Policy Management across Multiple Platforms and Application Domains

One of the challenges of building a policy management framework is making it flexible enough to handle differences in both policy semantics and enforcement strategies across multiple platforms and application domains. The system must be expressive enough in each application domain to provide the richness needed for interesting policies. It must also provide a simple and flexible enforcement mechanism for adaptation to a variety of systems. In this paper we discuss the application of the KAoS policy services framework to human-robot teamwork—an application that involves a variety of application domains and enforcement at different levels of control; from low level network resource control to high level organizational constraints and coordination management. The study culminated in an outdoor field exercise that required coordination of mixed sub teams composed of two people and five robots whose task was to find and apprehend an intruder on a Navy pier. 1

Translating Role-Based Access Control Policy within Context

The motivation for this work derives from a study undertaken with a view to providing ubiquitous access to Electronic Health Records (EHRs) held within the National Health Service in England. Any implementation must guarantee con dentiality. In October 1999 the Cambridge Computer Laboratory's Opera group joined a consortium within the Eastern Regional Health Authority to propose an experimental architecture which included role-based access control (RBAC). Specifying a policy for role-based access has two aspects: first, the conditions for entering each role must be established; secondly, the access privileges associated with each role must be defined. Access control policy must implement public policy and its expression must be transparent to computer non-specialists. We have therefore designed and implemented a pseudo-natural language framework sufficient for both of these purposes. Policy statements are translated into first-order logic, with side conditions which are evalu..

Design and implementation of a secure wide-area object middleware

Tanenbaum, A.S. [Promotor]Crispo, C.B. [Copromotor