Publications
201 results found
Schaeffer-Filho A, Lupu EC, Sloman MS, 2015, Federating Policy-Driven Autonomous Systems: Interaction Specification and Management Patterns, Journal of Network and Systems Management, Vol: 23, Pages: 753-793
Ubiquitous systems and applications involve interactions between multiple autonomous entities—for example, robots in a mobile ad-hoc network collaborating to achieve a goal, communications between teams of emergency workers involved in disaster relief operations or interactions between patients’ and healthcare workers’ mobile devices. We have previously proposed the Self-Managed Cell (SMC) as an architectural pattern for managing autonomous ubiquitous systems that comprise both hardware and software components and that implement policy-based adaptation strategies. We have also shown how basic management interactions between autonomous SMCs can be realised through exchanges of notifications and policies, to effectively program management and context-aware adaptations. We present here how autonomous SMCs can be composed and federated into complex structures through the systematic composition of interaction patterns. By composing simpler abstractions as building blocks of more complex interactions it is possible to leverage commonalities across the structural, control and communication views to manage a broad variety of composite autonomous systems including peer-to-peer collaborations, federations and aggregations with varying degrees of devolution of control. Although the approach is more broadly applicable, we focus on systems where declarative policies are used to specify adaptation and on context-aware ubiquitous systems that present some degree of autonomy in the physical world, such as body sensor networks and autonomous vehicles. Finally, we present a formalisation of our model that allows a rigorous verification of the properties satisfied by the SMC interactions before policies are deployed in physical devices.
Marinovic S, Dulay N, Sloman MS, 2014, Rumpole - An Introspective Break-glass Access Control Language, ACM Transactions on Information and System Security
Access control policies define what resources can be accessed by which subjects and under which conditions. It is, however, often not possible to anticipate all subjects that should be permitted access and the conditions under which they should be permitted. For example, predicting and correctly encoding all emergency and exceptional situations is impractical. Traditional access control models simply deny all requests that are not permitted, and in doing so may cause unpredictable and unacceptable consequences. To overcome this issue, break-glass access control models permit a subject to override an access control denial, if he accepts a set of obligatory actions and certain override conditions are met. Existing break-glass models are limited in how the override decision is specified. They either grant overrides for a pre-defined set of exceptional situations, or they grant unlimited overrides to selected subjects, and as such they suffer from the difficulty of correctly encoding and predicting all override situations and permissions. To address this, we develop Rumpole, a novel break-glass language that explicitly represents and infers knowledge gaps and knowledge conflicts about the subject’s attributes and the contextual conditions, such as emergencies. For example, a Rumpole policy can distinguish whether or not it is known that an emergency holds. This leads to a more informed decision for an override request, whereas current break-glass languages simply assume that there is no emergency if the evidence for it is missing. To formally define Rumpole, we construct a novel many- valued logic programming language called Beagle. It has a simple syntax similar to that of Datalog, and its semantics is an extension of Fitting’s bilattice-based semantics for logic programs. Beagle is a knowledge non-monotonic langauge, and as such is strictly more expressive than current many-valued logic program- ming languages.
Pediaditakis D, Gopalan A, Dulay N, et al., 2012, Home network management policies: Putting the user in the loop, Pages: 9-16
Home networks are becoming increasingly complex but existing management solutions are not simple to use since they are not tailored to the needs of typical home-users. In this paper we present a new approach to home network management that allows users to formulate quite sophisticated "comic-strip" policies using an attractive iPad application. The policies are based on the management wishes of home users elicited in a user study. Comic-strip policies are passed to a Policy engine running on a new Home Network Router designed to facilitate a variety of management tasks. We illustrate our approach via a number end-to-end experiments in an actual home deployment, using our prototype implementation. © 2012 IEEE.
