Abstract
Separating management policy from the automated managers which interpret the policy facilitates the dynamic change of behavior of a distributed management system. This permits it to adapt to evolutionary changes in the system being managed and to new application requirements. Changing the behavior of automated managers can be achieved by changing the policy without having to reimplement them—this permits the reuse of the managers in different environments. It is also useful to have a clear specification of the policy applying to human managers in an enterprise. This paper describes the work on policy which has come out of two related ESPRIT funded projects, SysMan and IDSM. Two classes of policy are elaborated—authorization policies define what a manager is permitted to do and obligation policies define what a manager must do. Policies are specified as objects which define a relationship between subjects (managers) and targets (managed objects). Domains are used to group the objects to which a policy applies. Policy objects also have attributes specifying the action to be performed and constraints limiting the applicability of the policy. We show how a number of example policies can be modeled using these objects and briefly mention issues relating to policy hierarchy and conflicts between overlapping policies.
Similar content being viewed by others
References
M. S. Sloman and J. D. Moffett, Domain Management for Distributed Systems,Integrated Network Management I, B. Meandzija and J. Wescott (eds.), North Holland, pp. 505–516, 1989.
M. S. Sloman, B. J. Varley, J. D. Moffett, and K. P. Twidle, Domain Management and Accounting in an International Cellular Network,Integrated Network Management III (C-12), H.-G Hegering, and Y. Yemini (eds.), North-Holland, pp. 193–206, 1993.
J. D. Moffett and M. S. Sloman, User and Mechanism Views of Distributed System Management,IEE/IOP/BCS Distributed Systems Engineering, Vol. 1, No. 1, pp. 37–47, 1993.
K. Becker, U. Raabe, M. Sloman and K. Twidle (eds.), Domain and Policy Service Specification.IDSM Deliverable D6, SysMan Deliverable MA2V2, Oct. 1993. Available by FTP from dse.doc.ic.ac.uk.
M. Sloman, J. Magee, K. Twidle, and J. Kramer, An Architecture for Managing Distributed Systems,Proc. 4th IEEE Workshop on Future Trends of Distributed Computing Systems, Lisbon, pp. 40–46, September 1993.
B. Alpers and H. Plansky, Domain and Policy Based Management: Concepts and Implementation Architecture,IEEE/IFIP Workshop on Distributed Systems Operations and Management, Toulouse, October 1994.
J. D. Moffett and M. S. Sloman, Content-Dependent Access Control,ACM SIGOPS Operating Systems Review, Vol. 25, No. 2, pp. 63–70, April 1991.
J. D. Moffett and M. S. Sloman, Policy Conflict Analysis in Distributed Systems Management, Ablex Publishing,Organizational Computing, Vol. 4, No. 1, pp. 1–22, 1994.
R. Wies, Policy Definition and Classification: Aspects, Criteria and Examples,IEEE/IFIP Workshop on Distributed Systems Operations and Management, Toulouse, October 1994.
J. D. Moffett and M. S. Sloman, The Representation of Policies as System Object,Proc. Conf. on Organizational Computer Systems (COCS 91), Atlanta, SIGOIS Bulletin, Vol. 12, Nos. 2&3, pp. 171–184, 1991.
J. D. Moffett, M. S. Sloman, and K. P. Twidle, Specifying Discretionary Access Control Policy for Distributed Systems,Computer Communications, Vol. 13, No. 9, pp. 571–580, 1990.
Information Technology, Open Systems Interconnection, Systems Management Overview, ISO/IEC 10040, November 1992.
K. P. Twidle, Domain Services for Distributed Systems Management, PhD Thesis, May 1993, Department of Computing, Imperial College.
M. Mansouri-Samani and M. Sloman GEM: A Language for Generalized Event ManagementImperial College Department of Computing, Research Report DoC 93/49, Nov. 1993, Available by FTP from dse.doc.ic.ac.uk.
H. Schwingel-Horner and G. Bonn, IDSM Authorization Policy Specification and Enforcement in a Hierarchical Management Environment,IEEE/IFIP Workshop on Distributed Systems Operations and Management, Toulouse, October 1994.
