DIMACS Working Group Meeting on Policy Driven Decision Making and Dynamic Interoperability

December 8, 2000
DIMACS Center, Rutgers University, Piscataway, NJ

Organizers:

Tom Buckman, MITRE Corporation, buckmant@mitre.org

Joan Feigenbaum, Yale University, jf@cs.yale.edu

Fred Roberts, Rutgers University, froberts@dimacs.rutgers.edu

1.

A Taxonomy for Computer Systems Interoperability
Bruce Barnes, Terry Bollinger and Edgar Sibley

Abstract: Interoperability between heterogeneous computer systems is
vital to many types of enterprises, but the need for interoperability is
particularly conspicuous in naval and other military applications where
pressing new requirements  may arise quickly and change rapidly. This
presentation will describe the problem and provides a visual taxonomy to
help understand the scope and research needs of this enormous problem.
It explores several dimensions of computer systems interoperability
including, the diversity of equipment and personnel over which systems
interoperability is needed.  Each of the various elements of computer
systems infrastructure must interoperate.  Another dimension includes
some of the attributes of the computer systems such as, scalability,
functionality, and binding time.


2.

TITLE:  XML Based InteroperabilityComponents
SPEAKER:  Dr. Tom Buckman, MITRE Corporation

ABSTRACT

XML has emerged as an essential construct in a number of recent initiatives 
aimed at improving interoperability at the business component level.  These 
initiatives hold the promise of greatly improving the ability of 
organizations to quickly join themselves together to achieve mutually 
agreed goals and objectives.  However, absent from the current work is 
consideration of how to rapidly conduct policy negotiations between these 
organization and translate the results into a coordinated set of actions 
that can be used to help automate the process of the organizations joining 
themselves together.

This talk looks at the enabling role of XML within the architecture 
frameworks of three initiatives aimed at improving interoperability at the 
business component level: RosettaNet, ebXML and Open Buying on the Internet 
(OBI).  Key ideas are highlighted and the potential role of policy based 
decision making in extending these ideas is illustrated.


3.

TITLE: Conflict Resolution in Policy Management
SPEAKER: Jan Chomicki, Associate Professor, CSE Dept, University at Buffalo

ABSTRACT:
The simple event-condition-action (ECA) rule paradigm of active databases 
has proved very useful in many database applications. However, its 
applicability goes beyond data management.  ECA rules can  be used in 
network management and monitoring, electronic commerce, security and access 
management, and other application areas, to express policies -- collections 
of general principles specifying the desired behavior of a 
system.  Usually, policies are coded in an imperative programming language 
like Java.  This makes for implementation ease and efficiency but limits 
what can be done with policies. For instance, it is difficult to maintain, 
verify, or analyze such policies.

In this talk I will use a declarative policy definition language PDL, in 
which policies are formulated as sets of ECA rules. In contrast to standard 
database trigger languages, PDL has a rich event sublanguage but allows 
only uninterpreted actions. In addition to rules, one can specify in PDL 
constraints on concurrent or sequential execution of actions.  I will 
address the issue of defining policy monitors that guarantee that 
constraint violations (action conflicts) are fully resolved at run-time. 
The monitors resolve conflicts through action cancellation or delay. The 
monitors may also differ with respect to a novel property called 
"unobtrusiveness" which requires that conflict resolution produce a result 
corresponding to some conflict-free execution of the policy.  I will show 
how to specify the monitors declaratively using (a variant of) Datalog. I 
will also present algorithms for the evaluation of monitors and study their 
computational properties.  Finally, I will describe the architecture of a 
PDL-based policy server being used to provide centralized administration of 
a soft switch in a communication network.


4.

TITLE:  Dynamic Policies Through Context-Sensitive Situations
SPEAKER: Dr. Opher Etzion Manager, Active Management Technologies;
IBM Research Laboratory in Haifa

ABSTRACT:

Policies may be driven by complex combination of events that may have 
temporal or spatio-temporal characteristics. An example is the stock market 
domain : "If I am not in a meeting then notify me whenever IBM stock went 
up by three percent within two hours". Amit (Active middleware technology) 
is a research project in IBM that deals with integration of data and events 
from different sources, to provide high-speed situation detection 
mechanism. In the talk I'll describe the technology features, as well as 
one of its applications, the management of virtual enterprises integrating 
events from the IT infrastructure ("a communication line has failed") and 
from the business processes world ("the delivery truck has been delayed due 
to a blocked road").


