Component-Based Systems Reconfigurations Using Graph Transformations with <Emphasis Type="Italic">GROOVE</Emphasis>

Component-based systems permit standardisation and re-usability of code through the use of components. The architecture of component-based systems can be modified thanks to dynamic reconfigurations, which contribute to systems’ (self-)adaptation by adding or removing components without incurring any system downtime. In this context, the present article describes a formal model for dynamic reconfigurations of component-based systems. It provides a way of expressing runtime reconfigurations of a system and proving their correctness according to a static invariant for consistency constraints and/or a user-provided post-condition. Guarded reconfigurations allow us to build reconfigurations based on primitive reconfiguration operations using sequences of reconfigurations and the alternative and the repetitive constructs, while preserving configuration consistency. A practical contribution consists of the implementation of a component-based model using the GROOVE graph transformation tool. This implementation is illustrated on a cloud-based multi-tier application hosting environment managed as a component-based system. In addition, after enriching the model with interpreted configurations and reconfigurations in a consistency compatible manner, component systems’ implementations are related to their specifications by a simulation relation.     

基于DTE策略的安全域隔离Z形式模型

基于DTE策略的安全域隔离技术是构造可信系统的基本技术之一.但现有DTE实现系统存在安全目标不明确、缺乏对系统及其安全性质的形式定义和分析的缺点,导致系统安全性难以得到保证.定义了一个基于DTE策略的安全域隔离模型,采用Z语言形式定义了系统状态、基于信息流分析的不变量和安全状态,并借助Z/EVES工具给出验证系统安全的形式分析方法.解决了DTE系统的形式化建模问题,为安全域隔离技术的实现和验证奠定了基础.     

Verification and enforcement of access control policies

Access control mechanisms protect critical resources of systems from unauthorized access. In a policy-based management approach, administrators define user privileges as rules that determine the conditions and the extent of users’ access rights. As rules become more complex, analytical skills are required to identify conflicts and interactions within the rules that comprise a system policy—especially when rules are stateful and depend on event histories. Without adequate tool support such an analysis is error-prone and expensive. In consequence, many policy specifications are inconsistent or conflicting that render the system insecure. The security of the system, however, does not only depend on the correct specification of the security policy, but in a large part also on the correct interpretation of those rules by the system’s enforcement mechanism. In this paper, we show how policy rules can be formalized in Fusion Logic, a temporal logic for the specification of behavior of systems. A symbolic decision procedure for Fusion Logic based on Binary Decision Diagrams (BDDs) is provided and we introduce a novel technique for the construction of enforcement mechanisms of access control policy rules that uses a BDD encoded enforcement automaton based on input traces which reflect state changes in the system. We provide examples of verification of policy rules, such as absence of conflicts, and dynamic separation of duty and of the enforcement of policies using our prototype implementation (FLCheck) for which we detail the underlying theory.     

PMI中访问控制策略和实现机制的改进

授权管理基础设施PMI是目前网络安全领域中的研究热点，如何提高PMI的系统效率以及如何标准化授权策略是当前遇到的主要问题。该文提出了一种基于条件的访问控制策略，结合XACML和J2EE的相关技术对策略的实现机制进行了改进，实现了一个基于该策略模型的PMI系统。该系统可有效地解决上述问题，给用户提供了更方便的权限管理和更细粒度的访问控制。     

A measurement-based approach for dynamic QoS adaptation in DiffServ networks

This paper presents a practical approach to managing multimedia traffic in DiffServ network, using network monitoring feedback and control. We exploit the flexibility of multimedia traffic and process network level parameters to adapt the traffic according to the current state of the network. The latter is determined based on reports sent by bandwidth monitors installed on each node of a DiffServ Domain. The bandwidth monitors interact with a policy server which, depending on the network state, decides the policy(ies) that should be enforced by the DiffServ network. The implementation of the selected policies typically leads to accepting, remarking, or dropping the multimedia traffic entering the network. Multimedia streams may be assigned different levels of QoS, as interpreted by the marker at the DiffServ edge router and marked according to network state. To achieve such dynamic QoS adaptation for multimedia applications, we have implemented and evaluated a policy-based management system. Performance evaluation shows that multimedia applications adapt better to network conditions using our approach.     

