Arosha K. Bandara

A goal-based approach to policy refinement

As the interest in using policy-based approaches for systems management grows, it is becoming increasingly important to develop methods for performing analysis and refinement of policy specifications. Although this is an area that researchers have devoted some attention to, none of the proposed solutions address the issue of deriving implementable policies from high-level goals. A key part of the solution to this problem is having the ability to identify the operations, available on the underlying system, which can achieve a given goal. This work presents an approach by which a formal representation of a system, based on the event calculus, can be used in conjunction with abductive reasoning techniques to derive the sequence of operations that will allow a given system to achieve a desired goal. Additionally it outlines how this technique might be used for providing tool support and partial automation for policy refinement. Building on previous work on using formal techniques for policy analysis, the approach presented here applies a transformation of both policy and system behaviour specifications into a formal notation that is based on event calculus. Finally, it shows how the overall process could be used in conjunction with UML modelling and illustrates this by means of an example.

Using event calculus to formalise policy specification and analysis

As the interest in using policy-based approaches for systems management grows, it is becoming increasingly important to develop methods for performing analysis and refinement of policy specifications. Although this is an area that researchers have devoted some attention to, none of the proposed solutions address the issues of analysing specifications that combine authorisation and management policies; analysing policy specifications that contain constraints on the applicability of the policies; and performing a priori analysis of the specification that will both detect the presence of inconsistencies and explain the situations in which the conflict will occur. We present a method for transforming both policy and system behaviour specifications into a formal notation that is based on event calculus. Additionally it describes how this formalism can be used in conjunction with abductive reasoning techniques to perform a priori analysis of policy specifications for the various conflict types identified in the literature. Finally, it presents some initial thoughts on how this notation and analysis technique could be used to perform policy refinement.

From spaces to places: emerging contexts in mobile privacy

Mobile privacy concerns are central to Ubicomp and yet remain poorly understood. We advocate a diversified approach, enabling the cross-interpretation of data from complementary methods. However, mobility imposes a number of limitations on the methods that can be effectively employed. We discuss how we addressed this problem in an empirical study of mobile social networking. We report on how, by combining a variation of experience sampling and contextual interviews, we have started focusing on a notion of context in relation to privacy, which is subjectively defined by emerging socio-cultural knowledge, functions, relations and rules. With reference to Gieryns sociological work, we call this place, as opposed to a notion of context that is objectively defined by physical and factual elements, which we call space. We propose that the former better describes the context for mobile privacy.

Expressive policy analysis with enhanced system dynamicity

Despite several research studies, the effective analysis of policy based systems remains a significant challenge. Policy analysis should at least (i) be expressive (ii) take account of obligations and authorizations, (iii) include a dynamic system model, and (iv) give useful diagnostic information. We present a logic-based policy analysis framework which satisfies these requirements, showing how many significant policy-related properties can be analysed, and we give details of a prototype implementation.

Educating the Internet-of-Things Generation

The Open Universitys My Digital Life course offers a learning infrastructure that allows complete novices to experiment with, and learn about, Internet-of-Things technologies by engaging in a range of activities that include collaborative and collective programming of real-world sensing applications. The first Web extra at http://youtu.be/JUpkHqivXp4 is a video presentation in which Arosha Bandara, a lecturer in computing at the Open University, explains how embedded, interconnected devices have grown to affect our lives. The second Web extra at http://youtu.be/VL37sjj_I1sis a video demonstration of Sense from the Open Universitys My Digital Life course. Sense is a newly developed visual programming language and programming environment based on SenseBoard, an embedded networked sensor device that supports active learning and experimentation with sensing, actuation, and networking by students at home.

