Nicodemos Damianou

The Ponder Policy Specification Language

The Ponder language provides a common means of specifying security policies that map onto various access control implementation mechanisms for firewalls, operating systems, databases and Java. It supports obligation policies that are event triggered condition-action rules for policy based management of networks and distributed systems. Ponder can also be used for security management activities such as registration of users or logging and auditing events for dealing with access to critical resources or security violations. Key concepts of the language include roles to group policies relating to a position in an organisation, relationships to define interactions between roles and management structures to define a configuration of roles and relationships pertaining to an organisational unit such as a department. These reusable composite policy specifications cater for the complexity of large enterprise information systems. Ponder is declarative, strongly-typed and object-oriented which makes the language flexible, extensible and adaptable to a wide range of management requirements.

A policy deployment model for the Ponder language

Policies are rules that govern the choices in behaviour of a system. Security policies define what actions are permitted or not permitted, for what or for whom, and under what conditions. Management policies define what actions need to be carried out when specific events occur within a system or what resources must be allocated under specific conditions. There is considerable interest in the use of policies for the security and management of large-scale networks and distributed services. Existing policy work has focussed on specification, information models and application-specific policy enforcement. We address the important goal of providing a general-purpose deployment model for policies that is independent of the underlying policy enforcement mechanisms and can be employed in mixed policy environments. In this paper, we present a deployment model that is object-oriented and addresses the instantiation, distribution and enabling of policies as well as the disabling, unloading and deletion of policies. The model defines objects for policies, for domains, and for the policy enforcement agent and outlines the interactions needed between them. The model also caters for changes in the memberships of domains since such changes also effect policy enforcement. The model forms part of the run-time support for Ponder; a new policy language that combines structuring ideas from object-oriented languages with a common set of policy basic types.

Tools for domain-based policy management of distributed systems

The management of policies in large-scale systems is complex because of the potentially large number of policies and administrators, as well as the diverse types of information that need to be managed. Appropriate tool support is essential to make management practical and feasible. In this paper we present the implementation of an integrated toolkit for the specification, deployment and management of policies specified in the PONDER language. PONDER policies provide a powerful framework for managing distributed systems which includes explicit domain-based subject and target specifications as well as a flexible life-cycle and deployment model. Domains, implemented using LDAP directories, are used for storing policies and grouping resources, people, and the entities which implement policy, thus facilitating the automated dissemination of policy information. The toolkit presented in this paper comprises: a policy compiler, used to generate implementation code for heterogeneous management and security platforms, a hyperbolic tree viewer for efficient manipulation of the domain structure and effective navigation across the domains, and various tools for deploying and managing the policy life-cycle.

Ponder: realising enterprise viewpoint concepts

This paper introduces the Ponder language for specifying distributed object enterprise concepts. Ponder, is a declarative language, which permits the specification of policies in terms of obligations, permissions and prohibitions and provides the means for defining roles, relationships and their configurations in nested communities. Ponder provides a concrete representation of most of the concepts of the Enterprise Viewpoint. The design of the language incorporates lessons drawn from several years of research on policy for security and distributed systems management as well as policy conflict analysis. The various language constructs are presented through a scenario for the operation, administration and maintenance of a mobile telecommunication network.

Policy based management

This book summarizes the state of research and practice in this emerging field of network and system administration, in an anthology of chapters written by the top academics in the field. The authors include members of the IST-EMANICS Network of Excellence in Network Management.

A Policy Language for the Management of Distributed Agents

A key issue in managing distributed agents is the provision of effective policy-based frameworks. To help realise such frameworks we have developed a new policy language that features dynamic fine-grained access controls and event-triggered condition-action rules, with abstractions for grouping objects/agents (domains), and grouping policies (roles, relationships and management structures). In our language policies apply to domains of objects. By changing a policy we change the behaviour of a system. By adding an object or agent to a domain we cause the domains policies to be applied to the newly added object. The language is declarative, strongly typed and object-oriented, which makes the language flexible, extensible and adaptable to a wide range of management requirements