基于开放逻辑R反驳计算的访问控制策略精化

策略精化是解决分布式应用访问控制策略配置复杂性的重要方法,现有精化技术给出了策略分层描述和逐层精化的方法,但处理策略之间关联问题的能力不足.基于精化树描述策略和策略关联,基于叶结点策略冲突判断,采用开放逻辑R反驳计算分析精化树策略关联属性,能够消解策略冲突同时保证策略互斥、组合、访问路径协同、精化映射等关联正确,并能够按序消解不同类型策略冲突、自由取舍相冲突的策略.实验与分析计算性能表明,该方法符合SaaS平台客户应用系统策略精化需求.     

信息安全策略开发的关键问题研究

本文在辨析信息安全策略概念基础上,提出了信息安全战略和特定信息安全策略相结合、特定信息安全策略以资产安全保护策略和共性安全防护措施使用策略为经纬的安全策略架构,并针对安全策略生命周期中的关键活动给出了指导方法。     

Adaptive location policies for global scheduling

Two important components of a global scheduling algorithm are its transfer policy and its location policy. While the transfer policy determines whether a task should be transferred, the location policy determines where it should be transferred. Based on their location policies, global scheduling algorithms can be broadly classified as receiver-initiated, sender-initiated, or symmetrically-initiated. The relative performance of these classes of algorithms has been shown to depend on the system workload. We present two adaptive location policies for global scheduling in distributed systems. These location policies are general, and can be used in conjunction with many existing transfer policies. By adapting to the system workload, the proposed policies capture the advantages of both sender-initiated and receiver-initiated policies. In addition, by adaptively directing their search activities toward the nodes that are most likely to be suitable counterparts in task transfers, the proposed policies provide short transfer latency and low overhead, and more important, high probability of finding a suitable counterpart if one exists. These properties allow these policies to deliver good performance over a very wide range of system operating conditions. The proposed policies are compared with nonadaptive policies, and are shown to considerably improve performance and to avoid causing system instability     

策略在Lotus Notes/Domino系统管理中的应用

本文回顾了Lotus Notes/Domino系统中策略的概念,包括策略的种类和定义方法。从注册、安装、邮件、桌面等几个方面阐述如何使用策略来构建、管理Notes系统和用户行为,并对运用策略提高Notes系统管理安全性、易用性等方面进行了探讨。最后,给出Notes策略的实例。     

Real-time update of access control policies

Access control policies are security policies that govern access to resources. The need for real-time update of such policies while they are in effect and enforcing the changes immediately, arise in many scenarios. Consider, for example, a military environment responding to an international crisis, such as a war. In such situations, countries change strategies necessitating a change of policies. Moreover, the changes to policies must take place in real-time while the policies are in effect. In this paper we address the problem of real-time update of access control policies in the context of a database system. Access control policies, governing access to the data objects, are specified in the form of policy objects. The data objects and policy objects are accessed and modified through transactions. We consider an environment in which different kinds of transactions execute concurrently some of which may be policy update transactions. We propose algorithms for the concurrent and real-time update of security policies. The algorithms differ on the basis of the concurrency provided and the semantic knowledge used.     

策略在Lotus Notes／Domino系统管理中的应用

本文回顾了Lotus Notes／Domino系统中策略的概念,包括策略的种类和定义方法。从注册、安装、邮件、桌面等几个方面阐述如何使用策略来构建、管理Nofes系统和用户行为,并对运用策略提高Notes系统管理安全性、易用性等方面进行了探讨。最后,给出Notes策略的实例。     

Examining Usability of Web Privacy Policies

Three studies examined (a) the amount and types of personal information requested by Web sites from seven different categories, (b) the goals and readability of existing privacy policies for four categories of sites, and (c) users' comprehension and perceptions of privacy policies. Study 1 showed that different amounts of personal information were requested by Web sites, even within the same category. Content and readability analyses of 100 privacy policies in Study 2 showed that policies tended to be high on both privacy protection and vulnerability goals or low on both. The policies were also written at a reading level corresponding to 13 years of education. Study 3 showed, though, that even college students have poor comprehension of the content of privacy policies. The students perceived longer policies that included many privacy goals as providing better assurance of privacy than shorter policies that included fewer goals. From a usability perspective, there is considerable room for improvement in the design of organizations' Web sites with respect to the amount and types of person information solicited and the implementation of privacy policies.     

A lattice-based approach for updating access control policies in real-time

Real-time update of access control policies, that is, updating policies while they are in effect and enforcing the changes immediately and automatically, is necessary for many dynamic environments. Examples of such environments include disaster relief and war zone. In such situations, system resources may need re-configuration or operational modes may change, necessitating a change of policies. For the system to continue functioning, the policies must be changed immediately and the modified policies automatically enforced. In this paper, we propose a solution to this problem—we consider real-time update of access control policies in the context of a database system.     