- Abstract
- Open Access Link
- Cite
- Citations: 4
Asmare E, Gopalan A, Sloman M, et al., 2012, Self-Management Framework for Mobile Autonomous Systems, Journal of Network and Systems Management, Vol: 20, Pages: 244-275
The advent of mobile and ubiquitous systems has enabled the de- velopment of autonomous systems such as wireless-sensors for environmental data collection and teams of collaborating Unmanned Autonomous Vehicles (UAVs) used in missions unsuitable for humans. However, with these range of new application-domains come a new challenge – enabling self-management in mobile autonomous systems. Autonomous systems have to be able to manage themselves individually as well as to form self-managing teams which are able to recover or adapt to failures, protect themselves from attacks and optimise performance.This paper proposes a novel distributed policy-based framework that en- ables autonomous systems of varying scale to perform self-management indi- vidually and as a team. The framework allows missions to be specified in terms of roles in an adaptable and reusable way, enables dynamic and secure team formation with a utility-based approach for optimal role assignment, caters for communication link maintenance amongst team-members and recovery from failure. Adaptive management is achieved by employing a policy-based archi- tecture to enable dynamic modification of the management strategy relating to resources, role behaviour, communications and team management, without interrupting the basic software within the system.Evaluation of the framework shows that it is scalable with respect to the number of roles, and consequently the number of autonomous systems par- ticipating in the mission. It is also shown to be optimal with respect to role assignments, and robust to intermittent communication link disconnections and permanent team-member failures.
Pediaditakis D, Gopalan A, Dulay N, et al., 2012, A Configuration Service for Home Networks, IEEE Network Operations and Management Symposium (NOMS 2012): Mini-Conference, Pages: 1048-1053
Bourdenas T, Tei K, Honiden S, et al., 2011, Autonomic role and mission allocation framework for wireless sensor networks, Pages: 61-70
Pervasive applications incorporate physical components that are exposed to everyday use and a large number of conditions and external factors that can lead to faults and failures. It is also possible that application requirements change during deployment and the network needs to adapt to a new context. Consequently, pervasive systems must be capable to autonomically adapt to changing conditions without involving users becoming a transparent asset in the environment. In this paper, we present an autonomic mechanism for initial task assignment in sensor networks, an NP-hard problem. We also study on-line adaptation of the original deployment which considers real-time metrics for maximising utility and lifetime of applications and smooth service degradation in the face of component failures. © 2011 IEEE.
- Abstract
- Open Access Link
- Cite
- Citations: 3
Craven, Lobo J, Lupu E, et al., 2011, Policy Refinement: Decomposition and Operationalization for Dynamic Domains, 7th IEEE Int. Conference on Network and Service Management (CNSM 2011), Publisher: IEEE
We describe a method for policy refinement. The refinement process involves stages of decomposition, operational- ization, deployment and re-refinement, and operates on policies expressed in a logical language flexible enough to be translated into many different enforceable policy dialects. We illustrate with examples from a coalition scenario, and describe how the stages of decomposition and operationaliztion work internally, and fit together in an interleaved fashion. Domains are represented in a logical formalization of UML diagrams. Both authorization and obligation policies are supported
Bourdenas T, Wood D, Zerfos P, et al., 2011, Self-adaptive Routing in Multi-hop Sensor Networks, 7th IEEE Int. Conference on Network and Service Management (CNSM 2011), Publisher: IEEE, Pages: 1-9
Sensor networks are used for applications in monitoringharsh environments including reconnaissance and surveillanceof areas that may be inaccessible to humans. Such applicationsdepend on reliable collection, distribution and delivery ofinformation to processing centres which may involve multi-hopwireless networks which experience disruptions in communicationand exhibit packet drops, connectivity loss and congestion.Some of these faults are periodic, attributed to external, recurringfactors. In this paper, we study an effective way to forecastsuch repetitive conditions using time-series analysis. We, further,present an application-level, autonomic routing service thatadapts sensor readings routes to avoid areas in which failures orcongestion are expected. A prototype system of the approach isdeveloped based on an existing middleware solution for sensornetwork management. Simulation results on the performance ofthis approach are also presented
Sventek J, Koliousis A, Sharma O, et al., 2011, An information plane architecture supporting home network management, Pages: 1-8
Home networks have evolved to become small-scale versions of enterprise networks. The tools for visualizing and managing such networks are primitive and continue to require networked systems expertise on the part of the home user. As a result, non-expert home users must manually manage non-obvious aspects of the network - e.g., MAC address filtering, network masks, and firewall rules, using these primitive tools. The Homework information plane architecture uses stream database concepts to generate derived events from streams of raw events. This supports a variety of visualization and monitoring techniques, and also enables construction of a closed-loop, policy-based management system. This paper describes the information plane architecture and its associated policy-based management infrastructure. Exemplar visualization and closed-loop management applications enabled by the resulting system (tuned to the skills of non-expert home users) are discussed. © 2011 IEEE.
