POSTECH DP & NM Lab. (1)(1) 1999. 4. 30 Policy Driven Management (1)(1) Policy Driven Management for Distributed Systems Mi-Joung Choi

Slides:



Advertisements
Similar presentations
An Adaptive Policy-Based Framework for Network Service Management Leonidas Lymberopoulos Emil Lupu Morris Sloman Department of Computing Imperial College.
Advertisements

1 A Model of OASIS Role-Based Access Control and Its Support for Active Security Rick Murphy, IT 862, Spring 2005.
Policy Specification, Analysis and Transformation International Technology Alliance in Network and Information Sciences A scenario based demo will illustrate.
1 Service Oriented Architectures (SOA): What Users Need to Know. OGF 19: January 31, 2007 Charlotte, NC John Salasin, Ph.D, Visiting Researcher National.
Introduction to Databases
Policy Description & Enforcement Languages Anis Yousefi
OASIS Reference Model for Service Oriented Architecture 1.0
Introduction To System Analysis and Design
1 Software Testing and Quality Assurance Lecture 12 - The Testing Perspective (Chapter 2, A Practical Guide to Testing Object-Oriented Software)
10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
Software Architecture Design Instructor: Dr. Jerry Gao.
The NSDL Registry Diane Hillmann  Jon Phipps. What We’re Doing Received an NSF grant in Oct. 2006, to: Register metadata schemas, vocabularies, application.
1 Surveys and Population-Based Studies u Definition of a "Survey" A method of collecting information about a human population in which direct (or indirect)
Introduction to Databases Transparencies
Data Warehousing Data Warehousing: A Definition “A data warehouse is a single integrated store of data which provides the infrastructural basis for informational.
Chapter 4 Relational Databases Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 4-1.
Introduction (Pendahuluan)  Information Security.
Web Service Architecture Part I- Overview and Models (based on W3C Working Group Note Frank.
XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.
Chapter 4 Relational Databases Copyright © 2012 Pearson Education 4-1.
Database Management COP4540, SCS, FIU An Introduction to database system.
10/5/1999Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
Chapter 4 The Relational Model.
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
A Modeling Language to Model Norms Karen Figueiredo Viviane Torres da Silva Universidade Federal Fluminense (UFF)
ITEC224 Database Programming
An Introduction to Software Architecture
MITREMITRE Coalition Security Policy Language Project 11 December 2000.
1 Introduction to Database Systems. 2 Database and Database System / A database is a shared collection of logically related data designed to meet the.
9/14/2012ISC329 Isabelle Bichindaritz1 Database System Life Cycle.
Organizing Data and Information AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.
1 Welcome: To the second learning sequence “ Data Base (DB) and Data Base Management System (DBMS) “ Recap : In the previous learning sequence, we discussed.
A service-oriented middleware for building context-aware services Center for E-Business Technology Seoul National University Seoul, Korea Tao Gu, Hung.
By Xiangzhe Li Thanh Nguyen.  Introduction  Terminology  Architecture  Component  Connector  Configuration  Architectural Style  Architectural.
POSTECH DP & NM Lab. (1)(1) POWER Prototype (1)(1) POWER Prototype : Towards Integrated Policy-based Management Mi-Joung Choi
Policy-Based Management: Bridging the Gap Mi-Joung Choi DP&NM Lab. POSTECH, Pohang Korea Tel:
1/26/2004TCSS545A Isabelle Bichindaritz1 Database Management Systems Design Methodology.
Home and building automation in a mixed-use building Ho-Jin Park ETRI, Korea ISO/IEC JTC1/SC25/WG1-N1535.
11 Usage policies for end point access control  XACML is Oasis standard to express enterprise security policies with a common XML based policy language.
Lecture # 3 & 4 Chapter # 2 Database System Concepts and Architecture Muhammad Emran Database Systems 1.
Cryptography and Network Security (CS435) Part One (Introduction)
2004/12/13 National Tsing Hua University, Taiwan1 USING KNOWLEDGE-BASED INTELLIGENT REASONING TO SUPPORT DYNAMIC COLLABORATIVE DESIGN Allen T.A. Chiang*,
6.1 © 2010 by Prentice Hall 6 Chapter Foundations of Business Intelligence: Databases and Information Management.
Object Oriented Multi-Database Systems An Overview of Chapters 4 and 5.
CS 772: Global Knowledge Networks V. “Juggy” Jagannathan CSEE, West Virginia University.
Week III  Recap from Last Week Review Classes Review Domain Model for EU-Bid & EU-Lease Aggregation Example (Reservation) Attribute Properties.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
MDD approach for the Design of Context-Aware Applications.
SASI Enforcement of Security Policies : A Retrospective* PSLab 오민경.
Computer Security: Principles and Practice
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
Copyright (c) 2014 Pearson Education, Inc. Introduction to DBMS.
Policy Based Management for Internet Communities Kevin Feeney, Dave Lewis, Vinny Wade, Knowledge and Data Engineering Group Trinity College Dublin Policy.
Annotation of Multimedia Documents. Approaches to Cooperation and Personalization. Annotation System January 1998
Context-Aware Middleware for Resource Management in the Wireless Internet US Lab 신현정.
An Introduction to database system
“ Database (DB) and Database Management System (DBMS) “
Building Trustworthy Semantic Webs
Chapter 4 Relational Databases
TIM 58 Chapter 8: Class and Method Design
2. An overview of SDMX (What is SDMX? Part I)
An Introduction to Software Architecture
Outline Announcements Lab2 Distributed File Systems 1/17/2019 COP5611.
Service Oriented Architectures (SOA): What Users Need to Know.
Database (DB) and Database Management System (DBMS)
Status Report: Towards Management of Future Internet
Outline Review of Quiz #1 Distributed File Systems 4/20/2019 COP5611.
Cryptography and Network Security
Ponder policy toolkit Jovana Balkoski, Rashid Mijumbi
Presentation transcript:

