Efficient Policy Conflict Analysis for Autonomic Network Management

Abstract Autonomic network management strives to reduce the complexity associated to managing large scale communications networks. Policy based management is a critical facilitator for this vision and more importantly policy conflict analysis processes must be efficient and scalable to cope with the dynamicity and size of such communications networks. We present an efficient policy selection process for policy conflict analysis that maintains a history of previous policy comparisons in a tree based data structure to reduce the number comparisons required in subsequent iterations. The ability to incorporate historical information into the selection process stems from the two phase approach we take in our conflict analysis algorithm. The first phase of the algorithm initialises a relationship pattern matrix between a candidate policy and a deployed policy, the second phase matches this pattern against a conflict signature. Previous solutions compare candidate policies against all deployed policies sequentially, however our approach can re-use the patterns already discovered from previous iterations of the algorithm to reduce the number of comparisons. Experimental results presented here show that significant performance improvements can be made using this approach, however the degree of this improvement is dependent on the nature of the relationships between deployed policies.

[1]  Paris Flegkas,et al.  Policy conflict analysis for quality of service management , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[2]  Naranker Dulay,et al.  Authorisation and Conflict Resolution for Hierarchical Domains , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).

[3]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[4]  Jeffrey M. Bradshaw,et al.  KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[5]  Paris Flegkas,et al.  Dynamic Policy Analysis and Conflict Resolution for DiffServ Quality of Service Management , 2006, 2006 IEEE/IFIP Network Operations and Management Symposium NOMS 2006.

[6]  Brendan Jennings,et al.  Towards autonomic management of communications networks , 2007, IEEE Communications Magazine.

[7]  Brendan Jennings,et al.  Application domain independent policy conflict analysis using information models , 2008, NOMS 2008 - 2008 IEEE Network Operations and Management Symposium.

[8]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..

[9]  Ehab Al-Shaer,et al.  Conflict classification and analysis of distributed firewall policies , 2005, IEEE Journal on Selected Areas in Communications.

[10]  Jorge Lobo,et al.  Policy ratification , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[11]  Timothy W. Finin,et al.  A policy language for a pervasive computing environment , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.