DIMACS Working Group Meeting on Policy Driven Decision Making and Dynamic Interoperability

December 8, 2000
DIMACS Center, Rutgers University, Piscataway, NJ

Tom Buckman, MITRE Corporation, buckmant@mitre.org
Joan Feigenbaum, Yale University, jf@cs.yale.edu
Fred Roberts, Rutgers University, froberts@dimacs.rutgers.edu
Presented under the auspices of the Special Year on Next Generation Networks Technologies and Applications.

Co-sponsored by DIMACS, the Office of Naval Research and the National Science Foundation.



A Taxonomy for Computer Systems Interoperability
Bruce Barnes, Terry Bollinger and Edgar Sibley

Abstract: Interoperability between heterogeneous computer systems is
vital to many types of enterprises, but the need for interoperability is
particularly conspicuous in naval and other military applications where
pressing new requirements  may arise quickly and change rapidly. This
presentation will describe the problem and provides a visual taxonomy to
help understand the scope and research needs of this enormous problem.
It explores several dimensions of computer systems interoperability
including, the diversity of equipment and personnel over which systems
interoperability is needed.  Each of the various elements of computer
systems infrastructure must interoperate.  Another dimension includes
some of the attributes of the computer systems such as, scalability,
functionality, and binding time.

2. TITLE: XML Based InteroperabilityComponents SPEAKER: Dr. Tom Buckman, MITRE Corporation ABSTRACT XML has emerged as an essential construct in a number of recent initiatives aimed at improving interoperability at the business component level. These initiatives hold the promise of greatly improving the ability of organizations to quickly join themselves together to achieve mutually agreed goals and objectives. However, absent from the current work is consideration of how to rapidly conduct policy negotiations between these organization and translate the results into a coordinated set of actions that can be used to help automate the process of the organizations joining themselves together. This talk looks at the enabling role of XML within the architecture frameworks of three initiatives aimed at improving interoperability at the business component level: RosettaNet, ebXML and Open Buying on the Internet (OBI). Key ideas are highlighted and the potential role of policy based decision making in extending these ideas is illustrated.
3. TITLE: Conflict Resolution in Policy Management SPEAKER: Jan Chomicki, Associate Professor, CSE Dept, University at Buffalo ABSTRACT: The simple event-condition-action (ECA) rule paradigm of active databases has proved very useful in many database applications. However, its applicability goes beyond data management. ECA rules can be used in network management and monitoring, electronic commerce, security and access management, and other application areas, to express policies -- collections of general principles specifying the desired behavior of a system. Usually, policies are coded in an imperative programming language like Java. This makes for implementation ease and efficiency but limits what can be done with policies. For instance, it is difficult to maintain, verify, or analyze such policies. In this talk I will use a declarative policy definition language PDL, in which policies are formulated as sets of ECA rules. In contrast to standard database trigger languages, PDL has a rich event sublanguage but allows only uninterpreted actions. In addition to rules, one can specify in PDL constraints on concurrent or sequential execution of actions. I will address the issue of defining policy monitors that guarantee that constraint violations (action conflicts) are fully resolved at run-time. The monitors resolve conflicts through action cancellation or delay. The monitors may also differ with respect to a novel property called "unobtrusiveness" which requires that conflict resolution produce a result corresponding to some conflict-free execution of the policy. I will show how to specify the monitors declaratively using (a variant of) Datalog. I will also present algorithms for the evaluation of monitors and study their computational properties. Finally, I will describe the architecture of a PDL-based policy server being used to provide centralized administration of a soft switch in a communication network.
4. TITLE: Dynamic Policies Through Context-Sensitive Situations SPEAKER: Dr. Opher Etzion Manager, Active Management Technologies; IBM Research Laboratory in Haifa ABSTRACT: Policies may be driven by complex combination of events that may have temporal or spatio-temporal characteristics. An example is the stock market domain : "If I am not in a meeting then notify me whenever IBM stock went up by three percent within two hours". Amit (Active middleware technology) is a research project in IBM that deals with integration of data and events from different sources, to provide high-speed situation detection mechanism. In the talk I'll describe the technology features, as well as one of its applications, the management of virtual enterprises integrating events from the IT infrastructure ("a communication line has failed") and from the business processes world ("the delivery truck has been delayed due to a blocked road").
