Research Notes - Policy-based Management

Discussion (taken from vdm/noms/2018)

Understanding the role of policies and the policy-based approach requires some historical context. The separation of strategy from system (design and process) was first described in (Hansen 1970).

Policy was first used in the 1970’s for security (Bell, 1973) where a relation W provides access control rules to govern system security. These rules help to govern state transitions on receiving requests. (Dobson, 1989) states that a system specification describes what a system does while a policy describes how. Here, the dynamic features are policy, role, and control.

In the mid 1970’s operating systems began using the term policy as an artifact of control (Levin, 1975), where users could influence kernel-space decisions without requiring an expensive kernel to user space switch. In (Jomier, 1981) the authors separate static and dynamic policies for memory allocation, for static memory allocated at scheduling time with dynamic memory changing with the process. The policy/mechanism principle for operating system resource allocation is introduced in (Levin, 1975), while (Day, PNA, 2007) explains how this principle can be applied to networks and their management.

Policies are first used in communication systems in (Rouse, 1979) to control sharing resources as rules for control. In (Kamoun, 1981) rules are used to detect and later prevent network congestion.

Event Condition Action (ECA) rules appear first in active databases (Dayal, 1988). A defined event triggers the evaluation of a defined set of queries (condition) and a defined action is executed if the condition is satisfied. The processing of rules is strongly associated to database transactions. Event types for ECA are defined as database operation, temporal, and external notification. An architecture for an active database management system with CA and ECA policies is described in (McCarthy, 1989).

Policy as a paradigm for network management was defined by Sloman’s Imperial College research team. This work was, at least partially, based on ODP and OSI’s network management (Sloman, 1990), also introducing domains. One of the main focus points was access control (Moffet, 1990). Policy for network management then is originally defined in (Sloman, 1994), based on earlier work (Robinson, 1988) (Twidle, 1988), as well as the PhD thesis' of Robinson (1988), Moffet (1990), and Twidle (1993). Originally focusing on access control, the work introduced domains, subject, and target, plus policy categories (and models) and a policy system (with language and tooling) called Ponder. This is then followed by policy standards, such as the IETF policy framework, DMTF CIM, TMF SID, to name a just view. A detailed historic perspective on policy can be found in (Boutaba, 2007).

A deep understanding of policy requires study of policy frameworks (Triantafyllopoulou, 2013), approaches (Phan, 2008), and concepts for specifications (Damianou, 2002). Policies from different domains were also analyzed, such as cognitive radio (Mitola, 2009), security (Han, 2012), network traffic and QoS (Stone, 2001), and XML and open environments (Yagüe, 2006).

Approaches for models that allow multiple PMs in a single PDM have been developed in (Strassner, 2004) and more recently in (Strassner, 2017). Here, each PM is bound to its specific definitions, for instance an ECA policy is bound to its inherent rule structure, so while being extensible, it is not easy to add new policy models.

A better approach is to specify a formal taxonomy that informs a formal PDM, independent of any specific PM, for instance in (Davy, 2008).

Tool support for syntactic and semantic translation between models can be achieved (Barrett, 2007/GIIS) and (Barrett, 2007/MACE). However, it is important to note that semantic translation cannot be fully automated. In (Brennan, 2010) we study inter-domain relationships and policy translation, both important aspects. We have summarized today’s challenges for policy-based management in [39] and [40].

P. Brinch Hansen: The nucleus of a multiprogramming system, 1970

  • Reasons to read: first principle of separation of strategy from process

  • Published: Communications of the ACM CACM, Volume 13 Issue 4, April 1970, Pages 238-241

  • Links: DOIPDF ┃ skb: src

D. Elliott Bell, Leonard J. LaPadula: Secure Computer Systems: Mathematical Foundations, 1973

  • Reasons to read: access control rules to govern system security, relation W provides rules of access control governing system security, rule helps system in any state to decide on request and move to next state

  • Published: MITRE Technical Report 2547, Volume I, March 1, 1973

  • Links: PDF ┃ skb: src

R. Levin et al.: Policy/Mechanism Separation in Hydra, 1975

  • Authors: R. Levin, E. Cohen, W. Corwin, F. Pollack, W. Wulf

  • Reasons to read: first principle of separation of mechanism and policy, policy is artifact of control for mechanisms, separates kernel level decision making from user level decision declaration