Policy conflict analysis for quality of service management

Policy-based management provides the ability to (re-) configure differentiated services networks so that desired quality of service (QoS) goals are achieved. Relevant configuration involves implementing network provisioning decisions, performing admission control, and adapting bandwidth allocation dynamically according to emerging traffic demands. A policy-based approach facilitates flexibility and adaptability in that the policies can be changed without changing the implementation. However, as with any other complex system, conflicts and inconsistencies may arise in the policy specification. In this work, we concentrate on the policy conflicts that may occur for static resource management aspects of QoS provisioning, known as network dimensioning. The paper shows how conflict detection can be achieved using event calculus in conjunction with abductive reasoning techniques to detect the existence of potential conflicts in partial specification and generate explanations for the conditions under which the conflicts arise. We finally present some conflict detection examples from our initial implementation of a policy conflict analysis tool. Although we focus on network dimensioning, many of the types of conflicts we illustrate could arise in other applications.

Adaptive Model-Driven User Interface Development Systems

Adaptive user interfaces (UIs) were introduced to address some of the usability problems that plague many software applications. Model-driven engineering formed the basis for most of the systems targeting the development of such UIs. An overview of these systems is presented and a set of criteria is established to evaluate the strengths and shortcomings of the state of the art, which is categorized under architectures, techniques, and tools. A summary of the evaluation is presented in tables that visually illustrate the fulfillment of each criterion by each system. The evaluation identified several gaps in the existing art and highlighted the areas of promising improvement.

Using argumentation logic for firewall policy specification and analysis

Firewalls are important perimeter security mechanisms that imple-ment an organisations network security requirements and can be notoriously difficult to configure correctly. Given their widespread use, it is crucial that network administrators have tools to translate their security requirements into firewall configuration rules and ensure that these rules are consistent with each other. In this paper we propose an approach to firewall policy specification and analysis that uses a formal framework for argumentation based preference reasoning. By allowing administrators to define network abstractions (e.g. subnets, protocols etc) security requirements can be specified in a declarative manner using high-level terms. Also it is possible to specify preferences to express the importance of one requirement over another. The use of a formal framework means that the security requirements defined can be automatically analysed for inconsistencies and firewall configurations can be automatically generated. We demonstrate that the technique allows any inconsistency property, including those identified in previous research, to be specified and automatically checked and the use of an argumentation reasoning framework provides administrators with information regarding the causes of the inconsistency.

Dynamic Policy Analysis and Conflict Resolution for DiffServ Quality of Service Management

Policy-based dynamic resource management may involve interaction between independent decision-making components which can lead to conflicts. For example, conflicts can occur between the policies for allocating resources and those setting quotas for users or classes of service. These policy conflicts cannot be detected by static analysis of the policies at specification-time as the conflicts arise from the current state of the resources within the system and so can only be detected at run-time. In this paper we use policies related to quality of service (QoS) provisioning for configuring differentiated services (DiffServ) networks to illustrate techniques for the dynamic detection and resolution of conflicts. Configuration includes implementing network provisioning decisions, performing admission control, and adapting bandwidth allocation dynamically according to emerging traffic demands. We identify possible conflicts between policies that manage the allocation of resources, and we also investigate conflicts that may arise between these policies and higher-level directives refined at the dynamic resource management level, acting as constraints. The paper shows how event calculus can be used to detect conflicts, focusing on the ones that emerge at run-time, and provides an approach for specifying policies to automate conflict resolution. The latter is demonstrated through our initial implementation of a dynamic conflict analysis tool

Policy refinement for DiffServ quality of service management

Policy-based management provides the ability to dynamically re-configure DiffServ networks such that desired quality of service (QoS) goals are achieved. This includes network provisioning decisions, performing admission control, and adapting bandwidth allocation dynamically. QoS management aims to satisfy the service level agreements (SLAs) contracted by the provider and therefore QoS policies are derived from SLA specifications and the providers business goals. This policy refinement is usually performed manually with no means of verifying that the policies written are supported by the network devices and actually achieve the desired QoS goals. Tool support is lacking and policy refinement has rarely been addressed in the literature. This paper extends our previous approach to policy refinement and shows how to apply it to the domain of DiffServ QoS management. We make use of goal elaboration and abductive reasoning to derive strategies that achieves a given high-level goal. By combining these strategies with events and constraints, we show how policies can be refined, and what tool support can be provided for the refinement process using examples from the QoS management domain. However, the approach presented here can be used in other application domains such as storage area networks or security management.