Dependable Management of Untrusted Distributed Systems

The conventional approach to the online management of distributed systems---represented by such standards as SNMP for network management, and WSDM for systems based on service oriented computing (SOC)---relies on the components of the managed system to cooperate in the management process, by providing the managers with the means to monitor their state and activities, and to control their behavior. Unfortunately, the trust thus placed in the cooperation of the managed components is unwarranted for many types of systems---such as systems based on SOA---making the conventional management of such systems unreliable and insecure. This paper introduces a radically new approach to the management of distributed systems, called governance-based management (GBM), which is based on a middleware that can govern the exchange of messages between system components. GBM has a substantial ability to manage distributed systems, in a reliable and secure manner, even without any trustworthy cooperation of the managed components. And it can fully incorporate the conventional management techniques wherever such cooperation can be trusted. GBM also supports a reflexive mode of management, which manages the management process itself, making it safer. However, GBM is still a work in progress, as it raises several open problems that needs to be addressed before this management technique can be put to practice

LPOP: Challenges and Advances in Logic and Practice of Programming

This article describes the work presented at the first Logic and Practice of Programming (LPOP) Workshop, which was held in Oxford, UK, on July 18, 2018, in conjunction with the Federated Logic Conference (FLoC) 2018. Its focus is challenges and advances in logic and practice of programming. The workshop was organized around a challenge problem that specifies issues in role-based access control (RBAC), with many participants proposing combined imperative and declarative solutions expressed in the languages of their choice.Comment: arXiv admin note: substantial text overlap with arXiv:1804.10247 by other author

A policy-oriented language for expressing security specifications

Organizations ’ authorization policies are usually described by access control rules enforced on each protected object scattered all over the organization. Having a single global security policy specification would promote both security clarity and coherency [4, 9, 18, 31, 37]. Having a single security model for the whole organization, a single point of management and enforcement with a innumerous set of unknown users, does not scale well. However, both the policy enforcement and the mapping of unknown users to known entities [28] can be decoupled from the specification; thus, having a single global security policy decoupled from the enforcement and from the mapping of unknown users promotes clarity and coherency without compromising scalability. This work presents a security policy language which is able to express simultaneously many different types of models, which is essential to handle all the policies used on a complex organization. The proposed language can express the concepts of permission and prohibition, and some restricted forms of obligation. We show how to express and implement obligation using the transaction concept. We also address the problem of incoherent policies and show how to efficiently enforce the security policies expressed by the language with a security access monitor, implemented in java, including history-based and obligation-based security policies