Presentation is loading. Please wait.

Presentation is loading. Please wait.

POSTECH DP & NM Lab. (1)(1) 1999. 4. 30 Policy Driven Management (1)(1) Policy Driven Management for Distributed Systems Mi-Joung Choi

Published byEdmund Shields Modified over 8 years ago

Similar presentations

Presentation on theme: "POSTECH DP & NM Lab. (1)(1) 1999. 4. 30 Policy Driven Management (1)(1) Policy Driven Management for Distributed Systems Mi-Joung Choi"— Presentation transcript:

1 POSTECH DP & NM Lab. (1)(1) 1999. 4. 30 Policy Driven Management (1)(1) Policy Driven Management for Distributed Systems Mi-Joung Choi mjchoi@postech.ac.kr DP&NM

2 POSTECH DP & NM Lab. (2)(2) 1999. 4. 30 Policy Driven Management Contents Introduction –Definition, Architecture, Advantages Policy Classification Policy as Relationship Objects Example Policy Objects –Access Rules, Domain Membership Policy, Security Administrator, Responsibility Consideration Issues for policy Conclusions References

3 POSTECH DP & NM Lab. (3)(3) 1999. 4. 30 Policy Driven Management Introduction (1) Distributed System Management –monitoring the activity of a system –making management decision –performing control actions to modify the behavior of the system Policy –a relationship between a domain of subjects (managers) and a domain of target managed objects –one aspect of information which influences the behavior of objects within the system Policy Driven Management –perform management based on policy

4 POSTECH DP & NM Lab. (4)(4) 1999. 4. 30 Policy Driven Management Introduction (2) Managed Object Management Interface Normal Functionality Interfaces Management Policies Management Policies Managers Interprets Monitor Control Figure 1. PDM Architecture Interpreter

5 POSTECH DP & NM Lab. (5)(5) 1999. 4. 30 Policy Driven Management Introduction (3) Advantages –facilitates the dynamic change of behavior of a distributed management system –permits the reuse of the managers in different environments

6 POSTECH DP & NM Lab. (6)(6) 1999. 4. 30 Policy Driven Management DMS Architecture

7 POSTECH DP & NM Lab. (7)(7) 1999. 4. 30 Policy Driven Management Policy Classification (1) Authorization policies –define what an manager is permitted or not permitted to do –the operations they are permitted to perform on managed objects –considered target based Obligation Policies –define what a manager must or must not do –guide the decision making process –considered subject based

8 POSTECH DP & NM Lab. (8)(8) 1999. 4. 30 Policy Driven Management Policy Classification (2) Figure 2. Policies Influence Behavior of Object within System

9 POSTECH DP & NM Lab. (9)(9) 1999. 4. 30 Policy Driven Management Policy Classification (3) Positive Policy : permitting or must Negative Policy : prohibiting or must not Activity Based : the simplest policies State Based : include a predicate based on object state (ex) - John is permitted to read file F1(authorization & positive & activity based) –John is prohibited to read personnel records where employment grade > 10 (authorization & negative & state based) –Manager must perform reset on links with error count > 50 (obligation & positive & state based) –The standby manager must not perform any control actions (obligation & negative & activity based)

10 POSTECH DP & NM Lab. (10) 1999. 4. 30 Policy Driven Management Terminology Management domain : a collection of managed objects to which policies apply (subdomain, direct member, indirect member, parent) Constraints : specification to restrict the applicability of the policy (temporal constraints, parameter value constraints, preconditions) Propagation : policy applying to a parent domain, should propagate to member subdomains of parent Figure 4. Policy Propagation

11 POSTECH DP & NM Lab. (11) 1999. 4. 30 Policy Driven Management Policy as Relationship Objects Figure 3. Typical Management Relationship

12 POSTECH DP & NM Lab. (12) 1999. 4. 30 Policy Driven Management Example Policy Objects (1) Access Rules

13 POSTECH DP & NM Lab. (13) 1999. 4. 30 Policy Driven Management Example Policy Objects (2) Domain Membership Policy : – specify membership of a domain by specifying an object selection predicate & creating & deleting (Ex) – A+ any {include X, create X} Dt when X.type=T (any subject is permitted to include or create objects of type T in target domain Dt) – A- any {remove, delete} Dt when Dt.membernum > 2 (any subject is prohibited to remove or delete domain Dt when the member number is more than 2)

