of management approaches into a common framework is critical for the future development of the Internet and intranets. This paper exploits the usage of software agents acting as mediators between different management protocols and data and assuring transparent integration of those dissimilar solutions

Enforcing RFID data visibility restrictions using XACML security policies

Radio Frequency Identification (RFID) technology allows automatic data capture from tagged objects moving in a supply chain. This data can be very useful if it is used to answer traceability queries, however it is distributed across many different repositories, owned by different companies. Discovery Services (DS) are designed to assist in retrieving the RFID data relevant for traceability queries while enforcing sharing policies that are defined and required by participating companies to prevent sensitive data from being exposed. In this paper we define an interface for Supply Chain Authorization (SC-Az) and describe the implementation of two visibility restriction mechanisms based on Access Control Lists (ACLs) and Capabilities. Both approaches were converted to the standard eXtensible Access Control Markup Language (XACML) and their correctness and performance was evaluated for supply chains with increasing size

Management of networks that provide QoS guarantees

This paper presents the results of a case study to the feasibility of introducing ATM SVCs into the Dutch SURFnet research ATM network. The key issue that is examined are the implications of the Quality of Service support of ATM. QoS guarantees for a connection require a portion of the finite ATM network resource. Once all network resource is allocated to connections no new connections will be accepted, and users will start experiencing denial of service. The key research question here is if and how this denial of service probability can be kept to a minimum