A Policy-Based Approach to Governing Autonomous Behavior in Distributed Environments
September 15, 2004
Many emerging computational systems such as pervasive computing environments, the semantic web, grid computing, and multi-agent systems fit the paradigm of open, dynamic distributed systems. These systems have to accommodate a wide range of domain knowledge due to diverse organizational boundaries, adapt to heterogeneous, mobile, and semi-autonomous entities, and manage variations caused by the movement of users, ambiguous boundaries, and permutable services.
While past research has focused on managing behavior - including security, privacy, and management - in distributed environments that were fairly static, issues relating to regulating constantly evolving domains have not been as thoroughly explored. We argue that new techniques are required to govern the behavior of entities in these environments so that even though each entity takes individual decisions, the overall system objectives are also satisfied.
We propose that a declarative policy-based approach be used, where the norms or rules of ideal behavior of entities in these environments are described in a machine-understandable specification language. These policies describe what an entity can or must do in a certain context and allow the behavior of entities to be modified without affecting the underlying mechanisms and architecture. Along with providing the openness required in these environments, this approach also provides greater autonomy as entities can choose whether or not to accept a particular norm.
This dissertation aims to identify key issues relating to the policy-based government of open dynamic environments. In particular, the goal of this dissertation is to develop a policy framework that (1) includes an expressive and extensible language for describing policies for different kinds of behavior, (2) provides support for autonomous entities, (3) aids in policy development and maintenance, and (4) supports different methodologies for government.
The primary contribution of this dissertation is Rei, a policy specification language and methodology for building policy-directed architectures. Rei provides a novel combination of six features: (1) it can describe both positive and negative authorization and obligation policies, (2) it includes a policy engine, analysis tools, and a methodology for deploying policy frameworks, (3) it allows policies to be described in terms of attributes of users, actions, and other context and supports meta-policies for conflict resolution, (4) it provides greater extensibility as policies can be described over domain knowledge at different levels of abstractions, (5) it includes meta-policies for automated conflict resolution, and (6) it supports dynamic policy modification via speech acts.
To address the utility and practicality of the methodology and the specification language, the design and implementation of a number of distributed policy management applications are presented.
Note: to request a copy of this dissertation contact the author
PhdThesis
University of Maryland Baltimore County
Department of Computer Science and Electrical Engineering
Baltimore MD 21250
Google Scholar Citations: 10 citations