Kevin P. Twidle

Ponder2: A Policy System for Autonomous Pervasive Environments

Policies form an important part of management and can be an effective means of implementing self-adaptation in pervasive systems. Most policy-based systems focus on large-scale networks and distributed systems. Consequently, they are often fragmented, dependent on infrastructure and lacking ¿exibility and extensibility. This paper presents Pon- der2, a novel policy system that is suitable for a wide range of environments and applications. The design and implementation of Ponder2 emphasises simplicity, ¿exibil- ity and extensibility and provides users with the ability to interact easily with the managed system. Ponder2 can interact with other software and hardware components and is being used in environments ranging from single devices, to personal area networks, ad-hoc networks and distributed systems. We also describe PonderTalk, a high-level object orientated language inspired by Smalltalk for con¿guring and controlling Ponder2 systems.large scale systems. It advocates a similar de-centralised model of autonomous agents co-operating with each other and composing into more complex con¿gurations. However, many existing policy-based frameworks have not been conceived for such environments. Their design is dependent on centralised infrastructure support such as LDAP directories and CIM repositories. Their deploy- ment model is often based on centralised provisioning and decision-making that does not offer the means for policy execution components to interact with each other, collabo- rate or federate into larger structure. Policy speci¿cation is seen as an off-line activity, and policy frameworks do not easily interact with the managed system. Consequently such frameworks are dif¿cult to install, run and experiment with. Additionally, they usually do not scale to smaller devices omnipresent in pervasive systems.

Ponder2 - A Policy Environment for Autonomous Pervasive Systems

Policies form an important part of management activities and are an effective means of implementing self-adaptation in pervasive systems. Many policy- based systems designed to date focus on large-scale networks and distributed systems. Consequently, they are often fragmented, dependent on infrastructure and lacking flexibility and extensibility. This demonstration presents Ponder2, a self-contained, stand-alone policy environment that is suitable for a wide range of applications in environments ranging from single devices, to personal area networks, ad-hoc networks and distributed systems. Ponder2 environments can be federated giving a consistent view of the name spaces within the environments and the ability to propagate events in a transparent manner.

Specifying discretionary access control policy for distributed systems

Abstract This paper discusses a proposed framework for specifying access control policy for very large distributed processing systems. These typically consist of multiple interconnected networks and span the computer systems belonging to different organizations. This implies the need for cooperation between independent managers to specify access control policy. The policy specification should permit interaction between organizations while limiting the scope of what objects can be accessed and what operations can be performed on them. The large numbers of objects in such systems make it impractical to specify access control policy in terms of individual objects. The paper explains how domains can be used to group objects and structure the management of access control policy. Access rules are introduced as a means of specifying the access rights between a domain of user objects and a domain of target objects in terms of the permitted operations as well as constraints such as user location and time of day. The use of domains for specifying the scope for which authority can be delegated to managers or security administrators is explained and the issues related to implementing access rules using capabilities or access control lists are discussed.

An architecture for managing distributed systems

The authors describe an architecture for managing distributed systems which has been jointly specified by two Esprit projects, SYSMAN (7026) and IDSM (6311). The emphasis, in this architecture, is on the use of domains to group managed objects and partition the management structure to cope with very large scale inter-organizational distributed systems. Another key aspect of the architecture is a policy service to support the specification, storage and manipulation of policies which can be used to influence the behavior of automated managers. The architecture advocates the use of object-based distributed processing techniques for management and essentially extends the OSF DME approach to cater to domains and policies as underlying management services for all aspects of management.<<ETX>>

Configuration management for distributed software services

The paper describes the SysMan approach to interactive configuration management of distributed software components (objects). Domains are used to group objects to apply policy and for convenient naming of objects. Configuration Management involves using a domain browser to locate relevant objects within the domain service; creating new objects which form a distributed service; allocating these objects to physical nodes in the system and binding the interfaces of the objects to each other and to existing services. Dynamic reconfiguration of the objects forming a service can be accomplished using this tool. Authorisation policies specify which domains are accessible by which managers and which interfaces can be bound together.

