Imperial College London

Professor Emil Lupu

Faculty of EngineeringDepartment of Computing

Professor of Computer Systems
 
 
 
//

Contact

 

e.c.lupu Website

 
 
//

Location

 

564Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Publication Type
Year
to

237 results found

Corradi A, Montanari R, Lupu E, Stefanelli Cet al., 2001, Policy controlled mobility, Workshop on software engineering and mobility, Toronto, Ontario, Canada, May 2001

Conference paper

Wang G, Lupu E, Wegmann A, 2001, Proceedings of the 5th IEEE Enterprise Distributed Object Computing Conference, Seattle, USA, September 2001, Publisher: IEEE CS Press

Book

Damianou N, Dulay N, Lupu EC, Sloman MSet al., 2000, Ponder: An Object-oriented Language for Specifying Security and Management Policies, 10th Workshop for PhD Students in Object-Oriented Systems (PhDOOS'2000), Sophia Antipolis, France

Conference paper

Lupu E, Sloman M, Dulay N, Damianou Net al., 2000, Ponder: Realising enterprise viewpoint concepts, 4th International Conference on Enterprise Distributed Object Computing (EDOC 2000), Pages: 66-75

This paper introduces the Ponder language for specifying distributed object enterprise concepts. Ponder, is a declarative language, which permits the specification of policies in terms of obligations, permissions and prohibitions and provides the means for defining roles, relationships and their configurations in nested communities. Ponder provides a concrete representation of most of the concepts of the Enterprise Viewpoint. The design of the language incorporates lessons dl awn from sever al yeats of research on policy for security and distributed systems management as well as policy conflict analysis. The various language constructs are presented through a scenario for the operation, administration and maintenance of a mobile telecommunication network.

Conference paper

Damianou N, Dulay N, Lupu EC, Sloman MSet al., 2000, Ponder: A Language for Specifying Security and Management Policies for Distributed Systems, The Language Specification - Version 2.2, Imperial College, Department of Computing, Publisher: Imperial College, Department of Computing

Report

Dulay N, Lupu EC, Sloman MS, Damianou Net al., 2000, Towards a Runtime Object Model for the Ponder Policy Language, 7th Workshop of the Open View University Association (OVUA 2000), Santorini, Greece

Conference paper

Damianou N, Dulay N, Lupu EC, Sloman MSet al., 2000, Managing Security in Object-Based Systems Using Ponder, 6th EUNICE Open European Summer School, Enschede, The Netherlands

Conference paper

Damianou N, Dulay N, Lupu EC, Sloman MSet al., 2000, Managing Security in Object-Based Systems Using Ponder, 6th EUNICE Open European Summer School, Enschede, The Netherlands

Conference paper

Lupu EC, Dulay N, Damianou N, Sloman MSet al., 2000, Structuring Devolved Responsibilities in Network and Systems Management, Networking and Information Systems Journal, Vol: 3, Pages: 261-277

Journal article

Damianou N, Dulay N, Lupu EC, Sloman MSet al., 2000, Ponder: A Language for Specifying Security and Management Policies for Distributed Systems, The Language Specification - Version 2.2, Imperial College, Department of Computing

Report

Corradi A, Montanari R, Stefanelli C, Lupu EC, Sloman MSet al., 2000, Flexible Access Control for Java Mobile Code, 16th Annual Computer Security Applications Conference (ACSAC2000), New Orleans USA

Conference paper

Dulay N, Lupu EC, Sloman MS, Damianou Net al., 2000, Towards a Runtime Object Model for the Ponder Policy Language, 7th Workshop of the Open View University Association (OVUA 2000), Santorini, Greece

Conference paper

Lupu EC, Sloman MS, 1999, Conflicts in Policy-based Distributed Systems Management, IEEE Trans.on Software Engineering, Vol: 25, Pages: 852-869, ISSN: 0098-5589

Modem distributed systems contain a large number of objects and must be capable of evolving, without shutting down the complete system, to cater for changing requirements. There is a need for distributed, automated management agents whose behavior also has to dynamically change to reflect the evolution of the system being managed. Policies are a means of specifying and influencing management behavior within a distributed system, without coding the behavior into the manager agents. Our approach is aimed at specifying implementable policies, although policies may be initially specified at the organizational level (c.f. goals) and then refined to implementable actions. We are concerned with two types of policies. Authorization policies specify what activities a manager is permitted or forbidden to do to a set of target objects and are similar to security access-control policies. Obligation policies specify what activities a manager must or must not do to a set of target objects and essentially define the duties of a manager. Conflicts can arise in the set of policies. For example, an obligation policy may define an activity which is forbidden by a negative authorization policy; there may be two authorization policies which permit and forbid an activity or two policies permitting the same manager to sign checks and approve payments may conflict with an external principle of separation of duties. Conflicts may also arise during the refinement process between the high-level goals and the implementable policies. The system may have to cater for conflicts such as exceptions to normal authorization policies. This paper reviews policy conflicts, focusing on the problems of conflict detection and resolution. We discuss the Various precedence relationships that can be established between policies in order to allow inconsistent policies to coexist within the system and present a conflict analysis tool which forms part of a role-based management framework. Software development an

