Publications
272 results found
Craven R, Lobo J, Lupu E, et al., 2008, A formal framework for policy analysis, Departmental Technical Report: 08/5, Publisher: Department of Computing, Imperial College London, 08/5
We present a formal, logical framework for the representation and analysisof an expressive class of authorization and obligation policies. Basic concepts ofthe language and operational model are given, and details of the representationare defined, with an attention to how different classes of policies can be writtenin our framework. We show how complex dependencies amonst policy rules canbe represented, and illustrate how the formalization of policies is joined to adynamic depiction of system behaviour. Algorithmically, we use a species ofabductive, constraint logic programming to analyse for the holding of a numberof interesting properties of policies (coverage, modality conflict, equivalence ofpolicies, etc.). We describe one implementation of our ideas, and conclude withremarks on related work and future research.
Yusuf S, Luk W, Sloman M, et al., 2008, Reconfigurable architecture for network flow analysis, International Conference on Engineering of Reconfigurable Systems and Algorithms, Pages: 57-65
This paper describes a reconfigurable architecture based on field-programmable gate-array (FPGA) technology for monitoring and analyzing network traffic at increasingly high network data rates. Our approach maps the performance-critical tasks of packet classification and flow monitoring into reconfigurable hardware, such that multiple flows can be processed in parallel. We explore the scalability of our system, showing that it can support flows at multi-gigabit rate; this is faster than most software-based solutions where acceptable data rates are typically no more than 100 million bits per second.
Yusuf S, Luk W, Sloman M, et al., 2008, Reconfigurable architecture for network flow analysis, IEEE Transactions on VLSI System, Vol: 16, Pages: 57-65, ISSN: 1063-8210
Schaeffer-Filho A, Lupu E, Sloman M, et al., 2008, A Role-Based Infrastructure for the Management of Dynamic Communities, Lecture Notes in Computer Science, Publisher: Springer Berlin Heidelberg, Pages: 1-14, ISBN: 9783540705864
Schaeffer A, Lupu E, Sloman M, et al., 2008, A role-based infrastructure for the management of dynamic communities, 2nd International Conference on Autonomous Infrastructure, Management and Security, Pages: 1-14
Twidle K, Lupu E, Dulay N, et al., 2008, Ponder2 - A policy environment for autonomous pervasive systems, IEEE International Workshop on Policies for Distributed Systems and Networks, Publisher: IEEE COMPUTER SOC, Pages: 245-246
- Author Web Link
- Open Access Link
- Cite
- Citations: 33
Zhu YM, Keoh SL, Sloman M, et al., 2008, A Policy System to Support Adaptability and Security on Body Sensors, 5th International Summer School and Symposium on Medical Devices and Biosensors, Pages: 97-100
Barker S, Chadwick D, Crampton J, et al., 2008, Panel session: What are the key challenges in distributed security?, 22nd Annual Conference on Data and Applications Security, Publisher: SPRINGER-VERLAG BERLIN, Pages: 219-221, ISSN: 0302-9743
Zhu YM, Keoh SL, Sloman M, et al., 2008, Finger: An Efficient Policy System for Body Sensor Networks, 5th IEEE International Conference on Mobile Ad-Hoc and Sensor Systems, Publisher: IEEE, Pages: 428-433
Body sensor networks (BSNs) for healthcare put more emphasis on security and adaptation to changes in context and application requirement. Policy-based management enables flexible adaptive behaviour by supporting dynamic loading, enabling and disabling of policies without shutting down nodes. This overcomes many of the limitations of sensor operating systems, such as TinyOS, which do not support dynamic modification of code. Alternative schemes for network adaptation, such as networking programming, suffer from high communication cost and operational interruption. In addition, the policy-driven approach enables fine-grained access control through specifying authorization policies. This paper presents an efficient policy system called Finger which enables policy interpretation and enforcement on distributed sensors to support sensor level adaptation and fine-grained access control. It features support for dynamic management of policies, minimization of resources usage, high responsiveness and node autonomy. The policy system is integrated as a TinyOS component, exposing simple, well-defined interfaces which can easily be used by application developers. The system performance in terms of processing latency and resource usage is evaluated.
