Publications
201 results found
Lymberopoulos LA, Sloman M, Lupu EC, 2003, Using CIM to realize policy validation within the ponder framework (Prize winning paper in the Academic Alliance Competition), DMTF global management conference
The validation of policy is necessary to ensure that it will lead to a feasible implementation for the environment. This requires checking that the policy is consistent with the functional or resource constraints within the target environment. For example, do the policies assume functionality or specific operations, which do not exist in the target routers, or bandwidth in excess of the capacity of the data links? The objective is to support static checking, where possible, prior to deployment in order to detect invalid policies at design time. However there are some policies related to resource allocation that depend on the current state of the system, and require policy constraints that must be checked at execution time. In this paper, we will discuss how CIM can be used within the Ponder Policy Framework to validate network policies that apply to a Differentiated Services (DiffServ) domain against the capabilities of the individual network elements that comprise the DiffServ domain.
Grandison T, Sloman M, 2003, Trust management tools for internet applications, Berlin, 1st international conference on trust management, Iraklion, Greece, 2003, Publisher: Springer-Verlag, Pages: 91-107
Lee TK, Yusuf S, Luk W, et al., 2003, Compiling policy descriptions into reconfigurable firewall processors, Los Alamitos, 11th annual IEEE symposium on field-programmable custom computing machines (FCCM 2003), Napa, California, Publisher: IEEE Computer Soc, Pages: 39-48
Lupu E, Dulay N, Damianou N, et al., 2003, Structuring devolved responsibility in network and systems management, Multimedia management, Editors: Neuman de Souza, Agoulmine, Neuman de Souza, Agoulmine, Publisher: Kogan Page Science, Pages: 34-49, ISBN: 9781903996232
Chen MS, Chrysanthis PK, Sloman M, et al., 2003, Mobile data management: 4th international conference, MDM 2003, Melbourne, Australia, 21 - 24 January 2003, London, Publisher: Springer, ISBN: 9783540003939
Chalmers D, Sloman M, Dulay N, 2003, Contextual mediation enables appropriate data selection, ERCIM News, Vol: 54, Pages: 15-16
Grandison T, Sloman M, 2003, Specifying and Analysing Trust for Internet Applications, Towards the Knowledge Society, Publisher: Springer US, Pages: 145-157, ISBN: 9781475768619
Lee TK, Yusuf S, Luk W, et al., 2003, Irregular reconfigurable CAM structures for firewall applications, Berlin, 13th international conference on field-programmable logic and applications (FPL 2003), Lisbon, Portugal, Publisher: Springer-Verlag, Pages: 890-899
Lee TK, Yusuf S, Luk W, et al., 2002, Development framework for firewall processors, New York, IEEE international conference on field-programmable technology (FPT), Chinese University of Hong Kong, New Territories, Peoples Republic of China, 2002, Publisher: IEEE, Pages: 352-355
High-performance firewalls can benefit from the increasing size, speed and flexibility of advanced reconfigurable hardware. However direct translation of conventional firewall rules in a router-based rule set often leads to inefficient hardware implementation. Moreover, such lowlevel description of firewall rules tends to be difficult to manage and to extend. We describe a framework, based on the high-level policy specification language Ponder for capturing firewall rules as authorization policies with user-definable constraints. Our framework supports optimisations to achieve efficient utilisation of hardware resources. A pipelined firewall implementation developed using this approach running at 10 MHz is capable of processing 2.5 million packets per second, which provides similar performance to a version without optimisation and is about 50 times faster than a software implementation running on a 700 MHz PIII processor.
Sloman M, Lupu E, 2002, Security and management policy specification, IEEE NETWORK, Vol: 16, Pages: 10-19, ISSN: 0890-8044
Policies are rules governing the choices in behavior of a system. They are increasingly being used as a means of implementing flexible and adaptive systems for management of Internet services, networks, and security systems. There is also a need for a common specification of security policy for large-scale multi-organizational systems where access control is implemented in a variety of heterogeneous components. In this article we survey both security and management policy specification approaches, concentrating on practical systems in which the policy specification can be directly translated into an implementation.
Grandison T, Sloman M, 2002, Specifying and analysing trust for Internet applications, Norwell, 2nd IFIP conference on e-commerce, e-business, e-government (13E 2002), Lisbon, Portugal, Publisher: Kluwer Academic Publishers, Pages: 145-157
Damianou N, Dulay N, Lupu E, et al., 2002, Tools for domain-based policy management of distributed systems, New York, 8th IEEE/IFIP Network Operations and Management Symposium (NOMS 2002), Publisher: IEEE, Pages: 203-217
The management of policies In large-scale systems is complex because of the potentially large number of policies and administrators, as well as the diverse types of information that need to be managed. Appropriate tool support is essential to make management practical and feasible. In this paper we present the implementation of an integrated toolkit for the specification, deployment and management of policies specified in the PONDER language. PONDER policies provide a powerful framework for managing distributed systems which includes explicit domain-based subject and target specifications as well as a flexible life-cycle and deployment model. Domains, Implemented using LDAP directories, are used for storing policies and grouping resources, people, and the entities which implement policy, thus facilitating the automated dissemination of policy information. The toolkit presented in this paper comprises: a policy compiler, used to generate implementation code for heterogeneous management and security platforms, a hyperbolic tree viewer for efficient manipulation of the domain structure and effective navigation across the domains, and various tools for deploying and managing the policy life-cycle.