Conflicts in policy-based distributed systems management

Modern distributed systems contain a large number of objects and must be capable of evolving, without shutting down the complete system, to cater for changing requirements. There is a need for distributed, automated management agents whose behavior also has to dynamically change to reflect the evolution of the system being managed. Policies are a means of specifying and influencing management behavior within a distributed system, without coding the behavior into the manager agents. Our approach is aimed at specifying implementable policies, although policies may be initially specified at the organizational level and then refined to implementable actions. We are concerned with two types of policies. Authorization policies specify what activities a manager is permitted or forbidden to do to a set of target objects and are similar to security access-control policies. Obligation policies specify what activities a manager must or must not do to a set of target objects and essentially define the duties of a manager. Conflicts can arise in the set of policies. Conflicts may also arise during the refinement process between the high level goals and the implementable policies. The system may have to cater for conflicts such as exceptions to normal authorization policies. The paper reviews policy conflicts, focusing on the problems of conflict detection and resolution. We discuss the various precedence relationships that can be established between policies in order to allow inconsistent policies to coexist within the system and present a conflict analysis tool which forms part of a role based management framework. Software development and medical environments are used as example scenarios     

A comprehensive keyword analysis of online privacy policies

ABSTRACT

Online privacy policies are known to have inconsistent formats and incomplete content. They are also hard to understand and do not effectively help individuals to make decisions about the data practices of the online service providers. Several studies have focused on the deficiencies of privacy policies such as length and readability. However, a very limited number of studies have explored the content of privacy policies. This paper aims to shed some lights on the content of these legal documents. To this end, we performed a comprehensive analysis of keywords and content of over 2000 online policies. Policies were collected from variety of websites, application domains, and regulatory regimes. Topic modeling algorithms, such as Latent Dirichlet Allocation, were used for topic coverage analysis. This study also measured the coverage of ambiguous words in privacy policies. Lastly, a method was used to evaluate keyword similarity between privacy policies which belonged to different regulatory framework or applications. The findings suggested that regulations have an impact on the selection of terminologies used in the privacy policies. The results also suggested that European policies use fewer ambiguous words but use more words such as cookie and compliance with the regional regulations. We also observed that the seed keywords extracted for each section of privacy policies were consistently used in all policies regardless of the application domain and regulations.     

Commitment analysis to operationalize software requirements from privacy policies

Online privacy policies describe organizations’ privacy practices for collecting, storing, using, and protecting consumers’ personal information. Users need to understand these policies in order to know how their personal information is being collected, stored, used, and protected. Organizations need to ensure that the commitments they express in their privacy policies reflect their actual business practices, especially in the United States where the Federal Trade Commission regulates fair business practices. Requirements engineers need to understand the privacy policies to know the privacy practices with which the software must comply and to ensure that the commitments expressed in these privacy policies are incorporated into the software requirements. In this paper, we present a methodology for obtaining requirements from privacy policies based on our theory of commitments, privileges, and rights, which was developed through a grounded theory approach. This methodology was developed from a case study in which we derived software requirements from seventeen healthcare privacy policies. We found that legal-based approaches do not provide sufficient coverage of privacy requirements because privacy policies focus primarily on procedural practices rather than legal practices.     

Employees’ adherence to information security policies: An exploratory field study

The key threat to information security comes from employees who do not comply with information security policies. We developed a new multi-theory based model that explained employees’ adherence to security policies. The paradigm combines elements from the Protection Motivation Theory, the Theory of Reasoned Action, and the Cognitive Evaluation Theory. We validated the model by using a sample of 669 responses from four corporations in Finland. The SEM-based results showed that perceived severity of potential information security threats, employees’ belief as to whether they can apply and adhere to information security policies, perceived vulnerability to potential security threats, employees’ attitude toward complying with information security policies, and social norms toward complying with these policies had a significant and positive effect on the employees’ intention to comply with information security policies. Intention to comply with information security policies also had a significant impact on actual compliance with these policies. High level managers must warn employees of the importance of information security and why it is necessary to carry out these policies. In addition, employees should be provided with security education and hands on training.     

