The Zodiac Policy Subsystem: A Policy-Based Management System for a High-Security MANET

Zodiac (Zero Outage Dynamic Intrinsically Assurable Communities) is an implementation of a high-security MANET, resistant to multiple types of attacks, including Byzantine faults. The Zodiac architecture poses a set of unique system security, performance, and usability requirements to its policy-based management system (PBMS). In this paper, we identify theses requirements, and present the design and implementation of the Zodiac Policy Subsystem (ZPS), which allows administrators to securely specify, distribute and evaluate network control and system security policies to customize ZODIAC behaviors. ZPS uses the Keynote language for specifying all authorization policies. We also present a simple extension of the Keynote language to support obligation policies

Modelling and Simulation of Aggregation Nets

In large-scale service monitoring, automated dynamic (re)distribution of running monitoring applications is likely to push the limits of scalability. In the aggregation nets approach, we associate each partition of a distributed application with an autonomous agent capable of relocating the partition fully or partially, or modifying it to accommodate the dynamics of its local environment. Coordinated agent behaviour is to result in maintaining acceptable performance for the whole application. Aggregation nets is a typical Grid application that relies on the availability of distributed computing power and a network sensing infrastructure that provides information for agent decision-making. In order to evaluate our approach, we emulate aggregation nets on top the physical network simulator, Berkeley ns. This paper describes our model of aggregation nets, and its implementation. 1

On Automated Policy Generation for Mobile Ad Hoc Networks

In this paper we describe an approach to the problem of automated policy generation for mobile ad hoc networks. The automated policy generation problem is difficult in its own right. It becomes even more challenging when the context environment to consider is a mobile ad hoc network. We have designed an optimization-based, utility-driven approach aimed at generating optimal policies with respect to the given network objectives. The main novelty of this approach is in the combination of optimization heuristics and network simulation to solve the problem. We describe this approach, present the software architecture of our implementation, and illustrate the approach with a case study on automated generation of DiffServ-based QoS policies for a 50-node mobile ad hoc network. 1