Journal article

Moffett JD, Lupu EC, 1999, The uses of role hierarchies in access control, 4th ACM Workshop on Role-Based Access Control, Publisher: ASSOC COMPUTING MACHINERY, Pages: 153-160

Conference paper

Sloman M, Mazumdar S, Lupu EC, 1999, Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management, Publisher: IEEE

Book

Lupu EC, Sloman MS, Milosevic Z, 1999, Use of Roles and Policies for Specifying and Managing a Virtual Enterprise, 9th International Workshop on Research Issues on Data Engineering: Information Technology for Virtual Enterprises(RIDE - VE '99)

Conference paper

, 1999, 1999 IEEE/IFIP International Symposium on Integrated Network Management, IM 1999, Boston, USA, May 24-28, 1999. Proceedings, Publisher: IEEE

Conference paper

Sloman MS, Lupu EC, 1999, Policy Specification for Programmable Networks, Proceedings of First International Working Conference on Active Networks (IWAN'99), Berlin, Publisher: Springer Verlag, Pages: 73-84

Conference paper

Eisenbach S, Meidl K, Rizkallah H, Lupu ECet al., 1999, Can Corba save a fringe language from becoming obsolete?, DAIS'99 Second IFIP WG 6.1 International Working Conference on Distributed Applications and Interoperable Systems, Helsinki

Conference paper

Lupu E, Sloman M, 1997, Conflict analysis for management policies, 5th IFIP/IEEE International Symposium on Integrated Network Management (IM'97), Publisher: Chapman-Hall, Pages: 430-443

Policies are a means of influencing management behaviour within a distributed system, without coding the behaviour into the managers. Authorisation policies specify what activities a manager is permitted or forbidden to do to a set of target objects and obligation policies specify what activities a manager must or must not do to a set of target objects. Conflicts can arise in the set of policies. For example an obligation policy may define an activity which is forbidden by a negative authorisation policy; there may be two authorisation policies which permit and forbid an activity or two policies permitting the same manager to sign cheques and approve payments may conflict with an external principle of separation of duties. This paper reviews the policy conflicts which may arise in a large-scale distributed system and describes a conflict analysis tool which forms part of a Role Based Management framework. Management policies are specified with regard to domains of objects and conflicts potentially arise when there are overlaps between domains. It is not desirable or possible to prevent overlaps and they do not always result in conflicts. We discuss the various techniques which can be used to determine which conflicts are important and so should be indicated to the user and which potential conflicts should be ignored because of precedence relationships between the policies. This reduces the set of potential conflicts that a user would have to resolve and avoids undesired changes of the policy specification or domain membership.

Conference paper

Lupu EC, Sloman MS, Yialelis N, 1997, Policy based roles for distributed systems security, HP-Openview University Association (HP-OVUA) Plenary Workshop (Madrid)

Conference paper

Lupu EC, Sloman MS, 1997, Reconciling role based management and role based access control, RBAC '97 Second Role Based Control Workshop, George Mason University, Virginia, Pages: 135-141

Conference paper

Sloman M, Lupu E, 1997, Towards a Role-based Framework for Distributed Systems Management, Journal of Network and Systems Management, Vol: 5, Pages: 5-30, ISSN: 1064-7570

Journal article

Lupu E, Sloman M, 1997, A policy based role object model, 1st International Enterprise Distributed Object Computing Workshop (EDOC 97), Publisher: IEEE, COMPUTER SOC PRESS, Pages: 36-47

Enterprise roles define the duties and responsibilities of the individuals which are assigned to them. This paper introduces a framework for the management of large distributed systems which makes use of the concepts developed in role theory. Our concept of a role groups the specifications of management policies which define the rights and dirties corresponding to that role. Individuals may then be assigned to or withdrawn from a role, to enable rapid and flexible organisational change, without altering the specification of the policies. We extend this role concept to include relationships as means of specifying required interactions, duties and rights between related roles. Organisations may contain large numbers of similar roles with multiple relationships between them, so there is a need for reuse of specifications. Role and relationship classes permit multiple instantiation and inheritance is Eased for incremental extension of the organisational structure with minimal specification effort. We also briefly examine consistency and auditing issues related to this role framework.

Conference paper

Yialelis N, Lupu EC, Sloman MS, 1996, Role Based Security for Distributed Object Systems, IEEE Fifth Workshops on Enabling Technologies : Infrastructure for Collaborative Enterprises, Stanford University

Conference paper

Yialelis N, Lupu EC, Sloman MS, 1996, Role Based Security for Distributed Object Systems, IEEE Fifth Workshops on Enabling Technologies : Infrastructure for Collaborative Enterprises, Stanford University

Conference paper

Lupu EC, Sloman MS, Yialelis N, 1995, A Policy Based Role Framework for Access Control, First ACM/NIST Role Based Access Control Workshop (USA), Publisher: ACM Press

Conference paper

This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.

Request URL: http://wlsprd.imperial.ac.uk:80/respub/WEB-INF/jsp/search-html.jsp Request URI: /respub/WEB-INF/jsp/search-html.jsp Query String: id=00155030&limit=30&person=true&page=8&amp%3bid=00155030&amp%3brespub-action=search.html&amp%3bperson=true&respub-action=search.html&amp%3bpage=5