The Ponder Policy Specification Language
نویسندگان
چکیده
The Ponder language provides a common means of specifying security policies that map onto various access control implementation mechanisms for firewalls, operating systems, databases and Java. It supports obligation policies that are event triggered condition-action rules for policy based management of networks and distributed systems. Ponder can also be used for security management activities such as registration of users or logging and auditing events for dealing with access to critical resources or security violations. Key concepts of the language include roles to group policies relating to a position in an organisation, relationships to define interactions between roles and management structures to define a configuration of roles and relationships pertaining to an organisational unit such as a department. These reusable composite policy specifications cater for the complexity of large enterprise information systems. Ponder is declarative, strongly-typed and object-oriented which makes the language flexible, extensible and adaptable to a wide range of management requirements.
منابع مشابه
Managing Security in Object-based Distributed Systems Using Ponder
Security management involves specification and deployment of access control policies as well as activities such as registration of users or logging and auditing events for dealing with access to critical resources or security violations. The management actions to be performed when an event occurs depend on the enterprise policy. Reusable composite policy specifications are important to cater fo...
متن کاملPonder: Realising Enterprise Viewpoint Concepts
This paper introduces the Ponder language for specifying distributed object enterprise concepts. Ponder, is a declarative language, which permits the specification of policies in terms of obligations, permissions and prohibitions and provides the means for defining roles, relationships and their configurations in nested communities. Ponder provides a concrete representation of most of the conce...
متن کاملPONDER for Specifying the Policies of Multimedia Sessions Management
Distributed multimedia systems allow a group of persons to see each other, communicate and work together on shared resources independently on their geographical positions. The multimedia systems rest on session concept to organize users in well defined groups. Many works realized inside the IETF (Internet Engineering Task Force) are devoted to the standardization of description, annoncement and...
متن کاملCompiling Policy Descriptions into Reconfigurable Firewall Processors
We describe a framework for capturing firewall requirements as high-level descriptions based on the policy specification language Ponder. The framework provides abstraction from hardware implementation while allowing performance control through constraints. Our hardware compilation strategy for such descriptions involves a rule reduction step to produce a hardware firewall rule representation. ...
متن کاملTools for domain-based policy management of distributed systems
The management of policies in large-scale systems is complex because of the potentially large number of policies and administrators, as well as the diverse types of information that need to be managed. Appropriate tool support is essential to make management practical and feasible. In this paper we present the implementation of an integrated toolkit for the specification, deployment and managem...
متن کامل