International Technology Alliance In Network & Information Sciences International Technology...
-
Upload
justin-miles -
Category
Documents
-
view
214 -
download
1
Transcript of International Technology Alliance In Network & Information Sciences International Technology...
1
International Technology AllianceIn Network & Information Sciences
International Technology AllianceIn Network & Information Sciences
Policy Specification, Analysis and Transformation
Policy Specification, Analysis and Transformation
Mandis Beigi, Carolyn Brodie, Seraphin Calo, David George, Clare-Marie Karat, John Karat, Jorge Lobo, Dinesh Verma, and Xiping Wang
Mandis Beigi, Carolyn Brodie, Seraphin Calo, David George, Clare-Marie Karat, John Karat, Jorge Lobo, Dinesh Verma, and Xiping Wang
2
Policy Life Cycle
Task 3
Task 1
Task 2
Author, Analyze & Transform NL
Policies
Mapping onto Network
Security MechanismsPolicy Algebra
Task 4
3
Security Policy Framework–TA2 P4
Policy Specification
In Natural LanguageSubclasses (NLS)
In a Formal Language (FL)
System Side
Algorithms & Tools
User Side
Author NL policies
Convert NL policies to FL policies
Author FL policies
Convert FL policies to NL policies
Abstract Policy ModelsPrivacy / Security Ontologies
Policy Transformation
Policy Synchronization
Goals, High Level PoliciesIn System Context
Concrete Policy Sets
Executable Policies
Information Control Flow
Policy Ratification
Policy Authoring
Policy Ratification
Databases, XML Stores, Rule Engines, State Machines, etc
Global Principles and GoalsLarge Scale Analyses of
NL and FL PoliciesSurvey & Coding of Related Practices
Policy Transformation
Policy Synchronization
Human Factors Based Design & Usability Studies
Policy Presentation
Processing & User Interaction
User Preferences in
a FL
User-Level Paradigms for Preferences
Preference Specification Tools
AC & Audit Policies Data User Risk Choices & Model Model Model Consent
4
Demonstration Components
Policy Specification
In Natural Language
Subclasses (NLS)
In a Formal Language (FL)
Abstract Policy Models
Goals, High Level Policies
In System Context
Executable Policies
Databases, XML Stores, Rule Engines, State Machines, etc
Concrete Policy Sets
Information Control Flow
Domain Policies
Data User Choices & Model Consent
Policy Analysis
Conflict/Dominance/Coverage
Policy TransformationUser defined transformation
Management
SPARCLE
NLP Analysis & Transformation
Policy DeploymentUsing Ponder 2 for
implementation
5
SPARCLE Policy Workbench
• Motivation for SPARCLE:–Policies provide a powerful mechanism to
manage many kinds of infrastructures including security and network management.
–Currently, policy management methods (e.g., editing XML files) are not sufficient to address user skills of varying technical abilities.
–There is a large, error-prone gap between high level policy specification and deployment.
–Goal: Create a usable, integrated capability for policy management across heterogeneous systems.
6
SPARCLE Policy Workbench
• Project Scope: The SPARCLE (Server Privacy ARchitecture and CapabiLity Enablement) project will create a highly usable policy workbench that enables organizations to:– Create access control policies (Author, Analyze, and Transform)– Connect policy definition to system entities (Implement)– Check policy compliance (Audit)
• Authoring Tool Description:– Provides natural language analysis of textual policies, displays
results for expert review, and generates the machine-readable XML version of the policies, with 94% parsing precision.
– Provides analysis of conflicts and redundancies in access control policies at the structured language level.
– Displays results for expert review.– Transforms the policy sets into machine-readable XML version
of the policies.
7
Marketing employees
name, address, and phone number
for the purpose of direct advertising
if the customer has opted-in.
can collect and use
User category
Actions
Data categories
Purpose
Condition
SPARCLE Parsing Example
8
Policy Analysis
• Motivation:– Provides a formal process that allows policy
administrators to certify the “correctness” of a policy before the policy is activated.
– Demo highlights the use of advanced algorithms to systematically determine if a policy is problematic.
– Analysis can be performed when a policy is authored and the whole process of analysis is automated.
