Publications
189 results found
Charalambides M, Flegkas P, Pavlou G, et al., 2005, Policy Conflict Analysis for Quality of Service Management (2005), 6th IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2005)
Bandara A, Lupu EC, Russo A, et al., 2005, Policy Refinement for DiffServ Quality of Service Management (2005), 9th IFIP/IEEE Intl. Symp. on Integrated Management (IM 2005)
Kakas A, Bandara AK, Russo A, et al., 2005, Reasoning techniques for analysis and refinement of policies for service management, Departmental Technical Report: 05/7, Publisher: Department of Computing, Imperial College London, 05/7
The work described in this technical report falls under the general problem of developingmethods that would allow us to engineer software systems that are reliable and would offer acertain acceptable level of quality in their operation. This report shows how the analysis andrefinement of policies for Quality of Service can be carried out within logic by exploiting formsof abductive and argumentative reasoning. In particular, it provides two main contributions. Thefirst is an extension of earlier work on the use of abductive reasoning for automatic policyrefinement by exploiting the use of integrity constraints within abduction and its integration withconstraint solving. This has allowed us to enhance this refinement process in various ways, e.g.supporting parameter values derivation to quantify abstract refinement to specific policies readyto be put in operation, and calculating utility values to determine optimal refined policies. Thesecond contribution is a new approach for modelling and formulating Quality of Service policies,and more general policies for software requirements, as preference policies within logicalframeworks of argumentation. This is shown to be a flexible and declarative approach to theanalysis of such policies through high-level semantic queries of argumentation, demonstratedhere for the particular case of network firewall policies where the logical framework ofargumentation allows us to detect anomalies in the firewalls and facilitates the process of theirresolution. To our knowledge this is the first time that the link between argumentation and thespecification and analysis of requirement policies has been studied.
Yusuf S, Luk W, Sloman M, et al., 2005, A combined hardware-software architecture for network flow analysis, International conference on engineering of reconfigurable Systems and Algorithms, Publisher: C S R e A Press, Pages: 149-155
Dulay N, Lupu E, Sloman M, et al., 2005, Self-managed cells for ubiquitous systems, Berlin, 3rd International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, 25 - 27 September 2005, St.Petersburg, Russia, Publisher: Springer-Verlag, Pages: 1-6
Chalmers D, Dulay N, Sloman M, 2004, Towards reasoning about context in the presence of uncertainty, 1st international workshop on advanced context modelling, reasoning and management, Pages: 1-6
Chalmers D, Dulay N, Sloman M, 2004, A framework for contextual mediation in mobile and ubiquitous computing applied to the context-aware adaptation of maps, Personal and Ubiquitous Computing, Vol: 8, Pages: 1-18, ISSN: 1617-4909
Chalmers D, Dulay N, Sloman M, 2004, Meta data to support context aware mobile applications, Los Alamitos, IEEE international conference on mobile data management, Berkeley, CA, 2004, Publisher: IEEE Computer Soc, Pages: 199-210
Chalmers D, Dulay N, Sloman M, 2004, Meta data to support context aware mobile applications, Los Alamitos, IEEE international conference on mobile data management (MDM'04), Publisher: IEEE Computer Soc, Pages: 199-210
The greater sophistication and availability of mobile computing devices is enabling the application of computing to new tasks and applications to be experienced in a wide range of contexts. To facilitate such applications it is necessary to adapt the applications and the data they display to operate within the limitations of the context of use, take advantage of the strengths of the devices and best support the users in their tasks. A part of the solution to this issue is the description of the data available to the applications.Meta data may describe the structure and properties of information and data. We achieve this by separating the semantic elements of the information from the syntactic variants which realise them in order to form documents.In this paper we describe a new meta data model which can encode this description. We provide example meta data and illustrate how this may lead to better application usability than current simplistic or constrained approaches, through contextual mediation.
