Nothing Special   »   [go: up one dir, main page]

Skip to main content
Log in

Policy driven management for distributed systems

  • Papers
  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

Separating management policy from the automated managers which interpret the policy facilitates the dynamic change of behavior of a distributed management system. This permits it to adapt to evolutionary changes in the system being managed and to new application requirements. Changing the behavior of automated managers can be achieved by changing the policy without having to reimplement them—this permits the reuse of the managers in different environments. It is also useful to have a clear specification of the policy applying to human managers in an enterprise. This paper describes the work on policy which has come out of two related ESPRIT funded projects, SysMan and IDSM. Two classes of policy are elaborated—authorization policies define what a manager is permitted to do and obligation policies define what a manager must do. Policies are specified as objects which define a relationship between subjects (managers) and targets (managed objects). Domains are used to group the objects to which a policy applies. Policy objects also have attributes specifying the action to be performed and constraints limiting the applicability of the policy. We show how a number of example policies can be modeled using these objects and briefly mention issues relating to policy hierarchy and conflicts between overlapping policies.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. M. S. Sloman and J. D. Moffett, Domain Management for Distributed Systems,Integrated Network Management I, B. Meandzija and J. Wescott (eds.), North Holland, pp. 505–516, 1989.

  2. M. S. Sloman, B. J. Varley, J. D. Moffett, and K. P. Twidle, Domain Management and Accounting in an International Cellular Network,Integrated Network Management III (C-12), H.-G Hegering, and Y. Yemini (eds.), North-Holland, pp. 193–206, 1993.

  3. J. D. Moffett and M. S. Sloman, User and Mechanism Views of Distributed System Management,IEE/IOP/BCS Distributed Systems Engineering, Vol. 1, No. 1, pp. 37–47, 1993.

    Google Scholar 

  4. K. Becker, U. Raabe, M. Sloman and K. Twidle (eds.), Domain and Policy Service Specification.IDSM Deliverable D6, SysMan Deliverable MA2V2, Oct. 1993. Available by FTP from dse.doc.ic.ac.uk.

  5. M. Sloman, J. Magee, K. Twidle, and J. Kramer, An Architecture for Managing Distributed Systems,Proc. 4th IEEE Workshop on Future Trends of Distributed Computing Systems, Lisbon, pp. 40–46, September 1993.

  6. B. Alpers and H. Plansky, Domain and Policy Based Management: Concepts and Implementation Architecture,IEEE/IFIP Workshop on Distributed Systems Operations and Management, Toulouse, October 1994.

  7. J. D. Moffett and M. S. Sloman, Content-Dependent Access Control,ACM SIGOPS Operating Systems Review, Vol. 25, No. 2, pp. 63–70, April 1991.

    Google Scholar 

  8. J. D. Moffett and M. S. Sloman, Policy Conflict Analysis in Distributed Systems Management, Ablex Publishing,Organizational Computing, Vol. 4, No. 1, pp. 1–22, 1994.

    Google Scholar 

  9. R. Wies, Policy Definition and Classification: Aspects, Criteria and Examples,IEEE/IFIP Workshop on Distributed Systems Operations and Management, Toulouse, October 1994.

  10. J. D. Moffett and M. S. Sloman, The Representation of Policies as System Object,Proc. Conf. on Organizational Computer Systems (COCS 91), Atlanta, SIGOIS Bulletin, Vol. 12, Nos. 2&3, pp. 171–184, 1991.

    Google Scholar 

  11. J. D. Moffett, M. S. Sloman, and K. P. Twidle, Specifying Discretionary Access Control Policy for Distributed Systems,Computer Communications, Vol. 13, No. 9, pp. 571–580, 1990.

    Google Scholar 

  12. Information Technology, Open Systems Interconnection, Systems Management Overview, ISO/IEC 10040, November 1992.

  13. K. P. Twidle, Domain Services for Distributed Systems Management, PhD Thesis, May 1993, Department of Computing, Imperial College.

  14. M. Mansouri-Samani and M. Sloman GEM: A Language for Generalized Event ManagementImperial College Department of Computing, Research Report DoC 93/49, Nov. 1993, Available by FTP from dse.doc.ic.ac.uk.

  15. H. Schwingel-Horner and G. Bonn, IDSM Authorization Policy Specification and Enforcement in a Hierarchical Management Environment,IEEE/IFIP Workshop on Distributed Systems Operations and Management, Toulouse, October 1994.