  • Published: SOSP '75 Proceedings of the fifth ACM Symposium on Operating Systems Principles, pages 132-140

  • Also: ACM SIGOPS Operating Systems Review 9(5):132-140 · November 1975

  • Links: DOIResearchGatePDF ┃ skb: src

William B. Rouse et al.: A Model-Based Approach to Policy Analysis in Library Networks, 1979

  • Authors: William B. Rouse, Sandra H. Rouse

  • Reasons to read: policy to control sharing resources, rules for the control of how to share resources (and rule analysis)

  • Published: IEEE Transactions on Systems, Man, and Cybernetics (Volume: 9, Issue: 9, Sept. 1979)

  • Links: DOI ┃ skb: src

Geneviève Jomier: A Mathematical Model for the Comparison of Static and Dynamic Memory Allocation in a Paged System, 1981

  • Reasons to read: separate static and dynamic policies for memory allocation, static: memory allocated at scheduling time, dynamic: memory evolves with process

  • Published: IEEE Transactions on Software Engineering (Volume: SE-7, Issue: 4, July 1981)

  • Links: DOI ┃ skb: src

Farouk Kamoun: A Drop and Throttle Flow Control Policy for Computer Networks, 1979

  • Reasons to read: rules to detect and later prevent network congestion

  • Published: IEEE Transactions on Communications (Volume: 29, Issue: 4, Apr 1981)

  • Links: DOI ┃ skb: src

Umeshwar Dayal et al.: The HiPAC project: combining active databases and timing constraints, 1988

  • Authors: Umeshwar Dayal, Barbara Blaustein, Alejandro Buchmann, Sharma Chakravarthy, Meichun Hsu, R. Ledin, Dennis R. McCarthy, Arnon Rosenthal, S. Sarin, M. J. Carey, Miron Livny, R. Jauhari

  • Reasons to read: origin of Event Condition Action (ECA) rules

    • Defines ECA rules – Event, Condition, Action

      • Event triggers rule, i.e. condition evaluation

      • Condition is set of queries

      • Action is executed when rule is triggered and condition is satisfied

    • Processing rules is strongly related to database transactions

    • Two couplings are defined: E-C and C-A

    • Event types: database operation, temporal, external notification

    • Funded by DARPA

  • Published: ACM SIGMOD Record - Special Issue on Real-Time Database Systems, Volume 17 Issue 1, March, 1988, Pages 51 - 70

  • Links: DOIResearchGate ┃ skb: src

Dennis R. McCarthy et al.: The Architecture Of An Active Data Base Management System, 1989

  • Authors: Dennis R. McCarthy, Umeshwar Dayal

  • Reasons to read: extension of ECA rules for databases, architecture of a resulting active database management system

  • Published: SIGMOD '89 Proceedings of the 1989 ACM SIGMOD international conference on Management of data, Pages 215-224, Portland, Oregon, USA

  • Links: DOIPDF ┃ skb: src

D.C. Robinson et al.: Domains: a new Approach to Distributed System Management, 1988

  • Authors: D.C. Robinson, Morris Sloman

  • Reasons to read: early work on policy in network management

  • Published: 1988 Proceedings. Workshop on the Future Trends of Distributed Computing Systems in the 1990s

  • Links: DOIPDF ┃ skb: src

K. Twidle et al.: Domain based Configuration and Name Management for Distributed Systems, 1988

  • Authors: K. Twidle, Morris Sloman

  • Reasons to read: early work on policy in network management

  • Published: 1988 Proceedings. Workshop on the Future Trends of Distributed Computing Systems in the 1990s

  • Links: DOIPDF ┃ skb: src

J. E. Dobson et al.: A Framework for expressing Models of Security Policy, 1989

  • Authors: J. E. Dobson, J. A. McDermid

  • Reasons to read: system specification describes what a system does while a policy describes how, dynamic features are policy, role, and control

  • Published: Proceedings. 1989 IEEE Symposium on Security and Privacy

  • Links: DOI ┃ skb: src

Jonathan Moffett et al.: Specifying Discretionary Access Control Policy for Distributed Systems, 1990

  • Authors: Jonathan Moffett, Morris Sloman, Kevin Twidle

  • Reasons to read: defines policy as a paradigm for network management

  • Published: Computer Communications, Volume 13, Issue 9, November 1990, Pages 571-580

