2008 IEEE Workshop on Policies for Distributed Systems and Networks
The Coalition Policy Management Portal for Policy Authoring, Verification, and Deployment Carolyn Brodie, David George, Clare-Marie Karat, John Karat, Jorge Lobo, Mandis Beigi, Xiping Wang, Seraphin Calo, Dinesh Verma IBM TJ Watson Research Center
Alberto Schaeffer-Filho, Emil Lupu, and Morris Sloman Imperial College London contact:
[email protected]
Abstract
demonstration of our research is a scenario-based demo illustrating research concepts in the security policy management area. The Coalition Policy Management Portal prototype uses the context of a hostage rescue situation to demonstrate a number of concepts related to policy authoring, analysis, transformation, and deployment (see Figure 1).
We are investigating computing platformindependent policy frameworks to specify, analyze, and deploy security and networking policies. The goal is to provide easy to use mechanisms for refining high-level user-specified goals into low-level controls. This scenario-based demo of a Coalition Policy Management Portal prototype uses the context of a hostage rescue situation to demonstrate usable and effective policy authoring through either natural language or structured lists that create natural language policy rules; policy visualization; analysis of policies for conflict, dominance, and coverage, and methods to resolve the issues identified; policy transformation from natural language to XML or ACPL SPL for automated enforcement, and deployment of policies onto mission equipment. The prototype builds on the SPARCLE and PONDER2 research projects.
Policy Specification
SPARCLE NLP Analysis & Transformation
In a Formal Language (FL)
Policy Analysis Conflict/Dominance/Coverage
Policy Transformation User defined transformation Management
1. Introduction Policy Deployment Using Ponder 2 for implementation
The International Technology Alliance project is a consortium of organizations that are focusing on fundamental research in the areas of network theory, security across a system of systems, sensor information processing and delivery, and distributed coalition planning and decision making [1]. As part of the research on how policies can be used to ensure security across systems of systems, we are investigating computing platform-independent frameworks to specify, analyze, and deploy security and networking policies. The goal is to provide easy to use mechanisms for refining high-level userspecified goals and decisions into low-level controls. The project will develop algorithms to detect policy anomalies and properties of various types and investigate strategies for resolution of policy anomalies prior to their deployment. The system
978-0-7695-3133-5/08 $25.00 © 2008 IEEE DOI 10.1109/POLICY.2008.25
In Natural Language Subclasses (NLS)
Abstract Policy Models Goals, High Level Policies In System Context
Concrete Policy Sets Domain Policies Data, User Choices & Model
Information Control Flow
Executable Policies Databases, XML Stores, Rule Engines, State Machines, etc.
Figure 1. The Components Demonstrated through the Coalition Policy Management Portal. In the scenario, coalition groups from different countries prepare to rescue humanitarian aid workers who have been kidnapped in the fictitious country. The mission policies are written in natural language using the SPARCLE Policy Workbench technology [2, 3]. The policies that are relevant to the mission are transformed into machine readable code by SPARCLE and then analyzed using policy analytics for possible issues of conflict, dominance, and coverage [4]. Once issues have been resolved, the policies are transformed to add lower level details
247
and are deployed on the rescue mission equipment by PONDER2 technology [5, 6, 7]. The different aspects of the demo are described in more detail below.
analysis [4]. Policies are in conflict if they are simultaneously applicable and prescribe incompatible actions. A policy is dominated by a set of one or more policies when the addition of the first policy does not affect the behavior of the system. Coverage analysis identifies gaps in coverage and possible policies to fill the gaps for policies that define actions over a range of parameters.
2. Coalition Policy Management Portal
The Coalition Policy Management Portal has been created using Web 2.0 technology. The portal provides access to a server-centric functionality described in the remaining sections via customizable, coordinated, robust window-like dialogs for seamless operation. Policy authoring, analysis, viewing, transformation and deployment are all available as windowed panes in a context-adjoined manner that aids the user in maintaining a strong conceptual grasp as to the logical steps needed to build deployable results. Any web-capable client can be used.