Processor Allocation in Multiprogrammed Distributed-Memory Parallel Computer Systems

In this paper, we examine three general classes of space-sharing scheduling policies under a workload representative of large-scale scientific computing. These policies differ in the way processors are partitioned among the jobs as well as in the way jobs are prioritized for execution on the partitions. We consider new static, adaptive and dynamic policies that differ from previously proposed policies by exploiting user-supplied information about the resource requirements of submitted jobs. We examine the performance characteristics of these policies from both the system and user perspectives. Our results demonstrate that existing static schemes do not perform well under varying workloads, and that the system scheduling policy for such workloads must distinguish between jobs with large differences in execution times. We show that obtaining good performance under adaptive policies requires somea prioriknowledge of the job mix in these systems. We further show that a judiciously parameterized dynamic space-sharing policy can outperform adaptive policies from both the system and user perspectives.     

基于轨迹的策略描述和复合

1 引言随着计算机信息系统在众多领域的广泛应用,民用尤其是商用计算机系统安全也逐渐引起人们的重视。在军用计算机系统领域,安全需求相对来讲比较单一和稳定(随着网络应用的发展,军用系统安全需求也有所变化),Bell&LaPadula(BLP)模型描述的多级军事安全(Multilevel Security,MLS)策略体现了军用系统的主要安全需求。但在民用领域很难找到这样统一的安全需求,与军用系统相比,民用系统安     

Integrating planning and control for single-bodied wheeled mobile robots

This paper presents an approach to couple path planning and control for mobile robot navigation in a hybrid control framework. We build upon an existing hybrid control approach called sequential composition, in which a set of feedback control policies are prescribed on well-defined domains contained in the robot’s free space. Each control policy drives the robot to a goal set, which lies in the domain of a subsequent policy. Control policies are deployed into the free state space so that when composed among one another, the overall action of the set of control policies drives the robot to perform a task, such as moving from a start to a goal location or patrolling a perimeter. A planner determines the sequence of control policies to be invoked. When control policies defined in this framework respect the low-level dynamics and kinematics of the system, this formal approach guarantees that high-level tasks are either accomplished by a given set of policies, or verifies that the tasks are not achievable with the given policies.     

Policy support for H.323 call handling

The need for policies to control calls is justified by the changing face of communications. An overview is given of a general architecture and language for policies. It is then shown how these are adapted for control of calls using the H.323 multimedia communications standard. Policy support for H.323 was created by extending an open source gatekeeper. The core policy language has been specialised to deal with call control in general, and for H.323 in particular. Examples are given of policies for H.323, illustrating how traditional features can be made to work more flexibly through use of policies. Examples are also provided of policies specific to H.323, and policies that can take advantage of other information such as the context of a call.     

Assigning multiple job types to parallel specialized servers

In this paper methods of mixing decision rules are investigated and applied to the so-called multiple job type assignment problem with specialized servers. This problem is modeled as continuous time Markov decision process. For this assignment problem performance optimization is in general considered to be difficult. Moreover, for optimal dynamic Markov decision policies the corresponding decision rules have in general a complicated structure not facilitating a smooth implementation. On the other hand optimization over the subclass of so-called static policies is known to be tractable. In the current paper a suitable static decision rule is mixed with dynamic decision rules which are selected such that these rules are relatively easy to describe and implement. Some mixing methods are discussed and optimization is performed over corresponding classes of so-called mixing policies. These mixing policies maintain the property that they are easy to describe and implement compared to overall optimal dynamic Markov decision policies. Besides for all investigated instances the optimized mixing policies perform substantially better than optimal static policies.     

证书管理策略形式化问题的分析与研究

大多数可信机构通常采用离线手控的策略来管理证书的产生和撤销,然而这种方法不能满足目前越来越多的应用中对证书管理策略形式化和自动化执行的要求.针对此问题,提出了认证和撤销策略的一种形式化表示及其支持框架,由捆绑在服务器上的通用策略引擎来实施证书管理策略.该框架容易配置且对目前的公钥基础设施(PKI)来说不需要作任何变动,有极高的可用性.     

面向SDN/NFV环境的网络功能策略验证

SDN与NFV技术带来了网络管理的灵活性与便捷性,但SDN的动态转发策略可能导致网络功能策略失效,同时不同网络功能的策略可能互相影响,引起冲突问题.为了在基于SDN/NFV的云网络中对网络功能的策略进行验证,分析了网络功能与SDN设备之间、跨网络功能之间的策略冲突,建立了统一策略表达进行策略解析,设计策略验证方案、框架...     

网格环境下基于属性的访问控制策略合成研究*

为了满足网格环境下资源聚合对访问控制策略合成的需求,达到建立统一的安全策略的目的,提出了一种扩展的基于属性的访问控制（ABAC）策略合成代数来实现安全策略的合成,该合成在策略表达式中引入了环境属性,并结合了一种新的策略合成算子实现访问控制策略的合成。用一个具体的策略合成案例展示了策略的合成,说明策略合成方法有良好的语义表达能力、灵活性以及可扩展性。