  • Links: DOIPDF ┃ skb: src

Morris J. Sloman: Management for Open Distributed Processing, 1990

  • Reasons to read: management in context of ODP and OSI, introduces domains

  • Published: 1990 Proceedings Second IEEE Workshop on Future Trends of Distributed Computing Systems

  • Links: DOIPDF ┃ skb: src

Morris J. Sloman: Policy driven Management for Distributed Systems, 1994

  • Reasons to read: defines policy as a paradigm for network management

  • Published: Journal of Network and Systems Management (JNSM), December 1994, Volume 2, Issue 4, pp 333–360

  • Links: DOIPDF ┃ skb: src

Gary N. Stone et al.: Network Policy Languages: A Survey and a New Approach, 2001

  • Authors: Gary N. Stone, Bert Lundy, Geoffrey G. Xie

  • Reasons to read: survey of policy languages, and an approach for them

  • Published: IEEE Network (Volume: 15, Issue: 1, Jan/Feb 2001)

  • Links: DOIPDF ┃ skb: src

N. C. Damianou et al.: A Survey of Policy Specification Approaches, 2002

  • Authors: N. C. Damianou, A. K. Bandara, Morris Sloman, Emil C. Lupu

  • Reasons to read: survey of policy specification approaches / languages

  • Published: Imperial College, London, Tech. Rep., 2002. [Online]

  • Links: CiteSeerPDF: ICPDF: ResearchGate ┃ skb: src

John C. Strassner: Policy-based Network Management: Solutions for the Next Generation, 2004

Mariemma I. Yagüe: Survey on XML-Based Policy Languages for Open Environments, 2006

  • Reasons to read: early work on policy in network management

  • Published: Journal of Information Assurance and Security 1 (2006) 11-20

  • Links: CiteSeerResearchGatePDF ┃ skb: src

Keara Barrett et al.: A Model Based Approach for Policy Tool Generation and Policy Analysis, 2007

  • Authors: Keara Barrett, Steven Davy, John Strassner, Brendan Jennings, Sven van der Meer, William Donnelly

  • Reasons to read: tool support for syntactic and semantic translation between models can be achieved

  • Published: 2007 First International Global Information Infrastructure Symposium, GIIS

  • Links: DOIResearchGate ┃ skb: src

Keara Barrett et al.: Determining the Feasibility of Policy Translation, 2007

  • Authors: Keara Barrett, John Strassner, Sven van der Meer, William Donnelly

  • Reasons to read: policy translation is possible

  • Published: Second IEEE International Workshop on Modelling Autonomic Communications Environments, MACE 2007

  • Links: skb: src

Raouf Boutaba et al.: Policy-based Management: A Historical Perspective, 2007

  • Authors: Raouf Boutaba, Issam Aib

  • Reasons to read: history and evolution of policy in management, recursive models, good source for references on policy

  • Published: Journal of Network and Systems Management, December 2007, Volume 15, Issue 4, pp 447–480

  • Links: DOIPDF ┃ skb: src

Steven Davy et al.: The Policy Continuum – Policy Authoring and Conflict Analysis, 2008

  • Authors: Steven Davy, Brendan Jennings, John Strassner

  • Reasons to read: a continuum for policies, multiple policy models

  • Published: Computer Communications, Volume 31, Issue 13, 15 August 2008, Pages 2981-2995

  • Links: DOIPDF ┃ skb: src

Tan Phan et al.: A Survey of Policy-Based Management Approaches for Service Oriented Systems, 2008

  • Authors: Tan Phan, Jun Han, Jean-Guy Schneider, Tim Ebringer, Tony Rogers

  • Reasons to read: survey of policy-based management approaches

  • Published: 19th Australian Conference on Software Engineering (aswec 2008)

  • Links: DOIResearchGate ┃ skb: src

Joseph Mitola III: Cognitive Radio Policy Languages, 2009

  • Reasons to read: survey of policy languages, here cognitive radio

  • Published: 2009 IEEE International Conference on Communications

  • Links: DOI ┃ skb: src

Rob Brennan et al.: Multidomain IT Architectures for Next-Generation Communications Service Providers, 2010

