Configurable immunity for evolving human-computer systems

The immunity model, as used in the GNU cfengine project, is a distributed framework for performing policy conformant system administration, used on hundreds of thousands of Unix-like and Windows systems. This paper describes the idealized approach to policy-guided maintenance, that is approximated by cfengine, building on the notion of 'convergent' operations, i.e. those that reach stable equilibrium. Agents gravitate towards a policy-determined configurations, through the repeated application of unintelligent 'anti-body' operations or discrete, coded counter-measures. The distributed agents turn passive discovery of state into active strategy for 'curing' systems of policy transgressions.

[1]  Morris Sloman,et al.  Policy driven management for distributed systems , 1994, Journal of Network and Systems Management.

[2]  Stephanie Forrest,et al.  Automated response using system-call delays , 2000 .

[3]  Joseph L. Hellerstein,et al.  An approach to predictive detection for service management , 1999, Integrated Network Management VI. Distributed Management for the Networked Millennium. Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management. (Cat. No.99EX302).

[4]  Morris Sloman,et al.  Implementation of a Management Agent fo r Interpreting Obligation Policy , 1996 .

[5]  Alva L. Couch,et al.  It's Elementary, Dear Watson: Applying Logic Programming To Convergent System Management Processes , 1999, LISA.

[6]  Mark S. Burgess,et al.  Principles of Network and System Administration , 1996 .

[7]  J. Neumann,et al.  The Theory of Games and Economic Behaviour , 1944 .

[8]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .

[9]  Jeff Kramer,et al.  Maintaining node consistency in the face of dynamic change , 1996, Proceedings of International Conference on Configurable Distributed Systems.

[10]  Roger B. Myerson,et al.  Game theory - Analysis of Conflict , 1991 .

[11]  Mark Burgess,et al.  Predictable configuration management in a randomized scheduling framework , 2001, DSOM.

[12]  Alva L. Couch,et al.  The Maelstrom: Network Service Debugging via "Ineffective Procedures" , 2001, LISA.

[13]  B. Hagemark,et al.  Site: a language and system for configuring many computers as one computer site , 1989 .

[14]  Mark Burgess Two Dimensional Time-Series for Anomaly Detection and Regulation in Adaptive Systems , 2002, DSOM.

[15]  Stephanie Forrest,et al.  Principles of a computer immune system , 1998, NSPW '97.

[16]  Paul Helman,et al.  An immunological approach to change detection: algorithms, analysis and implications , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[17]  J. Neumann,et al.  Theory of games and economic behavior , 1945, 100 Years of Math Milestones.

[18]  Mark Burgess,et al.  On the theory of system administration , 2000, Sci. Comput. Program..

[19]  Mark Burgess,et al.  A Scaled, Immunological Approach to Anomaly Countermeasures , 2003 .

[20]  Yixin Diao,et al.  Optimizing Quality of Service Using Fuzzy Control , 2002, DSOM.

[21]  Steve Traugott,et al.  Why Order Matters: Turing Equivalence in Automated Systems Administration , 2002, LISA.

[22]  Barbara Webb,et al.  Swarm Intelligence: From Natural to Artificial Systems , 2002, Connect. Sci..

[23]  Jay Lepreau,et al.  Computer System Performance Problem Detection Using Time Series Model , 1993, USENIX Summer.

[24]  Jeff Magee,et al.  The Evolving Philosophers Problem: Dynamic Change Management , 1990, IEEE Trans. Software Eng..

[25]  Paul Anderson,et al.  Towards a High-Level Machine Configuration System , 1994, LISA.

[26]  MageeJeff,et al.  The Evolving Philosophers Problem , 1990 .