Refining policies from high level goals to enforceable specifications in asemi-automated and principled ways remains one of the most significant challenges in policy based systems. We have on two occasions attempted to tackle this challenges in collaboration with Dr Alessandra Russo at Imperial, Dr Arosha Bandara at the Open University and Dr Jorge Lobo at IBM. The first attempt wast done during the Dr Bandara’s PhD thesis. Continue reading
The Self-Managed Cell is an architectural pattern for building autonomous pervasive systems. It was developed in collaboration with Prof. Joe Sventek at the University of Glasgow, and with my colleagues Dr. Narnaker Dulay and Prof. Morris Sloman at Imperial College.
Ponder2 combines a general-purpose, distributed object management system with a Domain Service, Obligation Policy Interpreter, Command Interpreter and Authorisation Enforcement. The Domain Service provides an hierarchical structure for managing objects. The Obligation Policy Interpreter handles Event, Condition, Action rules (ECA). The Command Interpreter accepts a set of commands, compiled from a high-level language called PonderTalk, via a number of communications interfaces which may perform invocations on a ManagedObjectregistered in the Domain Service. The Authorisation Enforcement caters for both positive and negative authorisation policies, provides the ability to specify fine grained authorisations for every object and implements domain nesting algorithms for conflict resolution. Continue reading
Secure dissemination of data in crisis management scenarios is always difficult to achieve because network connectivity is intermittent or absent. In this work we have combined data-centric information protection techniques based on usage control, sticky policies and rights management with opportunistic networking to enable the dissemination of information between first responders in crisis management situations. The dissemination of keys for access to the information is controlled by a policy hierarchy that describes the permitted devolution of control. Policies are evaluated whenever two users are in proximity in the field and keys are distributed upon successful evaluation. Simulations with conservative mobility models show that the delay on information access i.e., the difference between the distribution of information and the distribution of keys remains small for realistic densities of users in the geographical areas.
Enrico Scalavino, Giovanni Russello, Rudi Ball, Vaibhav Gowadia, Emil Lupu. An opportunistic authority evaluation scheme for data security in crisis management scenarios. ASIACCS 2010: 157-168.