Publications
272 results found
Lymberopoulos L, Lupu E, Sloman M, 2004, PONDER policy implementation and validation in a CIM and differentiated services framework, New York, 9th IEEE/IFIP network operations and management symposium (NOMS 2004), Seoul, South Korea, Publisher: IEEE, Pages: 31-44
Lymberopoulos L, Lupu E, Sloman M, 2004, PONDER policy implementation and validation in a CIM and differentiated services framework, New York, 9th IEEE/IFIP network operations and management symposium (NOMS 2004), Seoul, South Korea, Publisher: IEEE, Pages: 31-44
Lymberopoulos L, Lupu E, Sloman M, 2003, An adaptive policy-based framework for network services management, Journal of Network and Systems Management, Vol: 11, Pages: 277-303, ISSN: 1064-7570
Lymberopoulos L, Sloman M, Lupu EC, 2003, Using CIM to realize policy validation within the ponder framework, DMTF global management conference, San-Jose, California
Bandara AK, Lupu EC, Russo A, 2003, Using event calculus to formalise policy speciflcation and analysis, Los Alamitos, 4th IEEE international workshop on policies for distributed systems and networks, Lake Como, Italy, 2003, Publisher: IEEE Computer Soc, Pages: 26-39
Lymberopoulos LA, Sloman M, Lupu EC, 2003, Using CIM to realize policy validation within the ponder framework (Prize winning paper in the Academic Alliance Competition), DMTF global management conference
The validation of policy is necessary to ensure that it will lead to a feasible implementation for the environment. This requires checking that the policy is consistent with the functional or resource constraints within the target environment. For example, do the policies assume functionality or specific operations, which do not exist in the target routers, or bandwidth in excess of the capacity of the data links? The objective is to support static checking, where possible, prior to deployment in order to detect invalid policies at design time. However there are some policies related to resource allocation that depend on the current state of the system, and require policy constraints that must be checked at execution time. In this paper, we will discuss how CIM can be used within the Ponder Policy Framework to validate network policies that apply to a Differentiated Services (DiffServ) domain against the capabilities of the individual network elements that comprise the DiffServ domain.
Lee TK, Yusuf S, Luk W, et al., 2003, Compiling policy descriptions into reconfigurable firewall processors, Los Alamitos, 11th annual IEEE symposium on field-programmable custom computing machines (FCCM 2003), Napa, California, Publisher: IEEE Computer Soc, Pages: 39-48
Lee TK, Yusuf S, Luk W, et al., 2003, Irregular reconfigurable CAM structures for firewall applications, Berlin, 13th international conference on field-programmable logic and applications (FPL 2003), Lisbon, Portugal, Publisher: Springer-Verlag, Pages: 890-899
Lee TK, Yusuf S, Luk W, et al., 2003, Compiling policy descriptions into reconfigurable firewall processors, Los Alamitos, 11th annual IEEE symposium on field-programmable custom computing machines (FCCM 2003), Napa, California, Publisher: IEEE Computer Soc, Pages: 39-48
Lupu E, Dulay N, Damianou N, et al., 2003, Structuring devolved responsibility in network and systems management, Multimedia management, Editors: Neuman de Souza, Agoulmine, Neuman de Souza, Agoulmine, Publisher: Kogan Page Science, Pages: 34-49, ISBN: 9781903996232
Lymberopoulos L, Lupu E, Sloman M, 2003, An adaptive policy-based framework for network services management, Journal of Network and Systems Management, Vol: 11, Pages: 277-303, ISSN: 1064-7570
Lee TK, Yusuf S, Luk W, et al., 2003, Irregular reconfigurable CAM structures for firewall applications, Berlin, 13th international conference on field-programmable logic and applications (FPL 2003), Lisbon, Portugal, Publisher: Springer-Verlag, Pages: 890-899
Pandya D, Jain R, Lupu E, 2003, Indoor location estimation using multiple wireless technologies, Beijing, 14th IEEE international symposium on personal, indoor and mobile radio communications, Publisher: Publishing House Electronics Industry, Pages: 2208-2212
Lee TK, Yusuf S, Luk W, et al., 2003, Irregular reconfigurable CAM structures for firewall applications, Berlin, 13th international conference on field-programmable logic and applications (FPL 2003), Lisbon, Portugal, Publisher: Springer-Verlag, Pages: 890-899
Lee TK, Yusuf S, Luk W, et al., 2002, Development framework for firewall processors, New York, IEEE international conference on field-programmable technology (FPT), Chinese University of Hong Kong, New Territories, Peoples Republic of China, 2002, Publisher: IEEE, Pages: 352-355
High-performance firewalls can benefit from the increasing size, speed and flexibility of advanced reconfigurable hardware. However direct translation of conventional firewall rules in a router-based rule set often leads to inefficient hardware implementation. Moreover, such lowlevel description of firewall rules tends to be difficult to manage and to extend. We describe a framework, based on the high-level policy specification language Ponder for capturing firewall rules as authorization policies with user-definable constraints. Our framework supports optimisations to achieve efficient utilisation of hardware resources. A pipelined firewall implementation developed using this approach running at 10 MHz is capable of processing 2.5 million packets per second, which provides similar performance to a version without optimisation and is about 50 times faster than a software implementation running on a 700 MHz PIII processor.