Krishnakumar KT, Sloman M, 2002, Constraint based network adaptation for ubiquitous applications, Los Alamitos, 6th international enterprise distributed object computing, Lausanne, Switzerland, 2002, Publisher: IEEE Computer Soc, Pages: 258-269
Dulay N, Damianou N, Lupu E, et al., 2002, A policy language for the management of distributed agents, Berlin, Agent-oriented software engineering, AOSE 2001, Publisher: Springer, Pages: 84-100, ISSN: 0302-9743
Lymberopoulos L, Lupu E, Sloman M, 2002, An adaptive policy based management framework for differentiated services networks, Los Alamitos, 3rd international workshop on policies for distributed systems and networks, Monterery, California, 2002, Publisher: IEEE Computer Soc, Pages: 147-158
Chalmers D, Sloman M, Dulay N, 2001, Map adaptation for mobile systems, 10th international world-wide conference (WWW10), Hong Kong, May 2001
Krishnakumar KT, Sloman M, 2001, Constraint-based configuration of proxylets for programmable networks, Interactive distributed multimedia systems, Publisher: Springer, Pages: 245-256, ISSN: 0302-9743
Dulay N, Lupu E, Sloman M, et al., 2001, A policy deployment model for the ponder language, Piscataway, NJ, Integrated network management: 2001 IEEE/IFIP integrated management strategies for the new millennium, Publisher: IEEE, Pages: 529-544
Damianou N, Dulay N, Lupu E, et al., 2001, The Ponder policy specification language, Berlin, International workshop on policies for distributed systems and networks (POLICY 2001), Hewlett-Packard Lab, Bristrol, England, Publisher: Springer-Verlag, Pages: 18-38
The Ponder language provides a common means of specifying security policies that map onto various access control implementation mechanisms for firewalls, operating systems, databases and Java. It supports obligation policies that are event triggered condition-action rules for policy based management of networks and distributed systems, Ponder can also be used for security management activities such as registration of users or logging and auditing events for dealing with access to critical resources or security violations. Key concepts of the language include roles to group policies relating to a position in an organisation, relationships to define interactions between roles and management structures to define a configuration of roles and relationships pertaining to an organisational unit such as a department. These reusable composite policy specifications cater for the complexity of large enterprise information systems. Ponder is declarative, strongly-typed and object-oriented which makes the language flexible, extensible and adaptable to a wide range of management requirements.
Chalmers D, Sloman M, Dulay N, 2001, Map adaptation for users of mobile systems., 10th international world-wide conference (WWW10), Pages: 735-744
Sloman M, Lobo J, Lupu E, 2001, Policies for distributed systems and networks: international workshop, POLICY 2001, Bristol, UK, January 2001, Publisher: Springer-Verlag, ISBN: 9783540416104
Corradi A, Dulay N, Montanari R, et al., 2001, Policy-driven management of agent systems, Berlin, International workshop on policies for distributed systems and networks (POLICY 2001), Hewlett-Packard Lab, Bristrol, England, Publisher: Springer-Verlag, Pages: 214-229
Chalmers D, Dulay N, Sloman M, 2001, Context-based specifications for data mediation to support mobile systems, CaberNet workshop, Pisa, October 2001
Corradi A, Dulay N, Montanari R, et al., 2001, Policy-driven management of agent systems, Berlin, International workshop on policies for distributed systems and networks (POLICY 2001), Hewlett-Packard Lab, Bristrol, England, Publisher: Springer-Verlag, Pages: 214-229
Damianou N, Dulay N, Lupu E, et al., 2000, Ponder: a language for specifying security and management policies for distributed systems, Departmental Technical Report: 2000/1, Publisher: Department of Computing, Imperial College London
This document defines a declarative, object-oriented language for specifying policies for the security and management of distributed systems. The language includes constructs for specifying the following basic policy types: authorisation policies that define permitted actions; event-triggered obligation policies that define actions to be performed by manager agents; refrain policies that define actions that subjects must refrain from performing; and delegation policies that define what authorisations can be delegated and to whom.Filtered actions extend authorisations and allow the transformation of input or output parameters to be defined. Constraints specify limitations on the applicability of policies while meta-policies define semantic constraints on permitted policies. Policy groups define a scope for related policies to which a common set of constraints can apply. Roles define a group of policies relating to positions within an organisation. Relationships define a group of policies pertaining to the interactions between a set of roles. Management structures define a configuration of role instances as well as the relationships between them.This document defines the grammar for the various types of policies in EBNF and provides simple examples of the constructs.
Lupu E, Sloman M, Dulay N, et al., 2000, Ponder: Realising enterprise viewpoint concepts, 4th International Conference on Enterprise Distributed Object Computing (EDOC 2000), Pages: 66-75
This paper introduces the Ponder language for specifying distributed object enterprise concepts. Ponder, is a declarative language, which permits the specification of policies in terms of obligations, permissions and prohibitions and provides the means for defining roles, relationships and their configurations in nested communities. Ponder provides a concrete representation of most of the concepts of the Enterprise Viewpoint. The design of the language incorporates lessons dl awn from sever al yeats of research on policy for security and distributed systems management as well as policy conflict analysis. The various language constructs are presented through a scenario for the operation, administration and maintenance of a mobile telecommunication network.
Dulay N, Lupu EC, Sloman MS, et al., 2000, Towards a Runtime Object Model for the Ponder Policy Language, 7th Workshop of the Open View University Association (OVUA 2000), Santorini, Greece
Damianou N, Dulay N, Lupu EC, et al., 2000, Ponder: A Language for Specifying Security and Management Policies for Distributed Systems, The Language Specification - Version 2.2, Imperial College, Department of Computing, Publisher: Imperial College, Department of Computing
Damianou N, Dulay N, Lupu EC, et al., 2000, Managing Security in Object-Based Systems Using Ponder, 6th EUNICE Open European Summer School, Enschede, The Netherlands
Grandison T, Sloman MS, 2000, A Survey of Trust in Internet Applications, IEEE Communications Surveys and Tutorials, Vol: 3
This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.