- Abstract
- Open Access Link
- Cite
- Citations: 23
Gopalan A, Karavanis S, Payne T, et al., 2011, Smartphone Based E-Learning, 3rd Int. Conference on Computer Supported Education (CSEDU 2011), Publisher: SciTePress, Pages: 1-12
Children often attend schools intermittently in rural areas in Africa and India due to socio-economic conditions which make pupils augment their family income by working. An e-Learning solution could aid in raising the level of education by making it easier for children to fit schoolwork into the day, acting as a complement to when they are able to attend school. Traditional distance learning solutions based on computers are not suitable due to lack of infrastructure support. In this paper, we evaluate both text and voice based smartphone prototype environments which could provide the tools and services for pupils to download educational content, interact with teachers as well as other pupils to discuss topics. These have been implemented as a proof-of- concept and the initial evaluation feedback, although not from target users, was very promising. We intend to re-implement the prototype and do a proper evaluation with rural-area school children.
Lobo J, Ma J, Russo A, et al., 2011, Refinement of History-Based Policies., Editors: Balduccini, Son, Publisher: Springer, Pages: 280-299, ISBN: 978-3-642-20831-7
We propose an efficient method to evaluate a large class of history-based policies written as logic programs. To achieve this, we dy- namically compute, from a given policy set, a finite subset of the history required and sufficient to evaluate the policies. We maintain this history by monitoring rules and transform the policies into a non history-based form. We further formally prove that evaluating history-based policies can be reduced to an equivalent, but more efficient, evaluation of the non history-based policies together with the monitoring rules.
Bourdenas T, Bergamaschi F, Wood D, et al., 2011, Forecasting Routes and Self-adaptation in Multi-hop Wireless Sensor Networks, Conference on Ground/Air Multisensor Interoperability, Integration, and Networking for Persistent ISR II, Publisher: SPIE-INT SOC OPTICAL ENGINEERING, ISSN: 0277-786X
Craven R, Lobo J, Lupu EC, et al., 2010, Decomposition techniques for policy refinement., 6th Int. Conference on Network and Service Management, Publisher: IEEE, Pages: 72-79
The automation of policy refinement, whilst promis- ing great benefits for policy-based management, has hitherto received relatively little treatment in the literature, with few concrete approaches emerging. In this paper we present initial steps towards a framework for automated distributed policy refinement for both obligation and authorization policies. We present examples drawn from military scenarios, describe details of our formalism and methods for action decomposition, and discuss directions for future research.
Bourdenas T, Sloman M, 2010, Self-healing in Wireless Sensor Networks, Pervasive 2010 Doctoral Colloquium
The development of small wireless sensors and smart-phones, which include various sound, video, motion and location sensors, has facilitated new pervasive applications such as healthcare, buidling and environmental monitoring or animal tracking. Devices may not be easily accessed for maintenance and users may be non-technical, thus, the systems need to be self-managing and self-healing with respect to faults and errors. In this thesis we investigate models and mechanisms for detection and recovery from faults and propose an adaptation framework to facilitate their deployment and maintenance.
Bourdenas T, Sloman M, 2010, Starfish: Policy Driven Self-management in Wireless Sensor Networks, ACM ICSE 5th Workshop on Software Engineering for Adaptive and Self-Managing Systems (SEAMS), Publisher: Association for Computing Machinery
The development of small wireless sensors and smart-phones, which include various sound, video, motion and location sensors, has facilitated new pervasive applications such as healthcare, buidling and environmental monitoring or animal tracking. Devices may not be easily accessed for maintenance and users may be non-technical, thus, the systems need to be self-managing and self-healing with respect to faults and errors. In this thesis we investigate models and mechanisms for detection and recovery from faults and propose an adaptation framework to facilitate their deployment and maintenance.
Schaeffer A, Lupu EC, Sloman M, 2010, Policies to Enable Secure Dynamic Community Establishment, Network Science for Military Coalition Operations: Information Exchange and Interaction, Editors: Verma, Publisher: Information Science Reference, Pages: 121-145, ISBN: 9781615208555
Many coalition operations require the establishment of secure communities across the different networks that make up a coalition network. These communities are formed dynamically in order to achieve the goals of a specific mission, and frequently consist of mobile entities interconnected into a mobile ad-hoc network. Technologies are needed to create these communities, and manage their operations. In this chapter, the authors show how a framework for self-managed cells can be extended to provide this capability for coalition operations.