Brodie C, George D, Karat C-M, et al., 2008, The Coalition Policy Management Portal for Policy Authoring, Verification, and Deployment., IEEE International Symposium on Policies for Distributed Systems and Networks (Policy 08), Publisher: IEEE Computer Society, Pages: 247-249
Bandara A, Damianou N, Lupu EC, et al., 2007, Policy Based Management, Handbook of Network and System Administration, Editors: Burgess, Bergstra, Publisher: Elsevier, ISBN: 978-0-444-52198-9
This chapter surveys the available specification approaches for security, management, and enterprise collaboration policies. Policies are rules governing the choices in behavior of a system. They are often used as a means of implementing flexible and adaptive systems for management of Internet services, distributed systems, and security systems. There is also a need for a common specification of security policy for large-scale, multi-organizational systems, where access control is implemented in a variety of heterogeneous components. Policy-based approaches to systems management are gaining widespread interest because they allow the separation of the rules that govern the behavioral choices of a system from the functionality provided by that system. This means that it is possible to adapt the behavior of a system without the need to recode any of the underlying functionality; and changes can be applied without the need to stop and restart the system. Such features provide system administrators with the capability to manage systems in a very flexible manner. A common theme across the policy specification notations presented here is that they are focused in a single functional area-routing, access control, or management, not a combination of them. At present, authorizations and event-condition-action rules are the predominant paradigms used in policy-based management, although the latter come in slightly different flavors. Implementation platforms have slowly matured in recent years and increasing work focuses on formal analysis and refinement of policies.
Bandara A, Lobo J, Calo S, et al., 2007, Toward a Formal Characterization of Policy Specification & Analysis, Annual Conference of ITA (ACITA), Pages: 1-9
Heeps S, Sventek J, Dulay N, et al., 2007, Dynamic ontology mapping for interacting autonomous systems, 2nd International Workshop on Self-Organizing Systems, Publisher: Springer, Pages: 255-263
With the emergence of mobile and ubiquitous computing environments, there is a requirement to enable collaborative applications between these environments. As many of these applications have been designed to operate in isolation, making them work together is often complicated by the semantic and ontological differences in the meta-data describing the data to be shared. Typical approaches to overcoming ontological differences require the presence of a third party administrator, an approach incompatible with autonomous systems. This paper presents an approach to automatic ontology mapping suitable for deployment in autonomous, interacting systems for a class of collaborative application. The approach facilitates the collaboration of application-level data collections by identifying areas of ontological conflict and using meta-data values associated with those collections to establish commonality. A music sharing application has been developed to facilitate the sharing of music between peers.
Lupu E, Asmare E, Dulay N, et al., 2007, Towards Self-managing Unmanned Autonomous Vehicles, Systems Engineering for Autonomous Systems Defence Technology Centre Conference, Edinburgh, UK
Schaeffer Filho A, Lupu E, 2007, Abstractions to Support Interactions between Self-Managed Cells, 1st International Conference on Autonomous Infrastructure, Management and Security (AIMS), Publisher: Springer, Pages: 160-163
Management of pervasive systems cannot rely on human intervention nor centralised decision-making functions due to their complex and intrinsically mobile nature. In previous work, we proposed the concept of a self-managed cell (SMC) as an architectural pattern for\r\nbuilding ubiquitous applications. A SMC consists of hardware and software components that form an autonomous administrative domain. SMCs may be realised at different scales, from body-area networks, to an entire room or larger settings. However, to scale to larger systems it is necessary for SMCs to collaborate with each other, to federate or compose in larger SMC structures. We describe here the main abstractions we have defined and explore future directions towards this goal.
Bandara AK, Russo A, Lupu EC, 2007, Towards learning privacy policies, 8th IEEE International Workshop on Policies for Distributed Systems and Networks, Publisher: IEEE COMPUTER SOC, Pages: 274-274
Tuptuk N, Lupu E, 2007, Risk based authorisation for Mobile ad hoc networks, 1st International Conference on Autonomous Infrastructure,, Management and Security, Publisher: SPRINGER-VERLAG BERLIN, Pages: 188-+, ISSN: 0302-9743
- Author Web Link
- Cite
- Citations: 4
Keoh SL, Twidle K, Pryce N, et al., 2007, Policy-based management for body-sensor networks, 4th International Workshop on Wearable and Implantable Body Sensor Networks (BSN 2007), Publisher: SPRINGER, Pages: 92-+, ISSN: 1680-0737
- Author Web Link
- Open Access Link
- Cite
- Citations: 6
Lupu E, Dulay N, Sventek J, et al., 2007, Autonomous pervasive systems and the policy challenges of a small world!, 8th IEEE International Workshop on Policies for Distributed Systems and Networks, Pages: 3-7
Pervasive systems are the subject of intensifying research efforts and their applications range from health monitoring and intelligent homes, to location aware services, unmanned vehicles and city-wide pervasive infrastructures. Although application-specific solutions have been proposed, their design has often raised additional challenges. This paper discusses the use of Autonomous Pervasive Systems as a fertile testbed for policy-based adaptation and for integrating techniques that span across conventional subject boundaries. Additionally, we present the Self- Managed Cell architectural pattern for realizing policy-driven Autonomous Pervasive Systems and discuss the design of the Ponder2 policy service.