The OSF Distributed Management Environment architecture. Open Software Foundation, 11 Cambridge Center, Cambridge, Massachusetts, May 1992.
ANSAware 4.1: Application Programming in ANSAware, Document RM.102.02, Architecture Projects Management, Poseidon House, Castle Park, Cambridge CM3 0RD, UK, February 1993.
Object Management Group, The Common Object Request Broker Architecture (CORBA) and Specification VI. 1, OMG, December 1991.
E. Thomas and B. Biddle,Role Theory: Concepts and Research, Krieger Publishing, 1979.
Esprit Project 5165, DOMAINS Basic Concepts, Version 2.0 (Nov 1991), Philips Gmbh, PO Box 1980, W 5100 Aachen, Germany.
J. D. Moffett and M. S. Sloman, Policy Hierarchies for Distributed System,Proc. IEEE JSAC, Vol. 11, No. 9, pp. 1404–1414, 1993.
M. J. Masullo and S. B. Calo, Policy Management: An Architecture and Approach,Proc. IEEE Workshop on Systems Management, UCLA, California, April 1993.
A. Heydon, M. Maimone, J. Tygar, J. Wing, and A. Zaremski, Miró: Visual Specification of Security,IEEE Trans. on Software Eng., Vol. 16, No. 10, pp. 1185–1197, October 1990.
Esprit Project 5165, DOMAINS Deliverable 2c Version 1.0, DOMAINS-Management Architecture, Philips Gmbh, PO Box 1980, W 5100 Aachen, Germany, May 1992.
K. Becker and D. Holden, Specifying the Dynamic Behavior of Management Systems, Plenum Press,Journal of Network and Systems Management, Vol. 1, No. 3, pp. 281–298, 1993.
J. Roos, P. Putter, and C. Bekker, Modelling Management Policy Using Enriched Managed Objects,Integrated Network Management III (C-12), H.-G Hegering and Y. Yemini (eds.), North-Holland, pp. 207–215, 1993.
R. Wies, Policies in Network and Systems Management-Formal Distribution and Architecture, Plenum Press,Journal of Network and Systems Management, Vol. 2, No. 1, pp. 63–83, 1994.
B. Meyer, and C. Popien, Defining Policies for Performance Management in Open Distributed Systems,IEEE/IFIP Workshop on Distributed Systems Operations and Management, Toulouse, October 1994.
Information Technology, Open Systems Interconnection, Systems Management Overview, Amendment 2: Management Domains Architecture, PDAM 10042, November 1993.
Information Technology, Open Systems Interconnection, Systems Management, Part 19: Management Domain and Management Policy Management Function, ISO/IEC CD 10164-19, January 1994.
D. Brewer and M. Nash, The Chinese Wall Security Policy,Proc. IEEE Symposium on Security and Privacy, IEEE Computer Society, 1989.
D. Clark, and D. R. Wilson. A Comparison of Commercial and Military Computer Security Policies,Proc. IEEE Symposium on Security and Privacy, 1987.
D. Jonscher, Extending Access Control with Duties Realized by Active Mechanism,IFIP WG 11.3 Sixth Working Conference on Database Security, Vancouver, August 1992.
K. Marzullo, R. Cooper, M. Wood, and K. Birman, Tools for Distributed Application Management,IEEE Computer, Vol. 24, No. 8, pp. 42–51, 1991.
M. J. Masullo and E. Mozes, A Methods Specification Langugage for object oriented Databases,Research Report 16360, 1990, IBM TJ Watson Research Center, Yorktown Heights, New York.
K. Ong, and R. Lee, A Logic Model for Maintaining Consistency of Bureaucratic Policies, Proc. 26th Annual Hawaii Conf. on System Sciences, Vol. III, pp. 503–512, 1993.
D. Marriott, Management Policy Specification, Imperial College Department of Computing, Research Report DoC. 94/1, Nov. 93, Available by FTP from dse.doc.ic.ac.uk.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Sloman, M. Policy driven management for distributed systems. J Netw Syst Manage 2, 333–360 (1994). https://doi.org/10.1007/BF02283186
Issue Date:
DOI: https://doi.org/10.1007/BF02283186