Calo S, Karat J, Lobo J, et al., 2010, Policy Technologies for Security Management in Coalition Networks, Network Science for Military Coalition Operations: Information Exchange and Interaction, Publisher: Information Science Reference, Pages: 146-173, ISBN: 978-1-61520-855-5
Wishart R, Corapi D, Marinovic S, et al., 2010, Collaborative Privacy Policy Authoring in a Social Networking Context., IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY), Publisher: IEEE Computer Society, Pages: 1-8
Marinovic S, Twidle KP, Dulay N, et al., 2010, Teleo-Reactive policies for managing human-centric pervasive services., 6th IEEE Int. Conference on Network and Service Management, Publisher: IEEE, Pages: 80-87
Bourdenas T, Sloman M, Lupu EC, 2010, Self-healing for Pervasive Computing Systems, Architecting Dependable Systems VII, Editors: Lemos, Casimiro, Gacek, Publisher: Springer, Pages: 1-25
The development of small wireless sensors and smart-phones have facilitated new pervasive applications. These pervasive systems are expected to perform in a broad set of environments with different capa- bilities and resources. Application requirements may change dynamically requiring flexible adaptation. Sensing faults appear during their lifetime and as users are not expected to have technical skills, the system needs to be self-managing. We discuss the Self-Managed Cell as an architectural paradigm and describe some fundamental components to address dis- tributed management of sensing faults as well as adaptation for wireless sensor nodes.
, 2010, Architecting Dependable Systems VII, Publisher: Springer Berlin Heidelberg, ISBN: 9783642172441
Wishart R, Corapi D, Madhavapeddy A, et al., 2010, Privacy Butler: A personal privacy rights manager for online presence., 8th IEEE International Conference on Pervasive Computing and Communications (PerCom Workshop), Publisher: IEEE, Pages: 672-677
The online presence projected by a person is com- prised of all the information about them available on the Internet. In online communities and social networking services, it is often possible for third-parties to modify this content by, for example, commenting on existing content or uploading new content. This has the potential to negatively impact the privacy of a presence owner (the person referred to by the on-line content) by disclosing information about them without consent. In this paper we propose a Privacy Butler, an automated service that can monitor a person’s online presence and attempt to make corrections based on policies specified by the owner of the online presence
Sloman M, Lupu EC, 2009, Engineering Policy-Based Ubiquitous Systems, The Computer Journal, ISSN: 1460-2067
Accepted for publication
Thing V, Sloman M, Dulay N, 2009, Locating Network Domain Entry and Exit point/path for DDoS Attack Traffic, IEEE Transactions on Network and Service Management, Vol: 6, Pages: 163-174, ISSN: 1932-4537
A method to determine entry and exit points or paths of DDoS attack traffic flows into and out of network domains is proposed. We observe valid source addresses seen by routers from sampled traffic under non-attack conditions. Under attack conditions, we detect route anomalies by determining which routers have been used for unknown source addresses, to construct the attack paths. We consider deployment issues and show results from simulations to prove the feasibility of our scheme. We then implement our Traceback mechanism in C++ and more realistic experiments are conducted. The experiments show that accurate results, with high traceback speed of a few seconds, are achieved. Compared to existing techniques, our approach is non-intrusive, not requiring any changes to the Internet routers and data packets. Precise information regarding the attack is not required allowing a wide variety of DDoS attack detection techniques to be used. The victim is also relieved from the traceback task during an attack. The scheme is simple and efficient, allowing for a fast traceback, and scalable due to the distribution of processing workload.
Zhu Y, Keoh S, Sloman M, et al., 2009, A Lightweight Policy System for Body Sensor Networks, IEEE Transactions on Network and Service Management, Vol: 6, Pages: 137-148, ISSN: 1932-4537
Body sensor networks (BSNs) for healthcare have more stringent security and context adaptation requirements than required in large-scale sensor networks for environment monitoring. Policy-based management enables flexible adaptive behavior by supporting dynamic loading, enabling and disabling of policies without shutting down nodes. This overcomes many of the limitations of sensor operating systems, such as TinyOS, which do not support dynamic modification of code. Alterna- tive schemes for adaptation, such as network programming, have a high communication cost and suffer from operational interruption. In addition, a policy-driven approach enables fine- grained access control through specifying authorization policies. This paper presents the design, implementation and evaluation of an efficient policy system called Finger which enables policy interpretation and enforcement on distributed sensors to support sensor level adaptation and fine-grained access control. It features support for dynamic management of policies, minimization of resources usage, high responsiveness and node autonomy. The policy system is integrated as a TinyOS component, exposing simple, well-defined interfaces which can easily be used by application developers. The system performance in terms of processing latency and resource usage is evaluated.