5. Policy Transformation The demo illustrates the transformation of highlevel policies to low-level policies using rules [5, 6, 7]. We demonstrate several transformations in this demo including the transformation from natural language to a structured, but human-readable format, from this format to a series of increasingly more detailed machine-readable (XML) formats, and finally to PonderTalk for deployment.
3. SPARCLE Policy Workbench Policies provide a powerful mechanism to manage many kinds of infrastructures including security and network management. Currently, policy management methods (e.g., editing XML files) are not sufficient to address the user skills of varying technical abilities and the situations in which policies are created or modified. Thus, there is a large error-prone gap between high level policy specification and low-level deployment. The goal of the SPARCLE Policy Workbench is to provide a usable and integrated capacity for policy management across heterogeneous systems [2, 3]. SPARCLE enables organizations to: 1) Create, analyze, visualize, and transform policies in natural language or using structured lists, 2) Connect policy definition to system entities, and 3) Check policy compliance. In this demo, we are employing the policy authoring and transformation capabilities. SPARCLE enables users to easily author policies, conduct initial analysis, and display results and then transforms the policies into machine-readable XML code.
6. PONDER2 The last step is to deploy policies onto managed resources. This is done in two steps including a translation of the policies into executable commands and transmission of the policy to the resource. In our scenario, we are working with Self-Managed Cells (SMC) resources; agents built using the Ponder2 policy framework [8, 9]. There are two types of policies: obligation policies that define management actions that are performed in response to events and authorization policies which specify the actions are permitted on each resource and service. Managed objects to which policies can be applied include internal resources, adapters, and the policy set.
10. Acknowledgement Research was sponsored by the U.S. Army Research Laboratory and the U.K. Ministry of Defence and was accomplished under Agreement Number W911NF-06-3-0001. The views and conclusions contained in this document are those of the author(s) and should not be interpreted as representing the official policies, either expressed or implied, of the U.S. Army Research Laboratory, the U.S. Government, the U.K. Ministry of Defense or the U.K. Government. The U.S. and U.K. Governments are authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation hereon.
4. Policy Analytics Policy analytics provides a formal process that allows policy administrators to certify the ‘correctness’ of a policy before the policy is activated. The demo highlights the use of advanced algorithms to determine if a policy is problematic, and we illustrate a capability for helping users to understand and resolve issues. Three types of policy issues are covered in the demo: conflict identification, dominance analysis, and coverage
248
[5] M. Beigi, S. Calo and D. Verma, “Policy Transformation Techniques in Policy-based Systems Management”, Policy Workshop 2004, Yorktown, New York, June, 2004.
11. References [1] International Technology Alliance, http://domino.research.ibm.com/projects/titans/www_titans .nsf/pages/index.html
[6] M. Beigi, S. Calo and D. George, “A Method for Production Rule-Based Transformation of Policies”, patent docked filed, US Patent Office, 2006.
[2] Karat, J., Karat, C., Brodie, C., and Feng, J. Privacy in information technology: Designing to enable privacy policy management in organizations. In the International Journal of Human Computer Studies, Vol 63, Issues 1-2, p. 153174, 2005..
[7] M. Beigi, S. Calo, D. George and D. Verma, “Method and Apparatus for Distributed Policy Evaluation”, patent docked filed, US Patent Office, 2006.
[3] Karat, C., Karat, J., Brodie, C., and Feng, J. Evaluating Interfaces for Privacy Policy Rule Authoring. In the Proceedings of the Conference on Human Factors in Computing Systems. NY: ACM Press, p. 83-92, 2006.
[8] PONDER2 Project, http://www.ponder2.net/ [9] Emil Lupu, Naranker Dulay, Morris Sloman, Joseph S. Sventek, Stephen Heeps, Stephen Strowes, Kevin P. Twidle, Sye Loong Keoh, A. Schaeffer-Filho: AMUSE: autonomic management of ubiquitous e-Health systems. Concurrency and Computation: Practice and Experience 20(3), p. 277-295, 2008.
[4] Dakshi Agrawal, James Giles, Kang-Won Lee, Jorge Lobo: Policy Ratification. POLICY 2005, p. 223-232, 2005.
249