POSTECH DP & NM Lab. (1)(1) Policy Driven Management (1)(1) Policy Driven Management for Distributed Systems Mi-Joung Choi DP&NM

POSTECH DP & NM Lab. (2)(2) Policy Driven Management Contents Introduction –Definition, Architecture, Advantages Policy Classification Policy as Relationship Objects Example Policy Objects –Access Rules, Domain Membership Policy, Security Administrator, Responsibility Consideration Issues for policy Conclusions References

POSTECH DP & NM Lab. (3)(3) Policy Driven Management Introduction (1) Distributed System Management –monitoring the activity of a system –making management decision –performing control actions to modify the behavior of the system Policy –a relationship between a domain of subjects (managers) and a domain of target managed objects –one aspect of information which influences the behavior of objects within the system Policy Driven Management –perform management based on policy

POSTECH DP & NM Lab. (4)(4) Policy Driven Management Introduction (2) Managed Object Management Interface Normal Functionality Interfaces Management Policies Management Policies Managers Interprets Monitor Control Figure 1. PDM Architecture Interpreter

POSTECH DP & NM Lab. (5)(5) Policy Driven Management Introduction (3) Advantages –facilitates the dynamic change of behavior of a distributed management system –permits the reuse of the managers in different environments

POSTECH DP & NM Lab. (6)(6) Policy Driven Management DMS Architecture

POSTECH DP & NM Lab. (7)(7) Policy Driven Management Policy Classification (1) Authorization policies –define what an manager is permitted or not permitted to do –the operations they are permitted to perform on managed objects –considered target based Obligation Policies –define what a manager must or must not do –guide the decision making process –considered subject based

POSTECH DP & NM Lab. (8)(8) Policy Driven Management Policy Classification (2) Figure 2. Policies Influence Behavior of Object within System

POSTECH DP & NM Lab. (9)(9) Policy Driven Management Policy Classification (3) Positive Policy : permitting or must Negative Policy : prohibiting or must not Activity Based : the simplest policies State Based : include a predicate based on object state (ex) - John is permitted to read file F1(authorization & positive & activity based) –John is prohibited to read personnel records where employment grade > 10 (authorization & negative & state based) –Manager must perform reset on links with error count > 50 (obligation & positive & state based) –The standby manager must not perform any control actions (obligation & negative & activity based)

POSTECH DP & NM Lab. (10) Policy Driven Management Terminology Management domain : a collection of managed objects to which policies apply (subdomain, direct member, indirect member, parent) Constraints : specification to restrict the applicability of the policy (temporal constraints, parameter value constraints, preconditions) Propagation : policy applying to a parent domain, should propagate to member subdomains of parent Figure 4. Policy Propagation

POSTECH DP & NM Lab. (11) Policy Driven Management Policy as Relationship Objects Figure 3. Typical Management Relationship

POSTECH DP & NM Lab. (12) Policy Driven Management Example Policy Objects (1) Access Rules

POSTECH DP & NM Lab. (13) Policy Driven Management Example Policy Objects (2) Domain Membership Policy : – specify membership of a domain by specifying an object selection predicate & creating & deleting (Ex) – A+ any {include X, create X} Dt when X.type=T (any subject is permitted to include or create objects of type T in target domain Dt) – A- any {remove, delete} Dt when Dt.membernum > 2 (any subject is prohibited to remove or delete domain Dt when the member number is more than 2)

POSTECH DP & NM Lab. (14) Policy Driven Management Example Policy Objects (3) Security Administrator

POSTECH DP & NM Lab. (15) Policy Driven Management Example Policy Objects (4) Responsibility

POSTECH DP & NM Lab. (16) Policy Driven Management Consideration Issues of Policy Policy Implementation Issues : Policy Dissemination Function – transforms policies into a form suitable for interpretation – sends obligation policies to managers in subject domain – sends authorization policies to reference monitors associated with objects in the target domain Form : O+ | O- [on ] {actions} [when ] Policy Hierarchy – Policy Goals – Policy Rules – Policy Mechanism Information Policy Analysis – Coverage – Missing Obligation/Authorization – Conflicts

POSTECH DP & NM Lab. (17) Policy Driven Management Conclusions PDM provides the basis for dealing with automated & dynamic & reusable management Policy specification language should produce a set of rules which can be interpreted by managers Domains are used to specify the scope for applying the policy Important Issues : policy analysis, conflict detection & resolution

POSTECH DP & NM Lab. (18) Policy Driven Management References Morris Sloman, “Policy Driven Management for Distributed Systems,” Journal of Network and Systems Management, Plenum Press. Vol.2 No.4, 1994.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.