Schaeffer Filho A, Lupu E, Sloman M, et al., 2009, Verification of Policy-based Self-Managed Cell Interactions Using Alloy, IEEE International Symposium on Policies for Distributed Systems and Networks (Policy), Publisher: IEEE, Pages: 37-40
Self-Managed Cells (SMCs) define an infrastructure for building ubiquitous computing applications. An SMC consists of an autonomous administrative domain based on a policy-driven feedback control-loop. SMCs are able to interact with each other and compose with other SMCs to form larger autonomous components. In this paper we present a formal specification of an SMC's behaviour for the analysis and verification of its operation in collaborations of SMCs. These collaborations typically involve SMCs originated from different administrative authorities, and the definition of a formal model has helped us to verify the correctness of their operation when SMCs are composed or federated.
Thing V, Sloman M, Dulay N, 2009, Adaptive response system for distributed denial-of-service attacks, IFIP/IEEE International Symposium on Integrated Network Management, IM 2009, Publisher: IEEE, Pages: 809-814
Twidle K, Lupu E, Sloman M, et al., 2009, Ponder2: A Policy System for Autonomous Pervasive Environments, The Fifth International Conference on Autonomic and Autonomous Systems, Publisher: IEEE
Policies form an important part of management and can be an effective means of implementing self-adaptation in pervasive systems. Most policy-based systems focus on large-scale networks and distributed systems. Consequently, they are often fragmented, dependent on infrastructure and lacking flexibility and extensibility. This paper presents Pon- der2, a novel policy system that is suitable for a wide range of environments and applications. The design and implementation of Ponder2 emphasises simplicity, flexibil- ity and extensibility and provides users with the ability to interact easily with the managed system. Ponder2 can interact with other software and hardware components and is being used in environments ranging from single devices, to personal area networks, ad-hoc networks and distributed systems. We also describe PonderTalk, a high-level object orientated language inspired by Smalltalk for configuring and controlling Ponder2 systems.
Zhu Y, Sloman M, Lupu EC, et al., 2009, Vesta: A Secure and Autonomic System for Pervasive Healthcare, 3rd International Conference on Pervasive Computing Technologies for Healthcare (Pervasive Health 09), Publisher: ICST, Pages: 1-8
The proliferation of low-power wireless communications and handheld devices has facilitated the development of pervasive systems for healthcare applications. This paper describes a body sensor network comprising a personal controller, various biosensors and actuators for pervasive healthcare. Various physiological parameters such as heart rate or blood oxygen level can be continuously monitored. The growing complexity of such systems, however, poses challenges for system management and security. In this paper we present a secure autonomic body sensor network called Vesta which makes use of the extensible architecture pattern of a self managed cell (SMC). A policy-driven management paradigm supports adaptability to contextual changes by applying event-condition-action rules. Fine-grained access control of the system is realized through authorization policies. Experimental evaluation shows that it is viable and practical for real-world pervasive healthcare.
Schaeffer Filho A, Lupu E, Sloman M, 2009, Realising Management and Composition of Self-Managed Cells in Pervasive Healthcare, 3rd International Conference on Pervasive Computing Technologies for Healthcare (PervasiveHealth), Publisher: IEEE, Pages: 1-8
Research in pervasive and autonomic computing focuses on supporting services for pervasive applications, but often ignores how such applications can be realised through the federation of autonomous entities. In this paper we propose a methodology for designing collaborations between autonomous components, using the Self-Managed Cell (SMC) framework. We focus on the structural, task-allocation and communication aspects of management interactions between SMCs. We propose a catalogue of architectural styles for SMC interactions, and a model for combining architectural styles in patterns of interactions that can be enforced by different SMCs in large collaborations. This allows us to specify the management of large-scale systems by composing management functions using architectural styles as building block abstractions. A scenario for a health monitoring application involving a number of SMCs is used throughout the paper to illustrate how complex structures can be thus built.
This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.