Publications
272 results found
Dulay N, Lupu E, Sloman M, et al., 2001, A policy deployment model for the ponder language, Piscataway, NJ, Integrated network management: 2001 IEEE/IFIP integrated management strategies for the new millennium, Publisher: IEEE, Pages: 529-544
Sloman M, Lobo J, Lupu E, 2001, Policies for distributed systems and networks: international workshop, POLICY 2001, Bristol, UK, January 2001, Publisher: Springer-Verlag, ISBN: 9783540416104
Damianou N, Dulay N, Lupu E, et al., 2001, The Ponder policy specification language, Berlin, International workshop on policies for distributed systems and networks (POLICY 2001), Hewlett-Packard Lab, Bristrol, England, Publisher: Springer-Verlag, Pages: 18-38
Corradi A, Montanari R, Lupu E, et al., 2001, Policy controlled mobility, Workshop on software engineering and mobility, Toronto, Ontario, Canada, May 2001
Wang G, Lupu E, Wegmann A, 2001, Proceedings of the 5th IEEE Enterprise Distributed Object Computing Conference, Seattle, USA, September 2001, Publisher: IEEE CS Press
Sloman M, Lobo J, Lupu E, 2001, Policies for distributed systems and networks: international workshop, POLICY 2001, Bristol, UK, January 2001, Publisher: Springer-Verlag, ISBN: 9783540416104
Damianou N, Dulay N, Lupu EC, et al., 2000, Ponder: A Language for Specifying Security and Management Policies for Distributed Systems, The Language Specification - Version 2.2, Imperial College, Department of Computing
Damianou N, Dulay N, Lupu EC, et al., 2000, Ponder: An Object-oriented Language for Specifying Security and Management Policies, 10th Workshop for PhD Students in Object-Oriented Systems (PhDOOS'2000), Sophia Antipolis, France
Damianou N, Dulay N, Lupu EC, et al., 2000, Managing Security in Object-Based Systems Using Ponder, 6th EUNICE Open European Summer School, Enschede, The Netherlands
Dulay N, Lupu EC, Sloman MS, et al., 2000, Towards a Runtime Object Model for the Ponder Policy Language, 7th Workshop of the Open View University Association (OVUA 2000), Santorini, Greece
Dulay N, Lupu EC, Sloman MS, et al., 2000, Towards a Runtime Object Model for the Ponder Policy Language, 7th Workshop of the Open View University Association (OVUA 2000), Santorini, Greece
Damianou N, Dulay N, Lupu EC, et al., 2000, Ponder: A Language for Specifying Security and Management Policies for Distributed Systems, The Language Specification - Version 2.2, Imperial College, Department of Computing, Publisher: Imperial College, Department of Computing
Lupu E, Sloman M, Dulay N, et al., 2000, Ponder: Realising enterprise viewpoint concepts, 4th International Conference on Enterprise Distributed Object Computing (EDOC 2000), Pages: 66-75
This paper introduces the Ponder language for specifying distributed object enterprise concepts. Ponder, is a declarative language, which permits the specification of policies in terms of obligations, permissions and prohibitions and provides the means for defining roles, relationships and their configurations in nested communities. Ponder provides a concrete representation of most of the concepts of the Enterprise Viewpoint. The design of the language incorporates lessons dl awn from sever al yeats of research on policy for security and distributed systems management as well as policy conflict analysis. The various language constructs are presented through a scenario for the operation, administration and maintenance of a mobile telecommunication network.
Lupu EC, Dulay N, Damianou N, et al., 2000, Structuring Devolved Responsibilities in Network and Systems Management, Networking and Information Systems Journal, Vol: 3, Pages: 261-277
Damianou N, Dulay N, Lupu EC, et al., 2000, Managing Security in Object-Based Systems Using Ponder, 6th EUNICE Open European Summer School, Enschede, The Netherlands
Corradi A, Montanari R, Stefanelli C, et al., 2000, Flexible Access Control for Java Mobile Code, 16th Annual Computer Security Applications Conference (ACSAC2000), New Orleans USA
Lupu EC, Sloman MS, 1999, Conflicts in Policy-based Distributed Systems Management, IEEE Trans.on Software Engineering, Vol: 25, Pages: 852-869, ISSN: 0098-5589
Modem distributed systems contain a large number of objects and must be capable of evolving, without shutting down the complete system, to cater for changing requirements. There is a need for distributed, automated management agents whose behavior also has to dynamically change to reflect the evolution of the system being managed. Policies are a means of specifying and influencing management behavior within a distributed system, without coding the behavior into the manager agents. Our approach is aimed at specifying implementable policies, although policies may be initially specified at the organizational level (c.f. goals) and then refined to implementable actions. We are concerned with two types of policies. Authorization policies specify what activities a manager is permitted or forbidden to do to a set of target objects and are similar to security access-control policies. Obligation policies specify what activities a manager must or must not do to a set of target objects and essentially define the duties of a manager. Conflicts can arise in the set of policies. For example, an obligation policy may define an activity which is forbidden by a negative authorization policy; there may be two authorization policies which permit and forbid an activity or two policies permitting the same manager to sign checks and approve payments may conflict with an external principle of separation of duties. Conflicts may also arise during the refinement process between the high-level goals and the implementable policies. The system may have to cater for conflicts such as exceptions to normal authorization policies. This paper reviews policy conflicts, focusing on the problems of conflict detection and resolution. We discuss the Various precedence relationships that can be established between policies in order to allow inconsistent policies to coexist within the system and present a conflict analysis tool which forms part of a role-based management framework. Software development an