5. Generalized Certificate Revocation Carl A. Gunter, University of Pennsylvania This talk introduces a language for creating and manipulating CERTIFICATES, that is, digitally signed data based on public key cryptography, and a system for REVOKING certificates. Our approach provides a uniform mechanism for secure distribution of public key bindings, authorizations, and revocation information. An external language for the description of these and other forms of data is compiled into an intermediate language with a well-defined denotational and operational semantics. The internal language is used to carry out consistency checks for security and optimizations for efficiency. Our primary contribution is a technique for treating revocation data DUALLY to other sorts of information using a polarity discipline in the intermediate language. This is joint work with Trevor Jim. A paper on the topic can be found at http://www.cis.upenn.edu/~qcm/papers/popl00.ps.
6. Communal Access Control Policies, and Interoperability Between Them Naftaly Minsky, Rutgers University It is my thesis that for a group of autonomous agents to interoperate effectively, they must be able to trust each other to comply with some common rules-of-engagement, or a policy. Moreover, it stands to reason that if the members of the group in question are heterogeneous, with little or no trust in each other, then their interaction-policy needs to be enforced; and that this enforcement needs to be de-centralized, if the group can be large. Guided by this thesis we have developed a coordination mechanism called Law-Governed Interaction (LGI), that enables a community C of distributed agents to interact under an explicit and strictly enforced policy, called the ``law'' of this community. This mechanism, which is currently prototyped by the Moses toolkit, has the following characteristics: (a) The membership of C can change dynamically, and can be very large. (b) LGI makes no assumptions about the structure and behavior of members of C, which can, therefore, be quite heterogeneous. (c) The deployment of a community under a specified law is easy, incremental, and can be done dynamically. (d) The enforcement of laws under LGI is strictly decentralized---for scalability. In the talk, I will attempt to motivate this mechanism, and describe its nature.
7. Network Configuration Management and Interoperability S. Raj Rajagopalan, Telcordia Technologies Security has often been cited as the primary obstacle in the fielding of many technologies in both commercial and DoD networks. Past experience also demonstrates our inability to manage networks in such a way that desired security properties are upheld as the network changes. Network management tools are needed to automate management of firewall networks in dynamic environments to the fullest extent possible. Rather than depend on human administrators to provide the right configurations on each network element, it would be necessary in the future to enable network elements to adapt to change by reconfiguring as appropriate. The challenge would then be for these network elements to know the right reconfiguration so that the appropriate security policies are upheld while legitimate users are not inconvenienced by loss of service. This project focuses on management of configurations of network elements so that stated policies can be upheld. Our specific application is to design, develop, and demonstrate a prototype system for automatically managing a network of firewalls in an enterprise network so that security policy is upheld constantly as the network changes. Specifically, we aim to build an automatic reconfiguration system that not only guarantees that the security policy is being upheld in a network but also allows two different administrative domains with different security policies to negotiate their interconnections to uphold their respective security policies. The salient aspects of our approach are: (1) strict separation between the policy, network topology, and the mechanisms used to implement the policy, (2) specification of policies and topology at all layers in the network from the physical layer to the application layer in as human comprehensible language as possible, (3) reduction of policy administration to configuration management using models of network elements and protocols, (4) extension of policy administration to all relevant network elements such as firewalls, routers, switches, workstations, etc, and (5) explicit composability of network policies and models to reason about a network as a whole rather than individual elements.
Other Workshops
DIMACS Homepage
Contacting the Center
Document last modified on December 8, 2000.