Methods for conflict resolution in policy-based management systems

While developments in distributed object computing environments, such as the Common Object Request Broker Architecture (CORBA) by the Object Management Group (2000) and the Telecommunication Intelligent Network Architecture (TINA) by H. Mulder (2002), have enabled interoperability between domains in large open distributed systems, managing the resources within such systems has become an increasingly complex task. This challenge has been considered for several years within the distributed systems management research community and policy-based management has recently emerged as a promising solution. Large evolving enterprises present a significant challenge for policy-based management partly due to the requirement to support both mutual transparency and individual autonomy between domains according to C. Bidan and V. Issarny (1998), but also because the fluidity and complexity of interactions occurring within such environments requires an ability to cope with the existence of multiple, potentially inconsistent policies. This paper discusses the need for providing both dynamic (run-time) and static (compile-time) conflict detection and resolution for policies in such systems and builds on our earlier conflict detection work (Dunlop et al., 2001, 2002) to introduce the methods for conflict resolution in large open distributed systems.

[1]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..

[2]  Zoran Milosevic,et al.  Policies in communities: extending the ODP enterprise viewpoint , 1998, Proceedings Second International Enterprise Distributed Object Computing (Cat. No.98EX244).

[3]  Jim Steel,et al.  Generating human-usable textual notations for information models , 2001, Proceedings Fifth IEEE International Enterprise Distributed Object Computing Conference.

[4]  Nienke den Haan Investigations into the Applications of Deontic Logic , 1993, Executable Modal and Temporal Logics.

[5]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[6]  Elisa Bertino,et al.  An access control model supporting periodicity constraints and temporal reasoning , 1998, TODS.

[7]  Nienke den Haan Investigations into the Application of Deontic Logic , .

[8]  R. Burchfield Oxford English dictionary , 1982 .

[9]  Jadwiga Indulska,et al.  Dynamic policy model for large evolving enterprises , 2001, Proceedings Fifth IEEE International Enterprise Distributed Object Computing Conference.

[10]  Nicole. Dunlop,et al.  Dynamic policy-based management in open distributed environments , 2002 .

[11]  Ehud Gudes,et al.  Security Policies in Object-Oriented Databases , 1989, DBSec.

[12]  Fang Chen,et al.  Constraints for role-based access control , 1996, RBAC '95.

[13]  Ravi S. Sandhu,et al.  Role-Based Access Control , 1998, Adv. Comput..

[14]  Leslie Lamport,et al.  The temporal logic of actions , 1994, TOPL.

[15]  Valérie Issarny,et al.  Dealing with Multi-policy Security in Large Open Distributed Systems , 1998, ESORICS.

[16]  Marsha Chechik,et al.  Events in Property Patterns , 1999, SPIN.

[17]  Mieke Massink,et al.  Theoretical and Practical Aspects of SPIN Model Checking , 1999, Lecture Notes in Computer Science.