Self-Managed Cell: A Middleware for Managing Body-Sensor Networks

Body sensor networks consisting of low-power on- body wireless sensors attached to mobile users will be used in the future to monitor the health and well being of patients in hospitals or at home. Such systems need to adapt autonomously to changes in context, user activity, device failure, and the availability or loss of services. To this end, we propose a policy- based architecture that uses the concept of a Self-Managed Cell (SMC) to integrate services, managed resources and a policy interpreter by means of an event bus. Policies permit the declarative specification of adaptation strategy for self- configuration and self-management. We present the design and implementation of the SMC and describe its potential use in a scenario for management of heart monitoring. Preliminary performance measurements are also presented and discussed.

Policy-based Management for Body-Sensor Networks

Body sensor networks e.g., for health monitoring, consist of several low-power on-body wireless sensors, higher-level devices such as PDAs and possibly actuators such as drug delivery pumps. It is important that such networks can adapt autonomously to changing conditions such as failures, changes in context e.g., user activity, or changes in the clinical condition of patients. Potential reconfiguration actions include changing the monitoring thresholds on sensors, the analysis algorithms or the configuration of the network itself. This paper presents a policy-based approach for autonomous management of body-sensor networks using the concept of a Self- Managed Cell (SMC). Ponder2 is an implementation of this approach that permits the specification and enforcement of policies that facilitate management and adaptation of the response to changing conditions. A Tiny Policy Interpreter has also been developed in order to provide programmable decision- making capability for BSN nodes.

Towards Supporting Interactions between Self-Managed Cells

Management in pervasive systems cannot rely on human intervention or centralised decision-making functions. It must be devolved, based on local decision-making and feedback control-loops embedded in autonomous components. We have previously proposed the self-managed cell (SMC) as an architectural pattern for building ubiquitous applications, where a SMC consists of hardware and software components that form an autonomous administrative domain. SMCs may be realised at different scales, from body-area networks for health monitoring, to an entire room or larger distributed settings. However, to scale to larger systems, SMCs must collaborate with each other, and federate or compose in larger SMC structures. This paper discusses requirements for interactions between SMCs and proposes key abstractions and protocols for realising peer-to-peer and composition interactions. These enable SMCs to exchange data, react to external events and exchange policies that govern their collaboration. Dynamically customisable interfaces are used for encapsulation and interaction mediation. Although the examples used here are based on healthcare scenarios, the principles and abstractions described in the paper are more generally applicable.

Distributed System Construction: Experience with the Conic Toolkit

For the last eight years the Distributed Systems Research Group at Imperial College has conducted research into the development of an environment to support the construction and operation of distributed software. The result has been the Conic Toolkit: a comprehensive set of language and run-time tools for program compilation, building, debugging and execution in a distributed environment. Programs may be run on a set of interconnected host computers running the Unix operating system and/or on target machines with no resident operating system.

Teleo-Reactive workflows for pervasive healthcare

There is growing interest in using workflows to describe, monitor and direct a wide-range of medical procedures in hospitals. Unlike their well-established business counterparts, medical workflows require a high degree of execution flexibility since it is impossible to anticipate all the possible circumstances that might influence their execution and it is important that staff are permitted to respond to situations flexibly. Medical workflows also need to be unobtrusive, since requiring staff to continually acknowledge task execution or enter workflow data will get in the way of delivering medical healthcare. In this paper we present a new approach to workflow specification based on Teleo-Reactive programs, where a workflow is not defined as a set of discrete steps, but rather as a goal-driven process. Workflow tasks are modelled as continuous context conditions or durative actions. TR workflows offer a high degree of flexibility and an easier way to model human-centric tasks than the traditional graph-based workflow models. We illustrate the approach with a small pervasive healthcare example and show how we also apply the approach to managing workflow resources and security.