Asmare E, Dulay N, Lupu E, et al., 2007, Secure dynamic community establishment in coalitions, IEEE Military Communications Conference (MILCOM 2007), Publisher: IEEE, Pages: 3105-+, ISSN: 2155-7578
Keoh SL, Dulay N, Lupu E, et al., 2007, Self-Managed Cell: A middleware for managing body-sensor networks, 4th Annual International Conference on Mobile and Ubiquitous Systems (MOBIQUITOUS 2007), Publisher: IEEE, Pages: 177-+
Schaeffer A, Lupu E, Dulay N, et al., 2007, Towards supporting interactions between self-managed cells, 1st IEEE International Conference on Self-Adaptive and Self-Organizing Systems (SASO 2007), Publisher: IEEE COMPUTER SOC, Pages: 224-233
Management in pervasive systems cannot rely on human intervention or centralised decision-making functions. It must be devolved, based on local decision-making and feedback control-loops embedded in autonomous components. We have previously proposed the self-managed cell (SMC) as an architectural pattern for building ubiquitous applications, where a SMC consists of hardware and software components that form an autonomous administrative domain. SMCs may be realised at different scales, from. body-area networks for health monitoring, to an entire room or larger distributed settings. However to scale to larger systems, SMCs must collaborate with each other and federate or compose in larger SMC structures. This paper discusses requirements for interactions between SMCs and proposes key abstractions and protocols for realising peer-to-peer and composition interactions. These enable SMCs to exchange data, react to external events and exchange policies that govern their collaboration. Dynamically customisable interfaces are used for encapsulation and interaction mediation. Although the examples used here are based on healthcare scenarios, the principles and abstractions described in the paper are more generally applicable.
Twidle K, Lupu E, 2007, Ponder2 - Policy-based self managed cells, 1st International Conference on Autonomous Infrastructure,, Management and Security, Publisher: SPRINGER-VERLAG BERLIN, Pages: 230-230, ISSN: 0302-9743
- Author Web Link
- Cite
- Citations: 2
Twidle K, Lupu E, Dulay N, et al., 2006, Ponder2: Policy-based Management in Autonomous Ubiquitous Systems
Strowes S, Badr N, Dulay N, et al., 2006, An Event Service Supporting Autonomic Management of Ubiquitous Systems for e-Health, Intl. Workshop on Distributed Event-Based Systems
Asmare EA, Dulay N, Kim H, et al., 2006, Management Architecture and Mission Specification for Unmanned Autonomous Vehicles, Systems Engineering for Autonomous Systems Defence Technology Centre Conference, Edinburgh, UK
Asmare EA, Dulay N, Kim H, et al., 2006, Management Architecture and Mission Specification for Unmanned Autonomous Vehicles, Systems Engineering for Autonomous Systems Defence Technology Centre Conference, Edinburgh, UK
Strowes S, Badr N, Dulay N, et al., 2006, An Event Service Supporting Autonomic Management of Ubiquitous Systems for e-Health, Intl. Workshop on Distributed Event-Based Systems
Bandara A, Lupu EC, Russo A, et al., 2006, Policy Refinement for DiffServ Quality of Service Management (2006), 9th IFIP/IEEE Intl. Symp. on Integrated Management (IM 2005), Publisher: IEEE
Bandara A, Lupu EC, Russo A, et al., 2006, Policy refinement for IP differentiated services Quality of Service management, IEEE Transactions on Network and Service Management, Vol: 3, Pages: 2-13, ISSN: 1932-4537
Policy-based management provides the ability to dynamically re-configure DiffServ networks such that desired Quality of Service (QoS) goals are achieved. This includes network provisioning decisions, performing admission control, and adapting bandwidth allocation dynamically. QoS management aims to satisfy the Service Level Agreements (SLAs) contracted by the provider and therefore QoS policies are derived from SLA specifications and the provider's business goals. This policy refinement is usually performed manually with no means of verifying that the policies written are supported by the network devices and actually achieve the desired QoS goals. Tool support is lacking and policy refinement has rarely been addressed in the literature. This paper extends our previous approach to policy refinement and shows how to apply it to the domain of DiffServ QoS management. We make use of goal elaboration and abductive reasoning to derive strategies that will achieve a given high-level goal. By combining these strategies with events and constraints, we show how policies can be refined, and what tool support can be provided for the refinement process using examples from the QoS management domain. The approach presented here can be used in other application domains such as storage area networks or security management.
This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.