14 POSTECH DP & NM Lab. (14) 1999. 4. 30 Policy Driven Management Example Policy Objects (3) Security Administrator

15 POSTECH DP & NM Lab. (15) 1999. 4. 30 Policy Driven Management Example Policy Objects (4) Responsibility

16 POSTECH DP & NM Lab. (16) 1999. 4. 30 Policy Driven Management Consideration Issues of Policy Policy Implementation Issues : Policy Dissemination Function – transforms policies into a form suitable for interpretation – sends obligation policies to managers in subject domain – sends authorization policies to reference monitors associated with objects in the target domain Form : O+ | O- [on ] {actions} [when ] Policy Hierarchy – Policy Goals – Policy Rules – Policy Mechanism Information Policy Analysis – Coverage – Missing Obligation/Authorization – Conflicts

17 POSTECH DP & NM Lab. (17) 1999. 4. 30 Policy Driven Management Conclusions PDM provides the basis for dealing with automated & dynamic & reusable management Policy specification language should produce a set of rules which can be interpreted by managers Domains are used to specify the scope for applying the policy Important Issues : policy analysis, conflict detection & resolution

18 POSTECH DP & NM Lab. (18) 1999. 4. 30 Policy Driven Management References Morris Sloman, “Policy Driven Management for Distributed Systems,” Journal of Network and Systems Management, Plenum Press. Vol.2 No.4, 1994.

Download ppt "POSTECH DP & NM Lab. (1)(1) 1999. 4. 30 Policy Driven Management (1)(1) Policy Driven Management for Distributed Systems Mi-Joung Choi"

Similar presentations

An Adaptive Policy-Based Framework for Network Service Management Leonidas Lymberopoulos Emil Lupu Morris Sloman Department of Computing Imperial College.

An Adaptive Policy-Based Framework for Network Service Management Leonidas Lymberopoulos Emil Lupu Morris Sloman Department of Computing Imperial College.
1 A Model of OASIS Role-Based Access Control and Its Support for Active Security Rick Murphy, IT 862, Spring 2005.

1 A Model of OASIS Role-Based Access Control and Its Support for Active Security Rick Murphy, IT 862, Spring 2005.
Policy Specification, Analysis and Transformation International Technology Alliance in Network and Information Sciences A scenario based demo will illustrate.

Policy Specification, Analysis and Transformation International Technology Alliance in Network and Information Sciences A scenario based demo will illustrate.
1 Service Oriented Architectures (SOA): What Users Need to Know. OGF 19: January 31, 2007 Charlotte, NC John Salasin, Ph.D, Visiting Researcher National.

1 Service Oriented Architectures (SOA): What Users Need to Know. OGF 19: January 31, 2007 Charlotte, NC John Salasin, Ph.D, Visiting Researcher National.
Introduction to Databases

Introduction to Databases
Policy Description & Enforcement Languages Anis Yousefi

Policy Description & Enforcement Languages Anis Yousefi
OASIS Reference Model for Service Oriented Architecture 1.0

OASIS Reference Model for Service Oriented Architecture 1.0
Introduction To System Analysis and Design

Introduction To System Analysis and Design
1 Software Testing and Quality Assurance Lecture 12 - The Testing Perspective (Chapter 2, A Practical Guide to Testing Object-Oriented Software)

1 Software Testing and Quality Assurance Lecture 12 - The Testing Perspective (Chapter 2, A Practical Guide to Testing Object-Oriented Software)
10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.

10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
Software Architecture Design Instructor: Dr. Jerry Gao.

Software Architecture Design Instructor: Dr. Jerry Gao.
The NSDL Registry Diane Hillmann  Jon Phipps. What We’re Doing Received an NSF grant in Oct. 2006, to: Register metadata schemas, vocabularies, application.

The NSDL Registry Diane Hillmann  Jon Phipps. What We’re Doing Received an NSF grant in Oct. 2006, to: Register metadata schemas, vocabularies, application.
1 Surveys and Population-Based Studies u Definition of a Survey A method of collecting information about a human population in which direct (or indirect)

1 Surveys and Population-Based Studies u Definition of a "Survey" A method of collecting information about a human population in which direct (or indirect)
Introduction to Databases Transparencies

Introduction to Databases Transparencies
Data Warehousing Data Warehousing: A Definition “A data warehouse is a single integrated store of data which provides the infrastructural basis for informational.

Data Warehousing Data Warehousing: A Definition “A data warehouse is a single integrated store of data which provides the infrastructural basis for informational.
Chapter 4 Relational Databases Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 4-1.

Chapter 4 Relational Databases Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 4-1.
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Web Service Architecture Part I- Overview and Models (based on W3C Working Group Note Frank.

Web Service Architecture Part I- Overview and Models (based on W3C Working Group Note Frank.
XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.

XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.

Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.

Similar presentations

Ads by Google