SELinux中策略有效性的形式化模型研究

文章提出了一个形式化模型AMACP（Analyzing Model of SELinux＇Accegs Control Pplicy）,用它来分析SELinux中的策略配置文件的有效性,SELinux中的策略数目是巨大而又复杂的.SELinux系统实现的几个子模型是由配置文件中的规则构成,但却很难全面把握这些规则对系统本身的影响.文章的目的就是根据SELinux中策略配置构建语义并且模型化这些规则之间的关系.在此基础上提出一种算法,用来验证某个主体是否可以利用某种给定的存取模式来访问某个给定的客体对象.     

服务自适应模型及其应用

提出了一个基于模糊理论的服务自适应模型。完整地形式化了服务自适应选择过程,使用模糊语言变量和隶属度方程定义了上下文状态和服务策略选择规则。基于当前上下文与服务实现策略标准上下文之间的模糊距离概念,提出了计算服务实现策略合适程度的合适度方程。结合名为“校园助理”的上下文敏感应用场景,阐述了该模型的有效性和具体应用。     

A rule-based support system for dissonance discovery and control applied to car driving

This paper is based on the concept of dissonance, that is, gaps or conflicts existing in a specific knowledge base or among different knowledge bases. It presents a rule-based system that assists human operators in dissonance discovery and control by taking into account two kinds of dissonance, i.e., affordance to study conflicts of use, and inconsistencies to study conflicts of intention and action, through the analysis of cognitive behavior implemented in knowledge bases. This system elaborates the knowledge base composed of rules, and analyzes the knowledge content to discover new knowledge by creating additional rules, or to identify inconsistencies when conflicts between rules occur. The affordance discovery control process uses a deductive and an inductive reasoning algorithm of which the aim is to establish new rules using existing ones. The inconsistency discovery control process applies an abductive reasoning algorithm in order to determine contradictory rules when existing rules may result in opposite intentions being accomplished. Two groups of inconsistencies are addressed: interferences involving several decision makers, and contradictions involving the same decision maker. A knowledge acquisition control process facilitates the creation of the initial rules that contain parameters such as intentions relating to the goals to be achieved, actions to be performed to achieve these intentions, objects used to carry out these actions and the decision makers who execute these actions using the corresponding objects. A feasibility study taking into account five rule bases relating to the manual use of an Automated Speed Control System (ASCS), the automated control of the car speed by the ASCS, the manual control of aquaplaning, the manual control of the car speed, and the manual control of car fuel consumption is proposed to validate the rule-based support system.     

An Adaptive Policy-Based Framework for Network Services Management

This paper presents a framework for specifying policies for the management of network services. Although policy-based management has been the subject of considerable research, proposed solutions are often restricted to condition-action rules, where conditions are matched against incoming traffic flows. This results in static policy configurations where manual intervention is required to cater for configuration changes and to enable policy deployment. The framework presented in this paper supports automated policy deployment and flexible event triggers to permit dynamic policy configuration. While current research focuses mostly on rules for low-level device configuration, significant challenges remain to be addressed in order to:a) provide policy specification and adaptation across different abstraction layers; and, b) provide tools and services for the engineering of policy-driven systems. In particular, this paper focuses on solutions for dynamic adaptation of policies in response to changes within the managed environment. Policy adaptation includes both dynamically changing policy parameters and reconfiguring the policy objects. Access control for network services is also discussed.     

Worst‐case control policies for (terminal) linear–quadratic control problems under disturbances

We consider linear control systems under uncertainties. For such systems we solve the problem of constructing worst‐case feedback control policies that are allowed to be corrected at m fixed intermediate time moments. We propose two types of the approximative control policies. All of them guarantee that for all admissible uncertainties the terminal system state lies in a prescribed neighborhood of a given state x_* at a given final moment, and the value of the cost function does not exceed a given estimate. It is shown that computation of the estimate for each policy is equivalent to solving a corresponding convex mathematical programming (MP) problem with m decision variables. Based on the solution of the MP problem, we derive simple explicit rules (which can be easily implemented on‐line) for constructing the corresponding control policy in the original control problem. Copyright © 2009 John Wiley & Sons, Ltd.     

