Harnessing Models for Policy Conflict Analysis

Policy conflict analysis processes based solely on the examination of policy language constructs can not readily discern the semantics associated with the managed system for which the policies are being defined. However, by developing analysis processes that can link the constructs of a policy language to the entities of an information model, we can harness knowledge relating to relationships and associations, constraint information, behavioural specifications codified by finite state machines, and extensive semantic information expressed via ontologies to provide powerful policy analysis processes

Decomposition techniques for policy refinement.

The automation of policy refinement, whilst promising great benefits for policy-based management, has hitherto received relatively little treatment in the literature, with few concrete approaches emerging. In this paper we present initial steps towards a framework for automated distributed policy refinement for both obligation and authorization policies. We present examples drawn from military scenarios, describe details of our formalism and methods for action decomposition, and discuss directions for future research. © 2010 IEEE.Accepted versio

Policy Refinement: Decomposition and Operationalization for Dynamic Domains

We describe a method for policy refinement. The refinement process involves stages of decomposition, operationalization, deployment and re-refinement, and operates on policies expressed in a logical language flexible enough to be translated into many different enforceable policy dialects. We illustrate with examples from a coalition scenario, and describe how the stages of decomposition and operationaliztion work internally, and fit together in an interleaved fashion. Domains are represented in a logical formalization of UML diagrams. Both authorization and obligation policies are supported. © 2011 IFIP.Accepted versio

Policy conflict analysis for diffserv quality of service management

Policy-based management provides the ability to (re-)configure differentiated services networks so that desired Quality of Service (QoS) goals are achieved. This requires implementing network provisioning decisions, performing admission control, and adapting bandwidth allocation to emerging traffic demands. A policy-based approach facilitates flexibility and adaptability as policies can be dynamically changed without modifying the underlying implementation. However, inconsistencies may arise in the policy specification. In this paper we provide a comprehensive set of QoS policies for managing Differentiated Services (DiffServ) networks, and classify the possible conflicts that can arise between them. We demonstrate the use of Event Calculus and formal reasoning for the analysis of both static and dynamic conflicts in a semi-automated fashion. In addition, we present a conflict analysis tool that provides network administrators with a user-friendly environment for determining and resolving potential inconsistencies. The tool has been extensively tested with large numbers of policies over a range of conflict types

Policy analysis for DiffServ quality of service management

EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Policy Conflict Prevention via Model-driven Policy Refinement

Abstract. This paper describes an approach for application specific conflict prevention based on model-driven refinement of policies prior to deployment. Central to the approach is an algorithm for the retrieval of application-specific data from an information model relating to the subject and targets of a given policy. This algorithm facilitates the linkage of policies loosely defined at a high level of abstraction to detailed behavioural constraints specified in the information model. Based on these constraints policies are then modified so that conflicts with other deployed policies can be readily identified using standard policy conflict detection techniques. This approach enables policy enforcement to be cognisant of application specific constraints, thereby resulting in a more trustworthy and dependable policy based management system.

Conflict Prevention via Model-driven Policy Refinement, in Large Scale Management of Distributed Systems

1