  16. The OSF Distributed Management Environment architecture. Open Software Foundation, 11 Cambridge Center, Cambridge, Massachusetts, May 1992.

  17. ANSAware 4.1: Application Programming in ANSAware, Document RM.102.02, Architecture Projects Management, Poseidon House, Castle Park, Cambridge CM3 0RD, UK, February 1993.

  18. Object Management Group, The Common Object Request Broker Architecture (CORBA) and Specification VI. 1, OMG, December 1991.

  19. E. Thomas and B. Biddle,Role Theory: Concepts and Research, Krieger Publishing, 1979.

  20. Esprit Project 5165, DOMAINS Basic Concepts, Version 2.0 (Nov 1991), Philips Gmbh, PO Box 1980, W 5100 Aachen, Germany.

  21. J. D. Moffett and M. S. Sloman, Policy Hierarchies for Distributed System,Proc. IEEE JSAC, Vol. 11, No. 9, pp. 1404–1414, 1993.

    Google Scholar 

  22. M. J. Masullo and S. B. Calo, Policy Management: An Architecture and Approach,Proc. IEEE Workshop on Systems Management, UCLA, California, April 1993.

  23. A. Heydon, M. Maimone, J. Tygar, J. Wing, and A. Zaremski, Miró: Visual Specification of Security,IEEE Trans. on Software Eng., Vol. 16, No. 10, pp. 1185–1197, October 1990.

    Google Scholar 

  24. Esprit Project 5165, DOMAINS Deliverable 2c Version 1.0, DOMAINS-Management Architecture, Philips Gmbh, PO Box 1980, W 5100 Aachen, Germany, May 1992.

  25. K. Becker and D. Holden, Specifying the Dynamic Behavior of Management Systems, Plenum Press,Journal of Network and Systems Management, Vol. 1, No. 3, pp. 281–298, 1993.

    Google Scholar 

  26. J. Roos, P. Putter, and C. Bekker, Modelling Management Policy Using Enriched Managed Objects,Integrated Network Management III (C-12), H.-G Hegering and Y. Yemini (eds.), North-Holland, pp. 207–215, 1993.

  27. R. Wies, Policies in Network and Systems Management-Formal Distribution and Architecture, Plenum Press,Journal of Network and Systems Management, Vol. 2, No. 1, pp. 63–83, 1994.

    Google Scholar 

  28. B. Meyer, and C. Popien, Defining Policies for Performance Management in Open Distributed Systems,IEEE/IFIP Workshop on Distributed Systems Operations and Management, Toulouse, October 1994.

  29. Information Technology, Open Systems Interconnection, Systems Management Overview, Amendment 2: Management Domains Architecture, PDAM 10042, November 1993.

  30. Information Technology, Open Systems Interconnection, Systems Management, Part 19: Management Domain and Management Policy Management Function, ISO/IEC CD 10164-19, January 1994.

  31. D. Brewer and M. Nash, The Chinese Wall Security Policy,Proc. IEEE Symposium on Security and Privacy, IEEE Computer Society, 1989.

  32. D. Clark, and D. R. Wilson. A Comparison of Commercial and Military Computer Security Policies,Proc. IEEE Symposium on Security and Privacy, 1987.

  33. D. Jonscher, Extending Access Control with Duties Realized by Active Mechanism,IFIP WG 11.3 Sixth Working Conference on Database Security, Vancouver, August 1992.

  34. K. Marzullo, R. Cooper, M. Wood, and K. Birman, Tools for Distributed Application Management,IEEE Computer, Vol. 24, No. 8, pp. 42–51, 1991.

    Google Scholar 

  35. M. J. Masullo and E. Mozes, A Methods Specification Langugage for object oriented Databases,Research Report 16360, 1990, IBM TJ Watson Research Center, Yorktown Heights, New York.

  36. K. Ong, and R. Lee, A Logic Model for Maintaining Consistency of Bureaucratic Policies, Proc. 26th Annual Hawaii Conf. on System Sciences, Vol. III, pp. 503–512, 1993.

    Google Scholar 

  37. D. Marriott, Management Policy Specification, Imperial College Department of Computing, Research Report DoC. 94/1, Nov. 93, Available by FTP from dse.doc.ic.ac.uk.

Download references

Author information

Authors and Affiliations

Authors

Rights and permissions

Reprints and permissions

About this article

Cite this article

Sloman, M. Policy driven management for distributed systems. J Netw Syst Manage 2, 333–360 (1994). https://doi.org/10.1007/BF02283186

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1007/BF02283186

Key Words

Navigation