Presentation on theme: "International Technology Alliance In Network & Information Sciences International Technology Alliance In Network & Information Sciences 1 Policy Specification,"— Presentation transcript:
International Technology Alliance In Network & Information Sciences International Technology Alliance In Network & Information Sciences 1 Policy Specification, Analysis and Transformation Mandis Beigi, Carolyn Brodie, Seraphin Calo, David George, Clare-Marie Karat, John Karat, Jorge Lobo, Dinesh Verma, and Xiping Wang
3 Security Policy Framework–TA2 P4 Policy Specification In Natural Language Subclasses (NLS) In a Formal Language (FL) System Side Algorithms & Tools User Side Author NL policies Convert NL policies to FL policies Author FL policies Convert FL policies to NL policies Abstract Policy Models Privacy / Security Ontologies Policy Transformation Policy Synchronization Goals, High Level Policies In System Context Concrete Policy Sets Executable Policies Information Control Flow Policy Ratification Policy Authoring Policy Ratification Databases, XML Stores, Rule Engines, State Machines, etc Global Principles and Goals Large Scale Analyses of NL and FL Policies Survey & Coding of Related Practices Policy Transformation Policy Synchronization Human Factors Based Design & Usability Studies Policy Presentation Processing & User Interaction User Preferences in a FL User-Level Paradigms for Preferences Preference Specification Tools AC & Audit Policies Data User Risk Choices & Model Model Model Consent
4 Demonstration Components Policy Specification In Natural Language Subclasses (NLS) In a Formal Language (FL) Abstract Policy Models Goals, High Level Policies In System Context Executable Policies Databases, XML Stores, Rule Engines, State Machines, etc Concrete Policy Sets Information Control Flow Domain Policies Data User Choices & Model Consent Policy Analysis Conflict/Dominance/Coverage Policy Transformation User defined transformation Management SPARCLE NLP Analysis & Transformation Policy Deployment Using Ponder 2 for implementation
5 SPARCLE Policy Workbench Motivation for SPARCLE: –Policies provide a powerful mechanism to manage many kinds of infrastructures including security and network management. –Currently, policy management methods (e.g., editing XML files) are not sufficient to address user skills of varying technical abilities. –There is a large, error-prone gap between high level policy specification and deployment. –Goal: Create a usable, integrated capability for policy management across heterogeneous systems.
6 SPARCLE Policy Workbench Project Scope: The SPARCLE (Server Privacy ARchitecture and CapabiLity Enablement) project will create a highly usable policy workbench that enables organizations to: –Create access control policies (Author, Analyze, and Transform) –Connect policy definition to system entities (Implement) –Check policy compliance (Audit) Authoring Tool Description: –Provides natural language analysis of textual policies, displays results for expert review, and generates the machine-readable XML version of the policies, with 94% parsing precision. –Provides analysis of conflicts and redundancies in access control policies at the structured language level. –Displays results for expert review. –Transforms the policy sets into machine-readable XML version of the policies.
7 Marketing employees name, address, and phone number for the purpose of direct advertising if the customer has opted-in. can collect and use User category ActionsData categories Purpose Condition SPARCLE Parsing Example
8 Policy Analysis Motivation: –Provides a formal process that allows policy administrators to certify the correctness of a policy before the policy is activated. –Demo highlights the use of advanced algorithms to systematically determine if a policy is problematic. –Analysis can be performed when a policy is authored and the whole process of analysis is automated.
9 Policy Analysis Types in Demo Conflict Identification: –Two policies are in conflict if they can be simultaneously applicable and prescribe incompatible actions. –This analysis method is used to determine if two policies are consistent. Dominance Analysis: –A policy is dominated by a set of one or more other policies when the addition of the first policy does not effect the behavior of the system governed by the set of policies. –This analysis method is used to discover redundant policies. Coverage Analysis: –A set of policies may (or may not) provide definition for a range of input parameters. This analysis method determines if there are gaps in the coverage. –This analysis method is used to examine the completeness of a set of policies.
10 Conflict Identification Security Level already existing policy new policy Teams Conflict: Applicability subspaces intersect. Variables can take values in spaces of different characteristics –We first find the policy hyper-space intersect –Then we check if the policy effects are incompatible
11 Dominance Analysis Battery capacity Draining rate Already existing policy 100 mAmp 95 mAmp/h 30 mAmp/h Dominance check: –A subspace is inside another subspace –Subspaces might not be convex A policy is dominated if its hyper-space is completely contained in the hyper-space of the existing policies new policy
12 Coverage Analysis Battery capacity Draining rate 10 35 P2 40 100 350 P4 P3 Uncovered area Device space (dashed line) Coverage check: –A subspace is contained by another subspace (the space to be covered) –Subspaces might not be convex A device space is covered if it is completely covered by the hyper- space of a set of policies To cover the device space the lower bound of draining rate of P4 can be changed to 35
13 Policy Transformation Motivation and Explanation: –Transform high level policies into low level policies –Rule based transformation –Modify condition and action sections of the policies –Simple search and replace –Transformation rules are written in an XML format by an expert user
14 Transformation Example Input policy If user is from U.S. Then provide high security Transformation rules 1.Replace U.S. with subnet 9.2.x.x 2.Replace high security with 256 bit encryption and DES encryption Output Policy If user is from subnet 9.2.x.x Then use 256 bit encryption and DES encryption
15 Policy Deployment The last step is to deploy policies into managed resources This is done in two sub-steps: –A last translation of the policies into the executable commands or policies understood by each resource –Transmission of the policy to the resource In our scenario we are working with Self- Managed Cells (SMC) resources –SMCs are agents built using the Ponder2 policy framework developed at Imperial College
08/13/2007 Security Management in Dynamic Communities 16 Policy Deployment SMC policy service - Ponder2 framework –Cater for two types of policies Obligation policies (event-condition-action) define management actions that are performed in response to events Authorization policies specify which actions are permitted on which resources and services –Managed objects to which policies apply can be Internal resources Adapters for external services Policies themselves resource Domain structure policy … … … remote –Policies can be added, removed, enabled and disabled to change SMC behavior Without interrupting its functioning –Managed objects kept in domain structure that implements hierarchical namespace Use domains as subject/target of policies
08/13/2007 Security Management in Dynamic Communities 17 Backup and Alternative Slides
18 Demonstration A scenario based demo will illustrate the research concepts in the security policy management area.
08/13/2007 Security Management in Dynamic Communities 20 Policy Deployment Self-managed cell (SMC) –Consists of hardware and software components –Do not rely on human intervention nor central coordination –Implements a local feedback control-loop Architectural pattern –Basic building block of a pervasive environment Core services –Discovery service –Event service –Policy service