Intelligent distributed control systems

ContextThe paper² deals with distributed reconfigurable embedded control systems following the component-based International Industrial Standard IEC61499 in which a Function Block (abbreviated by FB) is an event-triggered software component owning data and a control application is a distributed network of Function Blocks. Nowadays, limited related works have been proposed to address particular cases of reconfigurations without considering distributed architectures. Our first problem is to be able to handle all possible forms of reconfigurations that can be applied at run-time to distributed Function Blocks. In this case, a coordination between devices of the execution environment should be applied to guarantee safe and coherent distributed reconfigurations. A second problem is to find the sufficient solutions for the correct implementation of this reconfigurable distributed architecture.ObjectiveThe paper defines an implementable multi-agent architecture for automatic and coherent reconfigurations of distributed Function Blocks.MethodTo address all possible industrial forms, we classify the reconfiguration scenarios into three levels. The first level deals with additions–removals of Function Blocks to-from the system’s implementation. The second deals with updates of compositions of blocks, and the third deals with updates of data. We define a Reconfiguration Agent for each device of the execution environment, and a unique Coordination Agent for coordinations between devices. Each Reconfiguration Agent to be modelled by nested state machines applies local reconfiguration scenarios in the corresponding device after coordinations with the Coordination Agent. We propose an Inter-Agents Communication Protocol to support correct and coherent reconfigurations of distributed devices. This protocol is based on Coordination Matrices to be handled by the Coordination Agent in order to define all reconfiguration scenarios that should be simultaneously applied in distributed devices. We propose XML-based implementations for both kinds of agents where XML code blocks are exchanged between devices to guarantee safety distributed reconfigurations. The contributions of the paper are applied to two Benchmark Production Systems available in our research laboratory.ResultsThe communication protocol is successfully applied to our platforms where simulations are executed to check distributed and coherent reconfiguration scenarios. The Reconfiguration and Coordination Agents are implemented in this platform by following the International Standard IEC61499. We show in addition XML-based successful interactions between devices when distributed reconfigurations are applied.ConclusionThe paper successfully defines a multi-agent architecture for IEC61499 distributed reconfigurable embedded systems where Coordination and Reconfiguration agents are proposed to allow feasible and coherent distributed reconfigurations by using a defined communication protocol. This architecture is implemented in XML and applied to real industrial platforms.     

Business policy compliance in service-oriented systems

As business policies and environments change constantly, there is a need for service-oriented systems to be compliant, yet adaptive. The solution proposed in this paper is based on a clear architectural separation of policy specification, enforcement strategy and realization. Policy compliance is worked out as a rule transformation process mediating between the business policy language SBVR and Condition-Action (CA) rules. The solution supports adaptation caused by business policy evolution as well as adaptation caused by service evolution. In addition, the paper describes a novel truly service-oriented way of implementing compliance management and enforcement of business policies drawing on Adaptive Service Oriented Architecture (ASOA).     

Building access control policy model for privacy preserving and testing policy conflicting problems

This paper proposes a purpose-based access control model in distributed computing environment for privacy preserving policies and mechanisms, and describes algorithms for policy conflicting problems. The mechanism enforces access policy to data containing personally identifiable information. The key component is purpose involved access control models for expressing highly complex privacy-related policies with various features. A policy refers to an access right that a subject can have on an object, based on attribute predicates, obligation actions, and system conditions. Policy conflicting problems may arise when new access policies are generated that are possible to be conflicted to existing policies. As a result of the policy conflicts, private information cannot be well protected. The structure of purpose involved access control policy is studied, and efficient conflict-checking algorithms are developed and implemented. Finally a discussion of our work in comparison with other related work such as EPAL is presented.     