Chalmers D, Sloman M, Dulay N, 2003, Contextual mediation enables appropriate data selection, ERCIM News, Vol: 54, Pages: 15-16
Lee TK, Yusuf S, Luk W, et al., 2003, Compiling policy descriptions into reconfigurable firewall processors, Los Alamitos, 11th annual IEEE symposium on field-programmable custom computing machines (FCCM 2003), Napa, California, Publisher: IEEE Computer Soc, Pages: 39-48
Lee TK, Yusuf S, Luk W, et al., 2003, Irregular reconfigurable CAM structures for firewall applications, Berlin, 13th international conference on field-programmable logic and applications (FPL 2003), Lisbon, Portugal, Publisher: Springer-Verlag, Pages: 890-899
Lee TK, Yusuf S, Luk W, et al., 2003, Irregular reconfigurable CAM structures for firewall applications, Berlin, 13th international conference on field-programmable logic and applications (FPL 2003), Lisbon, Portugal, Publisher: Springer-Verlag, Pages: 890-899
Lupu E, Dulay N, Damianou N, et al., 2003, Structuring devolved responsibility in network and systems management, Multimedia management, Editors: Neuman de Souza, Agoulmine, Neuman de Souza, Agoulmine, Publisher: Kogan Page Science, Pages: 34-49, ISBN: 9781903996232
Chalmers D, Sloman M, Dulay N, 2003, Contextual mediation enables appropriate data selection, ERCIM News, Vol: 54, Pages: 15-16
Lee TK, Yusuf S, Luk W, et al., 2003, Irregular reconfigurable CAM structures for firewall applications, Berlin, 13th international conference on field-programmable logic and applications (FPL 2003), Lisbon, Portugal, Publisher: Springer-Verlag, Pages: 890-899
Lee TK, Yusuf S, Luk W, et al., 2002, Development framework for firewall processors, New York, IEEE international conference on field-programmable technology (FPT), Chinese University of Hong Kong, New Territories, Peoples Republic of China, 2002, Publisher: IEEE, Pages: 352-355
High-performance firewalls can benefit from the increasing size, speed and flexibility of advanced reconfigurable hardware. However direct translation of conventional firewall rules in a router-based rule set often leads to inefficient hardware implementation. Moreover, such lowlevel description of firewall rules tends to be difficult to manage and to extend. We describe a framework, based on the high-level policy specification language Ponder for capturing firewall rules as authorization policies with user-definable constraints. Our framework supports optimisations to achieve efficient utilisation of hardware resources. A pipelined firewall implementation developed using this approach running at 10 MHz is capable of processing 2.5 million packets per second, which provides similar performance to a version without optimisation and is about 50 times faster than a software implementation running on a 700 MHz PIII processor.
Dulay N, Damianou N, Lupu E, et al., 2002, A policy language for the management of distributed agents, Berlin, Agent-oriented software engineering, AOSE 2001, Publisher: Springer, Pages: 84-100, ISSN: 0302-9743
Damianou N, Dulay N, Lupu E, et al., 2002, Tools for domain-based policy management of distributed systems, New York, 8th IEEE/IFIP Network Operations and Management Symposium (NOMS 2002), Publisher: IEEE, Pages: 203-217
The management of policies In large-scale systems is complex because of the potentially large number of policies and administrators, as well as the diverse types of information that need to be managed. Appropriate tool support is essential to make management practical and feasible. In this paper we present the implementation of an integrated toolkit for the specification, deployment and management of policies specified in the PONDER language. PONDER policies provide a powerful framework for managing distributed systems which includes explicit domain-based subject and target specifications as well as a flexible life-cycle and deployment model. Domains, Implemented using LDAP directories, are used for storing policies and grouping resources, people, and the entities which implement policy, thus facilitating the automated dissemination of policy information. The toolkit presented in this paper comprises: a policy compiler, used to generate implementation code for heterogeneous management and security platforms, a hyperbolic tree viewer for efficient manipulation of the domain structure and effective navigation across the domains, and various tools for deploying and managing the policy life-cycle.
