Generic support for policy-based self-adaptive systems

This paper presents a policy definition language which forms part of a generic policy toolkit for autonomic computing systems in which the policies themselves can be modified dynamically and automatically. Targeted enhancements to the current state of practice include: policy self-adaptation where the policy itself is dynamically modified to match environmental conditions; improved support for non autonomics-expert developers; and facilitating easy deployment of adaptive policies into legacy code. The policy definition language permits powerful expression of self-managing behaviours and facilitates a diverse policy behaviour space. Features include support for multiple versions of a given policy type, multiple configuration templates, and meta policies to dynamically select between policy instances. An example deployment scenario illustrates advanced functionality in the context of a multi policy stock trading system which is sensitive to environmental volatility

An Architectural Approach to Autonomics and Self-management of Automotive Embedded Electronic Systems

International audienceEmbedded electronic systems in vehicles are of rapidly increasing commercial importance for the automotive industry. While current vehicular embedded systems are extremely limited and static, a more dynamic configurable system would greatly simplify the integration work and increase quality of vehicular systems. This brings in features like separation of concerns, customised software configuration for individual vehicles, seamless connectivity, and plug-and-play capability. Furthermore, such a system can also contribute to increased dependability and resource optimization due to its inherent ability to adjust itself dynamically to changes in software, hardware resources, and environment condition. This paper describes the architectural approach to achieving the goals of dynamically self-configuring automotive embedded electronic systems by the EU research project DySCAS. The architecture solution outlined in this paper captures the application and operational contexts, expected features, middleware services, functions and behaviours, as well as the basic mechanisms and technologies. The paper also covers the architecture conceptualization by presenting the rationale, concerning the architecture structuring, control principles, and deployment concept. In this paper, we also present the adopted architecture V&V strategy and discuss some open issues in regards to the industrial acceptance

Formal model and policy specification of usage control

The recent usage control model (UCON) is a foundation for next-generation access control models with distinguishing properties of decision continuity and attribute mutability. A usage control decision is determined by combining authorizations, obligations, and conditions, presented as UCON ABC core models by Park and Sandhu. Based on these core aspects, we develop a formal model and logical specification of UCON with an extension of Lamport's temporal logic of actions (TLA). The building blocks of this model include: (1) a set of sequences of system states based on the attributes of subjects, objects, and the system, (2) authorization predicates based on subject and object attributes, (3) usage control actions to update attributes and accessing status of a usage process, (4) obligation actions, and (5) condition predicates based on system attributes. A usage control policy is defined as a set of temporal logic formulas that are satisfied as the system state changes. A fixed set of scheme rules is defined to specify general UCON policies with the properties of soundness and completeness. We show the flexibility and expressive capability of this formal model by specifying the core models of UCON and some applications. © 2005 ACM

TOWARDS AUTOMATING POLICY- BASED MANAGEMENT SYSTEMS

The goal of distributed systems management is to provide reliable, secure and efficient utilization of the network, processors and devices that comprise those systems. The management system makes use of management agents to collect events and data from managed objects while policies provide information on how to modify the behaviour of a managed system. Systems as well as policies governing the behaviour of the system and its constituents can change dynamically. The aim of this work is to provide the services and algorithms needed to automatically identify and deploy management entities and be able to respond automatically to both changes to the system itself as well as to changes in the way the system is to be managed, i.e., changes to the set of management policies or sets of management agents. One significant challenge in the use of policy-based management systems is finding efficient mechanisms to address and simplify the gap between expressing and specifying policies and an actual configuration of a management system that realizes and makes use of policies. Little work has been done to define how the monitoring operations are to be configured and updated according to the policies. This Thesis proposes a general architecture for a policy-based management system for distributed systems which allows for expressing and automating the deployment of a wide range of management policies. The proposed solution is based on the matching between the management operations that are carried out by the management agents and the policies. The matching process relies on the attributes that the agents can monitor and the extracted attributes from the components of the policies. One major contribution of this Thesis is to build the policy model and services on existing management services found in commercial management systems. The work of this Thesis also focuses in finding87 strategies for selecting and configuring agents to be used to keep the time of a policy deployment low. The Thesis introduces the Policy-Management Agent Integrated Console (PMagic) prototype. The PMagic prototype has been implemented to provide a practical validation of the policy based management system model proposed. The approach, architecture and prototype have demonstrated that it is possible to create a more autonomic management system, particularly one that can instantiate agents to react to changes in sets of policies