5.

Generalized Certificate Revocation
Carl A. Gunter, University of Pennsylvania

This talk introduces a language for creating and manipulating
CERTIFICATES, that is, digitally signed data based on public key
cryptography, and a system for REVOKING certificates.  Our approach
provides a uniform mechanism for secure distribution of public key
bindings, authorizations, and revocation information.  An external
language for the description of these and other forms of data is
compiled into an intermediate language with a well-defined
denotational and operational semantics.  The internal language is used
to carry out consistency checks for security and optimizations for
efficiency.  Our primary contribution is a technique for treating
revocation data DUALLY to other sorts of information using a polarity
discipline in the intermediate language.  This is joint work with
Trevor Jim.  A paper on the topic can be found at
http://www.cis.upenn.edu/~qcm/papers/popl00.ps.



6.

Communal Access Control Policies, and Interoperability  Between Them
Naftaly Minsky, Rutgers University

It is my thesis that for a group of autonomous agents to interoperate
 effectively, they must be able to trust each other to comply with some common
 rules-of-engagement, or a policy.  Moreover, it stands to reason that if the
 members of the group in question are heterogeneous, with little or no
trust in
 each other, then their interaction-policy needs to be enforced; and that this
 enforcement needs to be de-centralized, if the group  can be large.

Guided by this thesis we have developed a coordination mechanism called
Law-Governed Interaction (LGI), that enables a community C of distributed
agents to interact under an explicit and strictly enforced policy, called the
``law'' of this community. This mechanism, which is currently prototyped by
the
Moses toolkit, has the following  characteristics:
   (a) The membership of C can change dynamically, and can be very large.
   (b) LGI makes no assumptions  about the structure and behavior of members
       of C,  which can, therefore, be quite heterogeneous.
   (c) The deployment of a community under a specified law is easy,
       incremental, and can be done dynamically.
   (d) The enforcement of laws under LGI is  strictly decentralized---for 
       scalability.
In the talk, I will attempt to motivate this mechanism, and describe 
its nature.


7.

Network Configuration Management and Interoperability
S. Raj Rajagopalan, Telcordia Technologies

Security has often been cited as the primary obstacle in the fielding of many
technologies in both commercial and DoD networks.  Past experience also
demonstrates our inability to manage networks in such a way that desired
security properties are upheld as the network changes.  Network management
tools are needed to automate management of firewall networks in dynamic
environments to the fullest extent possible.  Rather than depend on human
administrators to provide the right configurations on each network element, it
would be necessary in the future to enable network elements to adapt to change
by reconfiguring as appropriate.  The challenge would then be for these network
elements to know the right reconfiguration so that the appropriate security
policies are upheld while legitimate users are not inconvenienced by loss of
service.  This project focuses on management of configurations of network
elements so that stated policies can be upheld.

Our specific application is to design, develop, and demonstrate a prototype
system for automatically managing a network of firewalls in an enterprise
network so that security policy is upheld constantly as the network
changes. Specifically, we aim to build an automatic reconfiguration system that
not only guarantees that the security policy is being upheld in a network but
also allows two different administrative domains with different security
policies to negotiate their interconnections to uphold their respective
security policies.  The salient aspects of our approach are: (1) strict
separation between the policy, network topology, and the mechanisms used to
implement the policy, (2) specification of policies and topology at all layers
in the network from the physical layer to the application layer in as human
comprehensible language as possible, (3) reduction of policy administration to
configuration management using models of network elements and protocols, (4)
extension of policy administration to all relevant network elements such as
firewalls, routers, switches, workstations, etc, and (5) explicit composability
of network policies and models to reason about a network as a whole rather than
individual elements.

Other Workshops

DIMACS Homepage