9
Policy Analysis Types in Demo
• Conflict Identification:– Two policies are in conflict if they can be simultaneously
applicable and prescribe incompatible actions. – This analysis method is used to determine if two policies are
consistent.• Dominance Analysis:
– A policy is dominated by a set of one or more other policies when the addition of the first policy does not effect the behavior of the system governed by the set of policies.
– This analysis method is used to discover redundant policies.
• Coverage Analysis:– A set of policies may (or may not) provide definition for a range
of input parameters. This analysis method determines if there are gaps in the coverage.
– This analysis method is used to examine the completeness of a set of policies.
10
Conflict Identification
Security Level
already existing policy
new policy
Teams
• Conflict: Applicability subspaces intersect.
• Variables can take values in spaces of different characteristics– We first find the policy
hyper-space intersect– Then we check if the policy
effects are incompatible
11
Dominance Analysis
Battery capacity
Draining rate
Already
existing policy
100 mAmp
95 mAmp/h
30 mAmp/h
• Dominance check:– A subspace is inside another
subspace– Subspaces might not be convex
• A policy is dominated if its hyper-space is completely contained in the hyper-space of the existing policies
new policy
12
Coverage AnalysisB
atte
ry c
apac
ity
Draining rate10 35
P2
40
100
350
P4
P3
Uncovered area
Device space (dashed line)
• Coverage check:– A subspace is contained by another
subspace (the space to be covered)– Subspaces might not be convex
• A device space is covered if it is completely covered by the hyper-space of a set of policies
• To cover the device space the lower bound of draining rate of P4 can be changed to 35
13
Policy Transformation
• Motivation and Explanation:– Transform high level policies into low level policies– Rule based transformation– Modify condition and action sections of the policies– Simple search and replace– Transformation rules are written in an XML format by
an expert user
14
Transformation Example
Input policy
If user is from U.S. Then provide high security
Transformation rules
1. Replace U.S. with subnet 9.2.x.x
2. Replace high security with 256 bit encryption and DES encryption
Output Policy
If user is from subnet 9.2.x.x Then use 256 bit encryption and DES encryption
15
Policy Deployment
• The last step is to deploy policies into managed resources
• This is done in two sub-steps:– A last translation of the policies into the executable
commands or policies understood by each resource– Transmission of the policy to the resource
• In our scenario we are working with Self-Managed Cells (SMC) resources– SMCs are agents built using the Ponder2 policy
framework developed at Imperial College
08/13/2007 Security Management in Dynamic Communities 16
Policy Deployment
• SMC policy service - Ponder2 framework– Cater for two types of policies
• Obligation policies (event-condition-action) define management actions that are performed in response to events
• Authorization policies specify which actions are permitted on which resources and services
– Managed objects to which policies apply can be • Internal resources • Adapters for external services• Policies themselves
resource
Domain structure
policy
…
…
…
remote
– Policies can be added, removed, enabled and disabled to change SMC behavior
• Without interrupting its functioning
– Managed objects kept in domain structure that implements hierarchical namespace
• Use domains as subject/target of policies
08/13/2007 Security Management in Dynamic Communities 17
Backup and Alternative Slides
18
Demonstration
• A scenario based demo will illustrate the research concepts in the security policy management area.
19
VisualizationOf
Policy
Policy A
nalysis Modu
le
TransformPolicy
AuthorPolicy
Ponder
Managed
Resource Policy T
ransform
ations
Policy D
eploym
ent
Ponder
Managed
Resource
Ponder
Managed
Resource
Demo Architecture
08/13/2007 Security Management in Dynamic Communities 20
Policy Deployment
• Self-managed cell (SMC)– Consists of hardware and software components– Do not rely on human intervention nor central coordination– Implements a local feedback control-loop
• Architectural pattern– Basic building block of a pervasive environment
• Core services– Discovery service– Event service – Policy service
Measurement& Monitoring
ServiceDiscovery
RawMeasurements
Event Bus
PolicyManagement
Measurementand Control
Adapters
Context
ContextInformation
Goals andpolicies
InteractionAdaptation
Other
Managed Resources