IT & Wireless Convergence © 2011 IBM Corporation Policy-based Management Technologies Seraphin B....
-
Upload
jocelyn-bradley -
Category
Documents
-
view
218 -
download
0
Transcript of IT & Wireless Convergence © 2011 IBM Corporation Policy-based Management Technologies Seraphin B....
IT & Wireless Convergence
© 2011 IBM Corporation
Policy-based ManagementTechnologies
Seraphin B. Calo
IT & Wireless Convergence
© 2011 IBM CorporationPolicy-based Management Technologies 2
Agenda
Policy-based Management
Watson Policy Management Library (WPML)
Policy Enabled Systems
– Policy Enabled Network Gateway
– Gaian Database
Policy Controlled Coalition Information Dissemination
IT & Wireless Convergence
© 2011 IBM CorporationPolicy-based Management Technologies 3
Self-Management
A policy is a set of considerations designed to guide decisions on courses of actions.
– Goal or guidelines: System Constraints
– Configuration policies: (Conditioned) Attribute/Value pairs
– Event Condition Action rule
Policy Technologies are essential for self-management
– Allow software to be adapted to different environments
– Provide mechanism for responding to changing conditions
– Capture constraints and best practices
Policies
Policy Decision
Point
Policy Enforcement
Point
Policy Management
Tool
Policies
Actions
Policy Repository
Policies
© 2011 IBM Corporation4 Policy-based Management Technologies
IT & Wireless Convergence
Imperius (Open Source)SPL Parser
Evaluation Engine
Template-based Editor
Sensor Fabric (Policy
Enabled)Policy Management
Tool
Watson Policy Management Library
Library built on Open Source Policy Engine– Imperius – provides base set of
functionality and object model
Analysis– Examines policies for problems
Transformation– Converts abstract representations of
policies (i.e. “excellent service”) to concrete policies (i.e. “bandwidth=100Mhz”)
Deployment– Send policies to Policy Decision
Points– Sensor Fabric contains 1 or more
PDP
Decision Points– Registry of evaluation points– Stores policies– Provides policy decisions
Repositories– Generalized storage model– Policies– Policy Evaluation Points
…
Extended Policy Capabilities & Components
Policy Metadata
Policy Templates
Policy matching
Repositories
Deployment
Discovery
Evaluation Points
Decision Points
Transformation
NL Editor
Policy Analysis
Syntax
Conflict
Dominance
Coverage
Gaian Database
(Policy Enabled)
© 2011 IBM Corporation5 Policy-based Management Technologies
IT & Wireless Convergence
Usable interface easily navigates users through phases of policy lifecycle:
• Authoring
• Analysis
• Negotiation
• Deployment
• Templates provide a structured policy language and yet a natural language feel
Administration features:
• Template and attribute authoring
• User and group management
Template Based Authoring
IT & Wireless Convergence
© 2011 IBM CorporationPolicy-based Management Technologies 6
Support for multiple concurrent sessions
– Each session has a set of participating organizations
Plug-in architecture to allow customization of each negotiation session with its own:
– Negotiation goal (termination criteria)
– One or more evaluation algorithms
– Turn taking algorithm
– Offer visibility choice
– Negotiation procedure
– Negotiation termination
OfferVisibility
Turn Taking
Negotiation Session Manager
Session 1
OfferEvaluation
NegotiationGoal
Negotiation Procedure
NegotiationTermination
Policy Negotiation SystemMulti-Party, Assisted Electronic Agreements
© 2011 IBM Corporation7 Policy-based Management Technologies
IT & Wireless Convergence
7ITA Peer Review, Sept. 2010
CWP Policy Negotiation Tool
–Guides process, incorporates real-time analysis and checks for convergence
–Coalition members can negotiate common, optimized mission policies in real time
–Demonstration for ISR Sensor Network Scenario
Policy Negotiation System for Coalition Networks
© 2011 IBM Corporation8 Policy-based Management Technologies
IT & Wireless Convergence
Protocol-SpecificProxy BundlePolicy-Enabled Network Gateway
Authorization and Filtering–Fine-grain, application-level filtering & authorization–Data column or row hiding, value altering–Message rerouting, modification, etc.
