Policy based roles for distributed systems security

Distributed systems are increasingly being used in commercial environments necessitating the development of trustworthy and reliable security mechanisms. There is often no clear informal or formal specification of enterprise authorisation policies and no tools to translate policy specifications to access control implementation mechanisms such as capabilities or Access Control Lists. It is thus difficult to analyse the policy to detect conflicts or flaws and it is difficult to verify that the implementation corresponds to the policy specification. We present in this paper a framework for the specification of management policies. We are concerned with two types of policies: obligations which specify what activities a manager or agent must or must not perform on a set of target objects and authorisations which specify what activities a subject (manager or agent) can or can not perform on the set of target objects. Management policies are then grouped into roles reflecting the organisation..

Semantic-based policy engineering for autonomic systems

This paper presents some important directions in the use of ontology-based semantics in achieving the vision of Autonomic Communications. We examine the requirements of Autonomic Communication with a focus on the demanding needs of ubiquitous computing environments, with an emphasis on the requirements shared with Autonomic Computing. We observe that ontologies provide a strong mechanism for addressing the heterogeneity in user task requirements, managed resources, services and context. We then present two complimentary approaches that exploit ontology-based knowledge in support of autonomic communications: service-oriented models for policy engineering and dynamic semantic queries using content-based networks. The paper concludes with a discussion of the major research challenges such approaches raise

The Ponder Policy Specification Language

The Ponder language provides a common means of specifying security policies that map onto various access control implementation mechanisms for firewalls, operating systems, databases and Java. It supports obligation policies that are event triggered conditionaction rules for policy based management of networks and distributed systems. Ponder can also be used for security management activities such as registration of users or logging and auditing events for dealing with access to critical resources or security violations. Key concepts of the language include roles to group policies relating to a position in an organisation, relationships to define interactions between roles and management structures to define a configuration of roles and relationships pertaining to an organisational unit such as a department. These reusable composite policy specifications cater for the complexity of large enterprise information systems. Ponder is declarative, stronglytyped and object-oriented which makes the language flexible, extensible and adaptable to a wide range of management requirements

Policies: Giving users control over calls

Features provide extensions to a basic service, but in new systems users require much greater flexibility oriented towards their needs. Traditional features do not easily allow for this. We propose policies as the features of the future. Policies can be defined by the end-user, and allow for the use of rich context information when controlling calls. This paper discusses an architecture to allow for policy definition and call control by policies and describes the operation of a system based on this architecture. One aspect is policy definition, the APPEL policy description language that serves this purpose. An important aspect of the architecture is integral feature interaction handling. It is in this last aspect that we foresee a role for agents, and hope that this paper will stimulate some collaboration between the two mostly distinct research areas of feature interaction and agent technologies

Prospects for Characterizing the Haziest Sub-Neptune Exoplanets with High-resolution Spectroscopy

Observations to characterize planets larger than Earth but smaller than Neptune have led to largely inconclusive interpretations at low spectral resolution due to hazes or clouds that obscure molecular features in their spectra. However, here we show that high-resolution spectroscopy (R ~ 25,000–100,000) enables one to probe the regions in these atmospheres above the clouds where the cores of the strongest spectral lines are formed. We present models of transmission spectra for a suite of GJ 1214b–like planets with thick photochemical hazes covering 1–5 μm at a range of resolutions relevant to current and future ground-based spectrographs. Furthermore, we compare the utility of the cross-correlation function that is typically used with a more formal likelihood-based approach, finding that only the likelihood-based method is sensitive to the presence of haze opacity. We calculate the signal-to-noise ratio (S/N) of these spectra, including telluric contamination, Required to robustly detect a host of molecules such as CO, CO2, H2O, and CH4 and photochemical products like HCN as a function of wavelength range and spectral resolution. Spectra in the M band require the lowest S/Nres to detect multiple molecules simultaneously. CH4 is only observable for the coolest models (T eff = 412 K) and only in the L band. We quantitatively assess how these requirements compare to what is achievable with current and future instruments, demonstrating that characterization of small cool worlds with ground-based high-resolution spectroscopy is well within reach