Dynamic Load Balancing in Distributed Systems in the Presence of Delays: A Regeneration-Theory Approach

A regeneration-theory approach is undertaken to analytically characterize the average overall completion time in a distributed system. The approach considers the heterogeneity in the processing rates of the nodes as well as the randomness in the delays imposed by the communication medium. The optimal one-shot load balancing policy is developed and subsequently extended to develop an autonomous and distributed load-balancing policy that can dynamically reallocate incoming external loads at each node. This adaptive and dynamic load balancing policy is implemented and evaluated in a two-node distributed system. The performance of the proposed dynamic load-balancing policy is compared to that of static policies as well as existing dynamic load-balancing policies by considering the average completion time per task and the system processing rate in the presence of random arrivals of the external loads.     

Optimal Dispersal of Certificate Chains

A regeneration-theory approach is undertaken to analytically characterize the average overall completion time in a distributed system. The approach considers the heterogeneity in the processing rates of the nodes as well as the randomness in the delays imposed by the communication medium. The optimal one-shot load balancing policy is developed and subsequently extended to develop an autonomous and distributed load-balancing policy that can dynamically reallocate incoming external loads at each node. This adaptive and dynamic load balancing policy is implemented and evaluated in a two-node distributed system. The performance of the proposed dynamic load-balancing policy is compared to that of static policies as well as existing dynamic load-balancing policies by considering the average completion time per task and the system processing rate in the presence of random arrivals of the external loads     

基于时间与检测的软件恢复策略及成本分析

为了对抗软件在运行过程中出现的老化现象,需要实施合适的软件恢复(software rejuvenation)策略。该文将单纯基于时间的和基于检测的软件恢复策略相结合,提出了基于时间与检测的软件恢复策略,弥补了前者确定的恢复时间间隔较为保守和后者引发过高的监控成本的缺陷。对3种策略的成本分析和比较表明,文章在引发较小监控成本的前提下,进一步延长了恢复时间间隔,从而降低了恢复策略的总的实施成本。     

Case-Base Maintenance By Integrating Case-Index Revision and Case-Retention Policies in a Derivational Replay Framework

This article presents case-base maintenance policies for case index revision and case retention. The policies are formulated in the context of case-based planners performing case adaptation by derivational replay. I implemented these policies on a particular case-based planner and claim that my case-index revision policy improves the accuracy of the retrieval and that the case-retention policy filters redundant cases better than other case-retention policies known from the literature. My claims are validated by empirical validation. It will be seen that there is an interrelation between the two policies that improves the filtering process of the case-retention policy.     

Configuring policies in public health applications

Public health is a complex practice due to the requirements of different jurisdictions. These requirements present a challenging environment in which to develop public health applications; software must be flexible in order to adapt to the complexities of different jurisdictions. One approach is to integrate policy management. Policies that define the rules governing an application can be created, modified, or deleted based on the deployment of that application. This paper describes a software architecture and expert system implementation of a policy manager designed to address jurisdictional requirements in public health applications. We define our policy requirements and policy model, the components of the architecture, and how the architecture has been used to implement our policy manager. Finally, we present examples of how the policy manager has configured policies used in three public health applications.     

Distributed scheduling based on due dates and buffer priorities

Several distributed scheduling policies are analyzed for a large semiconductor manufacturing facility, where jobs of wafers, each with a desired due date, follow essentially the same route through the manufacturing system, returning several times to many of the service centers for the processing of successive layers. It is shown that for a single nonacyclic flow line the first-buffer-first-serve policy, which assigns priorities to buffers in the order that they are visited, is stable, whenever the arrival rate, allowing for some burstiness, is less than the system capacity. The last-buffer-first-serve policy (LBFS), where the priority ordering is reversed, is also stable. The earliest-due-date policy, where priority is based on the due date of a part, as well as another due-date-based policy of interest called the least slack policy (LS), where priority is based on the slack of a part, defined as the due date minus an estimate of the remaining delay, are also proved to be stable