Information Technology Reference
In-Depth Information
the new rule as if being installed. The new rule-base will have clear marking of parts
that did not change, so that the re-write will have only a slight impact on the overall
performance — around sub-ranges with modified modalities.
7
Conclusion
Rule-based systems control access to critical mission resources. Traditional handling
of rule bases involves cumbersome manual configuration that prevents both dynamic
creation of new services and quick response to the unexpected. We argue that more
general approach is needed to combine access control and behaviour definition rules
within a single framework; if based on
event-action
paradigm it enables very fine-
grained and secure network programmability. Programmable rule-based system im-
plementation has to be highly efficient even in presence of changes in rule bases at
run-time, when rebooting or suspending of system operation is impossible. However,
any new rule being injected into running system may cause conflicts with already
installed rules. We propose an approach of automatic conflict resolution based on
conflict resolution rules.
To achieve high performance rules are organised based on their usage frequency.
Even if conflicts are detected and resolved, a new rule will degrade performance if a
rule designer is not synchronised with the current state of a rule base. We demonstrate
that innovative use of FGK algorithm can solve this issue, so that new rules are in-
jected into a rule base in way that is natural for its current state.
References
1. Arens, Y., Rosenbloom, P. (Eds).
Responding to the unexpected
. Report of the Workshop,
New York, N,Y., Feb. 27 - Mar. 1, 2002, URL http://crue.isi.edu/research/report.html
2. Damianou, N., Dulay, N., Lupu, E., Sloman, M.,
Ponder: A Language for Specifying Secu-
rity and Management Policies for Distributed Systems
, The Language Specification Version
2.3, Imperial College Research Report DoC 2000/1, 20 October, 2000, URL http://www-
dse.doc.ic.ac.uk/policies
3. David F. Ferraiolo, Ravi Sandhu, Serban, Gavrila, D. Richard Kuhn and Ramaswamy
Chandramouli
Proposed NIST Standard for Role-Based Access Control
ACM Transactions
on Information and Systems Security, Volume 4, Number 3 / August 2001
http://www.list.gmu.edu/journal_papers1.htm
4. Lupu, E. and Sloman, M.: "
Conflicts in Policy-based Distributed Systems Management
"
IEEE Transactions on Software Engineering — Special Issue on Inconsistency Manage-
ment, Vol 25, No. 6 Nov. 1999, pp. 852-869.
URL: http://www-dse.doc.ic.ac.uk/~mss/emil/tse.pdf
5.
The CIM Tutorial
, Distributed Management Task Force, Inc. , 2003,
URL http:// www.dmtf.org/education/cimtutorial/index.php
6. Smirnov, M.:
Security Considerations and Models for Service Creation in Premium IP Net-
works
, LNCS 2052, pp.51-63
7. Lelewer, D., Hirschberg, D.:
Data Compression
http://www1.ics.uci.edu/~dan/pubs/DataCompression.html
