Policy based roles for distributed systems security

Distributed systems are increasingly being used in commercial environments necessitating the development of trustworthy and reliable security mechanisms. There is often no clear informal or formal specification of enterprise authorisation policies and no tools to translate policy specifications to access control implementation mechanisms such as capabilities or Access Control Lists. It is thus difficult to analyse the policy to detect conflicts or flaws and it is difficult to verify that the implementation corresponds to the policy specification. We present in this paper a framework for the specification of management policies. We are concerned with two types of policies: obligations which specify what activities a manager or agent must or must not perform on a set of target objects and authorisations which specify what activities a subject (manager or agent) can or can not perform on the set of target objects. Management policies are then grouped into roles reflecting the organisation..

Self-managed cells and their federation

Future e-Health systems will consist of low-power, on-body wireless sensors attached to mobile users that interact with a ubiquitous computing environment. This kind of system needs to be able to configure itself with little or no user input; more importantly, it is required to adapt autonomously to changes such as user movement, device failure, the addition or loss of services, and proximity to other such systems. This extended abstract describes the basic architecture of a Self-Managed Cell (SMC) to address these requirements, and discusses various forms of federation between/among SMCs. This structure is motivated by a typical e-Health scenario

Adaptive self-management of teams of autonomous vehicles

Unmanned Autonomous Vehicles (UAVs) are increasingly deployed for missions that are deemed dangerous or impractical to perform by humans in many military and disaster scenarios. Collaborating UAVs in a team form a Self- Managed Cell (SMC) with at least one commander. UAVs in an SMC may need to operate independently or in sub- groups, out of contact with the commander and the rest of the team in order to perform specific tasks, but must still be able to eventually synchronise state information. The SMC must also cope with intermittent and permanent communication failures as well permanent UAV failures. This paper describes a failure management scheme that copes with both communication link and UAV failures, which may result in temporary disjoint sub-networks within the SMC. A communication management protocol is proposed to control UAVs performing disconnected individual operations, while maintaining the SMCs structure by trying to ensure that all members of the mission regardless of destination or task, can communicate by moving UAVs to act as relays or by allowing the UAVs to rendezvous at intermittent intervals. Copyright 2008 ACM.Accepted versio

Role-based security for distributed object systems

This paper describes a security architecture designed to support role-based access control for distributed object systems in a large-scale, multi-organisational enterprise in which domains are used to group objects for specifying security policies. We use the concept of a role to define access control related to a position within an organisation although our role framework caters for the specification of both authorisation and obligation policies. Access control and authentication is implemented using security agents on a per host basis to achieve a high degree of transparency to the application level. Cascaded delegation of access rights is also supported. The domain based authentication service uses symmetric cryptography and is implemented by replicated servers which maintain minimal state

Ponder: A Language for Specifying Security and Management Policies for Distributed Systems

Working Pape

Ponder: Realising enterprise viewpoint concepts

This paper introduces the Ponder language for speciing distributed object enterprise concepts. Ponder, is a declarative language, which permits the specification of policies in terms of obligations, permissions and prohibitions and provides the means for defining roles, relationships and their configurations in nested communities. Ponder provides a concrete representation of most of the concepts of the Enterprise Viewpoint. The design of the language incorporates lessons drawn from several years of research on policy for security and distributed systems management as well as policy conflict analysis. The various language constructs are presented through a scenario for the operation, administration and maintenance of a mobile telecommunication network

Ponder2: A Policy System for Autonomous Pervasive Environments

Accepted versio

The game and its role in the recovery of students with special education requirements

In the first part of the article, the main concepts from the specialized literature are defined: learning difficulties, speech disorders, special education requirements, game. This report aims to demonstrate the effects of intervention through game on students with special educational needs. It starts from the assumption that pupils with SEN who will participate in the training through playing will get better results in the recovery process. A case study is presented to that end. The results showed that intervention through game favoured motricity, the development of responsive participation in language development, and fostering the development of oral communication, mathematical skills, motivation for learning and development rules. The objective of future research is to verify the game effects in the cognitive and non-cognitive development at a larger number of students with special needs

Policy-based management for body-sensor networks

Accepted versio