  • Authors: Rob Brennan, Kevin Feeney, John Keeney, Declan O’Sullivan, Joel J. Fleck, Simon Foley, Sven van der Meer

  • Reasons to read: inter-domain relationships and policy translation

  • Published: IEEE Communications Magazine (Volume: 48, Issue: 8, August 2010)

  • Links: DOIResearchGatePDF: TCD ┃ skb: src

Weili Han et al.: A Survey on Policy Languages in Network and Security Management, 2012

*Authors: Weili Han, Chang Lei * Reasons to read: servey of policy languages, here for security * Published: Computer Networks, Volume 56, Issue 1, 12 January 2012, Pages 477-489 * Links: DOIPDF ┃ skb: src

Dionysia Triantafyllopoulou et al.: Existing Policy Frameworks: An Overview, 2013

  • Authors: Dionysia Triantafyllopoulou, Adrian Kliks, Valentin Rakovic, Liljana Gavrilovska

  • Reasons to read: survey of policy frameworks

  • Published: ISWCS 2013; The Tenth International Symposium on Wireless Communication Systems, Cognitive Radio Advances, Applications and Future Emerging Technologies (CRAFT) Workshop

  • Links: eXploreSurrey ┃ skb: src

John C. Strassner et al.: Generic Policy Information Model for simplified use of poLicy Abstractions (SUPA), 2017

  • Authors: John C. Strassner, Joel Halpern, Sven van der Meer

  • Published: IETF draft, version 3, May 2017

  • Links: IETF ┃ skb: src

APEX

John Keeney et al.: Towards Real-time Management of Virtualized Telecommunication Networks, 2014

  • Authors: John Keeney, Sven van der Meer, Liam Fallon

  • Published: 10th International Conference on Network and Service Management (CNSM) and Workshop, 2014

  • Links: DOIResearchGate ┃ skb: src

Sven van der Meer et al.: Dynamically Adaptive Policies for Dynamically Adaptive Telecommunications Networks, 2015

  • Authors: Sven van der Meer, John Keeney, Liam Fallon

  • Published: 2015 11th International Conference on Network and Service Management (CNSM)

  • Links: DOIResearchGate ┃ skb: src

Liam Fallon et al.: APEX: An Engine for Dynamic Adaptive Policy Execution, 2016

  • Authors: Liam Fallon, Sven van der Meer, John Keeney

  • Published: 2016 IEEE/IFIP Network Operations and Management Symposium, NOMS 2016

  • Links: DOIResearchGate ┃ skb: src

Liam Fallon et al.: Distributed Management Information Models, 2017

  • Authors: Liam Fallon, John Keeney, Sven van der Meer

  • Published: 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), IM 2017

  • Links: DOIResearchGate ┃ skb: src

Liam Fallon et al.: Using the COMPA Autonomous Architecture for Mobile Network Security, 2017

  • Authors: Liam Fallon, John Keeney, Mark McFadden, John Quilty, Sven van der Meer

  • Published: 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), IM 2017

  • Links: DOIResearchGate ┃ skb: src

Joseph McNamara et al.: A Testbed For Policy Driven Closed Loop Network Management, 2018

  • Authors: Joseph McNamara, John Keeney, Liam Fallon, Sven van der Meer, Enda Fallon

  • Published: 2018 IEEE/IFIP Network Operations and Management Symposium, NOMS 2018

  • Links: DOIResearchGate ┃ skb: src

Sven van der Meer et al.: Taming Policy Complexity: Model to Execution, 2018

  • Authors: Sven van der Meer, John Keeney, Liam Fallon

  • Published: 2018 IEEE/IFIP Network Operations and Management Symposium, NOMS 2018

  • Links: DOIResearchGate ┃ skb: src

Sven van der Meer et al.: 5G Networks Must Be Autonomic!, 2018

  • Authors: Sven van der Meer, John Keeney, Liam Fallon

  • Published: 2018 IEEE/IFIP Network Operations and Management Symposium, NOMS 2018

  • Links: DOIResearchGate ┃ skb: src

Sven van der Meer et al.: Demo: Adaptive Policy Execution (APEX), 2018

  • Authors: Sven van der Meer, John Keeney, Liam Fallon, Joseph McNamara

  • Published: 2018 IEEE/IFIP Network Operations and Management Symposium, NOMS 2018

  • Links: DOIResearchGate ┃ skb: src