Keoh SL, Lupu E, 2002, Towards flexible credential verification in mobile ad-hoc Networks, International workshop on principles of mobile computing; POMC'02, Publisher: ACM, Pages: 58-65
Sloman M, Lupu E, 2002, Security and management policy specification, IEEE NETWORK, Vol: 16, Pages: 10-19, ISSN: 0890-8044
Policies are rules governing the choices in behavior of a system. They are increasingly being used as a means of implementing flexible and adaptive systems for management of Internet services, networks, and security systems. There is also a need for a common specification of security policy for large-scale multi-organizational systems where access control is implemented in a variety of heterogeneous components. In this article we survey both security and management policy specification approaches, concentrating on practical systems in which the policy specification can be directly translated into an implementation.
Ganesarajah D, Lupu E, 2002, Workflow-based composition of web-services: a business model or a programming paradigm?, Los Alamitos, 6th international enterprise distributed object computing, Lausanne, Switzerland, 2002, Publisher: IEEE Computer Soc, Pages: 273-284
Dulay N, Damianou N, Lupu E, et al., 2002, A policy language for the management of distributed agents, Berlin, Agent-oriented software engineering, AOSE 2001, Publisher: Springer, Pages: 84-100, ISSN: 0302-9743
Damianou N, Dulay N, Lupu E, et al., 2002, Tools for domain-based policy management of distributed systems, New York, 8th IEEE/IFIP Network Operations and Management Symposium (NOMS 2002), Publisher: IEEE, Pages: 203-217
The management of policies In large-scale systems is complex because of the potentially large number of policies and administrators, as well as the diverse types of information that need to be managed. Appropriate tool support is essential to make management practical and feasible. In this paper we present the implementation of an integrated toolkit for the specification, deployment and management of policies specified in the PONDER language. PONDER policies provide a powerful framework for managing distributed systems which includes explicit domain-based subject and target specifications as well as a flexible life-cycle and deployment model. Domains, Implemented using LDAP directories, are used for storing policies and grouping resources, people, and the entities which implement policy, thus facilitating the automated dissemination of policy information. The toolkit presented in this paper comprises: a policy compiler, used to generate implementation code for heterogeneous management and security platforms, a hyperbolic tree viewer for efficient manipulation of the domain structure and effective navigation across the domains, and various tools for deploying and managing the policy life-cycle.
Lymberopoulos L, Lupu E, Sloman M, 2002, An adaptive policy based management framework for differentiated services networks, Los Alamitos, 3rd international workshop on policies for distributed systems and networks, Monterery, California, 2002, Publisher: IEEE Computer Soc, Pages: 147-158
Lymberopoulos L, Lupu E, Sloman M, 2002, An adaptive policy based management framework for differentiated services networks, Los Alamitos, 3rd international workshop on policies for distributed systems and networks, Monterery, California, 2002, Publisher: IEEE Computer Soc, Pages: 147-158
Lee TK, Yusuf S, Luk W, et al., 2002, Compiling policy descriptions into reconfigurable firewall processors, IEEE conference on field programmable technology, (FPT 02), Hong Kong, December 2002
Lupu E, Mazumdar S, Stadler R, 2001, Selected topics in network and systems management, COMPUTER NETWORKS-THE INTERNATIONAL JOURNAL OF COMPUTER AND TELECOMMUNICATIONS NETWORKING, Vol: 35, Pages: 1-4, ISSN: 1389-1286
, 2001, Policies for Distributed Systems and Networks, International Workshop, POLICY 2001 Bristol, UK, January 29-31, 2001, Proceedings, Publisher: Springer
Dulay N, Lupu E, Sloman M, et al., 2001, A policy deployment model for the ponder language, Piscataway, NJ, Integrated network management: 2001 IEEE/IFIP integrated management strategies for the new millennium, Publisher: IEEE, Pages: 529-544
Dulay N, Lupu E, Sloman M, et al., 2001, A policy deployment model for the ponder language, Piscataway, NJ, Integrated network management: 2001 IEEE/IFIP integrated management strategies for the new millennium, Publisher: IEEE, Pages: 529-544
Damianou N, Dulay N, Lupu E, et al., 2001, The Ponder policy specification language, Berlin, International workshop on policies for distributed systems and networks (POLICY 2001), Hewlett-Packard Lab, Bristrol, England, Publisher: Springer-Verlag, Pages: 18-38
The Ponder language provides a common means of specifying security policies that map onto various access control implementation mechanisms for firewalls, operating systems, databases and Java. It supports obligation policies that are event triggered condition-action rules for policy based management of networks and distributed systems, Ponder can also be used for security management activities such as registration of users or logging and auditing events for dealing with access to critical resources or security violations. Key concepts of the language include roles to group policies relating to a position in an organisation, relationships to define interactions between roles and management structures to define a configuration of roles and relationships pertaining to an organisational unit such as a department. These reusable composite policy specifications cater for the complexity of large enterprise information systems. Ponder is declarative, strongly-typed and object-oriented which makes the language flexible, extensible and adaptable to a wide range of management requirements.
This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.