Pluggable protocol support on OSGi–Protocol/application-specific policies–OSGi: dynamic, modular, multi-protocol platform–Pluggable policy resource models –MQ, JDBC, SIP, …
PolicyEnforcement
Point
CoalitionInteroperation
PEG PEG
OSGi
JDBC MQ …
ResourceModel
PolicyRepository
PDP
Inboundmessage
Outboundmessage
Protocol Parser
© 2011 IBM Corporation9 Policy-based Management Technologies
IT & Wireless Convergence
Information Federation: GaianDB A distributed, federated database
approach
–Follows the ‘Store Locally-Query Anywhere’ paradigm
Queries are routed to all of the nodes
–flood query, retrieving only the data required to satisfy a query
Network of GaianDB nodes established using autonomic discovery of neighbours
–configuration only required for data sources
N0
N3
N11
N4N5
N1
N2
N6
N7
N8
N10N9
SQL Query
N0
N3
N11
N4N5
N1
N2
N6
N7
N8
N10N9
SQL Query
N0
N3
N11
N4N5
N1
N2
N6
N7
N8
N10N9
SQL QueryN0
N3
N11
N4N5
N1
N2
N6
N7
N8
N10N9
SQL Queries
Coalition Warfare Program
Policy Controlled Coalition Information Dissemination
Prepared by
Tien Pham (ARL-SEDD)Graham Bent (IBM-UK)Seraphin Calo (IBM-US)
11
OSD Coalition Warfare Program
COALITION WARFARE PROGRAM (CWP)
Sponsor by OUSD(AT&L) to facilitate international
cooperative technology development that enables more
effective full-spectrum coalition operations
CWP Requirement: • International program agreement• US COCOM support• Equitable resourcing
Excellent transition opportunities • Leverage ITA research
US-UK ITA program satisfies CWP requirementsUS-UK ITA program satisfies CWP requirements
12
ITA CWP Projects
1st ITA-CWP Project: Sensor & Policy Software Tools & Protocols for Networking of Disparate ISR Assets
• FY09 & FY10• Support from military programs
• US: Empire Challenge, Networked UGS,• UK: Network Emulator, Base Surveillance & Area OverWatch
• Technology demonstration at Empire Challenge 2010 • Demonstrate interoperability of US, UK and coalition ISR assets
persistent surveillance –US acoustic mortar detection system cueing surrogate UK imaging sensor
• Demonstrate use of policy for sensor data/information access and dissemination to KSAF and DDRE (US) networks
2nd ITA-CWP Project: Policy Controlled Information Query & Dissemination
• FY11 & FY12• Technology implementation at the Intelligence Fusion Centre
(in support of NATO) located at Molesworth RAF• Enhance PED process for all-source analysts • Demonstrate policy controlled distributed federation of disparate
intelligent data sources from NATO
13
Coalition Problem Addressed
Challenges A coalition partner may want to provide limited information to
other partners A coalition partner may want to limit the type or nature of
information its members receive from others Information access policies need to be supported transparently
Burden of policy compliance ought to be shifted from the solider to the IT infrastructure
Goal Demonstrate a system to allow information sharing across
coalitions Move policy compliance burden to IT infrastructure away from
individual
Sharing Information among different Coalition Partners
14
ITA Gaian Database Concept
Distributed formal policy based techniques are used to control access to data and the flow of data through the network.
Each node implements policies that can be stored at any other node(s) in the network
PolicyRepository
Implementation of Watson Policy Management Library (WPML) in a Gaian Database Node
Policy Enforcement
Point
Policy Management Tool
Policy Decision
Point
Policy Repository
Managed Environment
Policy Enforcement
Point
// Define resource p of type PropertiesImport Class java.util.Properties:p;// Define a resource authorizer that is used to signal // false values to the requesting PEPImport Class com.ibm.watson.pml.policy.types.IAuthorizer:authorizer// If the given instance is not empty…Condition { p.size() > 1 }// Then signal the PEP to allow the action is controlling.Decision { authorizer.allow() }
Proposed Program – Year 1
• Demonstration using IFC Data Set – Develop representative entity extraction rules and
policies at Dstl (Porton Down) using existing distributed policy mechanism.
– Demonstration at Dstl and ARL
• Demonstration on actual IFC systems– Configure demonstration system– Demonstration at IFC (November 2011)
• Enhanced distributed policy mechanisms– Investigate capabilities of new distributed policy
mechanisms
Proposed Program – Year 2
• Demonstration of enhanced policy mechanisms using IFC Data Set – Configure new policy mechanisms at Dstl
(Porton Down) and IFC (April 2012)– Demonstration on actual IFC systems
• Demonstration across multi-agencies– Extend demonstration to multi agencies (e.g.
IFC, NC3A) (Oct/November 2012)
IFC Demonstration – Phase 1
DS3
DS1
Policy Authoring Tool
IFC
Federation of structured and unstructured data sources withdistributed coalition policy based access control and dissemination
Analyst queries for information from any node in the network – no policy applied
With no policy applied – “Find people named ‘omar’ who are linked to any other person”The result returns 11 matches from across the distributed databases
Policy Authoring Tool used to create new policy restricting access of all users to records derived from
SIGINT sources
Tool used to deploy policy into network
Policy tool used to deploy policy into local node policy database table– this is then read by all other nodes through Gaian Database and implemented at each node
Analyst queries for information - Policy restricting access to SIGINT sources only is now applied
With policy applied – “Find people named ‘omar’ who are linked to any other person”The result returns only 3 matches from across the distributed databases with SIGINT.NOTE: There have been no changes made to the underlying data sources
Analyst queries for additional information - Policy restricting access to SIGINT sources only is still applied
With policy applied – “Find telephone numbers linking named individuals and SigInt reports that describe the communication”
The result returns list of phone numbers and associated SIGINT reports from across the distributed data sources
Extending to other agencies – Phase 2
DS10
DS8
DS9DS7
Policy Authoring
Tool
DS5DS6
DS4
DS3
DS1
DS2Policy Authoring
Tool
IFC
NC3A ANOTHER
Policy Authoring
Tool
Research was sponsored by the U.S. Army Research Laboratory and the U.K. Ministry of Defence and was accomplished under Agreement Number W911NF-06-3-0001. The views and conclusions contained in this document are those of the author(s) and should not be interpreted as representing the official policies, either expressed or implied, of the U.S. Army Research Laboratory, the U.S. Government, the U.K. Ministry of Defence or the U.K. Government. The U.S. and U.K. Governments are authorized to reproduce and distribute reprints for Government
purposes notwithstanding any copyright notation hereon. .
Contact Details & Disclaimer
Contact Details:
Dr Seraphin B. Calo Research Staff Member & Manager Policy Lifecycle TechnologiesIBM Research DivisionT. J. Watson Research Center 19 Skyline Drive, Hawthorne, NY 10532 Tel: +1 914-784-7514Email: [email protected]
IT & Wireless Convergence
© 2011 IBM Corporation
END