Sloman M, Mazumdar S, Lupu EC, 1999, Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management, Publisher: IEEE
, 1999, 1999 IEEE/IFIP International Symposium on Integrated Network Management, IM 1999, Boston, USA, May 24-28, 1999. Proceedings, Publisher: IEEE
Lupu EC, Sloman MS, Milosevic Z, 1999, Use of Roles and Policies for Specifying and Managing a Virtual Enterprise, 9th International Workshop on Research Issues on Data Engineering: Information Technology for Virtual Enterprises(RIDE - VE '99)
Sloman MS, Lupu EC, 1999, Policy Specification for Programmable Networks, Proceedings of First International Working Conference on Active Networks (IWAN'99), Berlin, Publisher: Springer Verlag, Pages: 73-84
Eisenbach S, Meidl K, Rizkallah H, et al., 1999, Can Corba save a fringe language from becoming obsolete?, DAIS'99 Second IFIP WG 6.1 International Working Conference on Distributed Applications and Interoperable Systems, Helsinki
Moffett JD, Lupu EC, 1999, The uses of role hierarchies in access control, 4th ACM Workshop on Role-Based Access Control, Publisher: ASSOC COMPUTING MACHINERY, Pages: 153-160
- Author Web Link
- Cite
- Citations: 21
Lupu E, Sloman M, 1997, Conflict analysis for management policies, 5th IFIP/IEEE International Symposium on Integrated Network Management (IM'97), Publisher: Chapman-Hall, Pages: 430-443
Policies are a means of influencing management behaviour within a distributed system, without coding the behaviour into the managers. Authorisation policies specify what activities a manager is permitted or forbidden to do to a set of target objects and obligation policies specify what activities a manager must or must not do to a set of target objects. Conflicts can arise in the set of policies. For example an obligation policy may define an activity which is forbidden by a negative authorisation policy; there may be two authorisation policies which permit and forbid an activity or two policies permitting the same manager to sign cheques and approve payments may conflict with an external principle of separation of duties. This paper reviews the policy conflicts which may arise in a large-scale distributed system and describes a conflict analysis tool which forms part of a Role Based Management framework. Management policies are specified with regard to domains of objects and conflicts potentially arise when there are overlaps between domains. It is not desirable or possible to prevent overlaps and they do not always result in conflicts. We discuss the various techniques which can be used to determine which conflicts are important and so should be indicated to the user and which potential conflicts should be ignored because of precedence relationships between the policies. This reduces the set of potential conflicts that a user would have to resolve and avoids undesired changes of the policy specification or domain membership.
Lupu E, Sloman M, 1997, A policy based role object model, 1st International Enterprise Distributed Object Computing Workshop (EDOC 97), Publisher: IEEE, COMPUTER SOC PRESS, Pages: 36-47
Enterprise roles define the duties and responsibilities of the individuals which are assigned to them. This paper introduces a framework for the management of large distributed systems which makes use of the concepts developed in role theory. Our concept of a role groups the specifications of management policies which define the rights and dirties corresponding to that role. Individuals may then be assigned to or withdrawn from a role, to enable rapid and flexible organisational change, without altering the specification of the policies. We extend this role concept to include relationships as means of specifying required interactions, duties and rights between related roles. Organisations may contain large numbers of similar roles with multiple relationships between them, so there is a need for reuse of specifications. Role and relationship classes permit multiple instantiation and inheritance is Eased for incremental extension of the organisational structure with minimal specification effort. We also briefly examine consistency and auditing issues related to this role framework.
Sloman M, Lupu E, 1997, Towards a Role-based Framework for Distributed Systems Management, Journal of Network and Systems Management, Vol: 5, Pages: 5-30, ISSN: 1064-7570
Lupu EC, Sloman MS, 1997, Reconciling role based management and role based access control, RBAC '97 Second Role Based Control Workshop, George Mason University, Virginia, Pages: 135-141
Lupu EC, Sloman MS, Yialelis N, 1997, Policy based roles for distributed systems security, HP-Openview University Association (HP-OVUA) Plenary Workshop (Madrid)
Yialelis N, Lupu EC, Sloman MS, 1996, Role Based Security for Distributed Object Systems, IEEE Fifth Workshops on Enabling Technologies : Infrastructure for Collaborative Enterprises, Stanford University
Yialelis N, Lupu EC, Sloman MS, 1996, Role Based Security for Distributed Object Systems, IEEE Fifth Workshops on Enabling Technologies : Infrastructure for Collaborative Enterprises, Stanford University
This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.