Montanari R, Stefanelli C, Dulay N, 2001, Flexible security policies for mobile agent systems, MICROPROCESSORS AND MICROSYSTEMS, Vol: 25, Pages: 93-99, ISSN: 0141-9331
- Author Web Link
- Cite
- Citations: 10
Chalmers D, Dulay N, Sloman M, 2001, Context-based specifications for data mediation to support mobile systems, CaberNet workshop, Pisa, October 2001
Chalmers D, Sloman M, Dulay N, 2001, Map adaptation for mobile systems, 10th international world-wide conference (WWW10), Hong Kong, May 2001
Corradi A, Dulay N, Montanari R, et al., 2001, Policy-driven management of agent systems, Berlin, International workshop on policies for distributed systems and networks (POLICY 2001), Hewlett-Packard Lab, Bristrol, England, Publisher: Springer-Verlag, Pages: 214-229
Dulay N, Lupu E, Sloman M, et al., 2001, A policy deployment model for the ponder language, Piscataway, NJ, Integrated network management: 2001 IEEE/IFIP integrated management strategies for the new millennium, Publisher: IEEE, Pages: 529-544
Chalmers D, Sloman M, Dulay N, 2001, Map adaptation for users of mobile systems., 10th international world-wide conference (WWW10), Pages: 735-744
Corradi A, Dulay N, Montanari R, et al., 2001, Policy-driven management of agent systems, Berlin, International workshop on policies for distributed systems and networks (POLICY 2001), Hewlett-Packard Lab, Bristrol, England, Publisher: Springer-Verlag, Pages: 214-229
Dulay N, Lupu E, Sloman M, et al., 2001, A policy deployment model for the ponder language, Piscataway, NJ, Integrated network management: 2001 IEEE/IFIP integrated management strategies for the new millennium, Publisher: IEEE, Pages: 529-544
Chalmers D, Dulay N, Sloman M, 2001, Context-based specifications for data mediation to support mobile systems, CaberNet workshop, Pisa, October 2001
Damianou N, Dulay N, Lupu E, et al., 2001, The Ponder policy specification language, Berlin, International workshop on policies for distributed systems and networks (POLICY 2001), Hewlett-Packard Lab, Bristrol, England, Publisher: Springer-Verlag, Pages: 18-38
The Ponder language provides a common means of specifying security policies that map onto various access control implementation mechanisms for firewalls, operating systems, databases and Java. It supports obligation policies that are event triggered condition-action rules for policy based management of networks and distributed systems, Ponder can also be used for security management activities such as registration of users or logging and auditing events for dealing with access to critical resources or security violations. Key concepts of the language include roles to group policies relating to a position in an organisation, relationships to define interactions between roles and management structures to define a configuration of roles and relationships pertaining to an organisational unit such as a department. These reusable composite policy specifications cater for the complexity of large enterprise information systems. Ponder is declarative, strongly-typed and object-oriented which makes the language flexible, extensible and adaptable to a wide range of management requirements.
Damianou N, Dulay N, Lupu E, et al., 2000, Ponder: a language for specifying security and management policies for distributed systems, Departmental Technical Report: 2000/1, Publisher: Department of Computing, Imperial College London
This document defines a declarative, object-oriented language for specifying policies for the security and management of distributed systems. The language includes constructs for specifying the following basic policy types: authorisation policies that define permitted actions; event-triggered obligation policies that define actions to be performed by manager agents; refrain policies that define actions that subjects must refrain from performing; and delegation policies that define what authorisations can be delegated and to whom.Filtered actions extend authorisations and allow the transformation of input or output parameters to be defined. Constraints specify limitations on the applicability of policies while meta-policies define semantic constraints on permitted policies. Policy groups define a scope for related policies to which a common set of constraints can apply. Roles define a group of policies relating to positions within an organisation. Relationships define a group of policies pertaining to the interactions between a set of roles. Management structures define a configuration of role instances as well as the relationships between them.This document defines the grammar for the various types of policies in EBNF and provides simple examples of the constructs.
This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.