Policy Conflict Detection for Cfengine Project Report
نویسنده
چکیده
An ATP system, Bliksem, has been used for policy conflict detection in cfengine configurations. For this purpose, predicates corresponding to cfengine configuration directives have been developed, additional rules describing conflicting actions have been defined and a basic translator tool from the cfengine language to the TPTP language has been developed. Although some parts of the cfengine language are omitted by the translator tool and not all possible policy conflicts are detected, the project shows that using ATP systems for policy conflict detection in cfengine configurations is a feasible approach.
منابع مشابه
Recent Developments in Cfengine
Cfengine is a distributed agent framework for performing policy-based network and system administration. It is in widespread use on Unix and NT systems. This paper describes recent changes to the cfengine tool-set, including architectural changes in order to facilitate anomaly detection research, public key methods, improved scheduling technology and search filters.
متن کاملIntegration of cfengine and scli
The cfengine program is used to configure Unix machines. It is a policy engine which reads a file describing a policy how a system should be configured and tries to enforce this policy. The scli program is an SNMP management program which has among other features the ability to configure VLANs. The goal of this project is to integrate cfengine and scli so that the former can monitor and configu...
متن کاملConfigurable immunity for evolving human-computer systems
The immunity model, as used in the GNU cfengine project, is a distributed framework for performing policy conformant system administration, used on hundreds of thousands of Unix-like and Windows systems. This paper describes the idealized approach to policy-guided maintenance, that is approximated by cfengine, building on the notion of ‘convergent’ operations, i.e. those that reach stable equil...
متن کاملA Tiny Overview of Cfengine: Convergent Maintenance Agent
Cfengine is a distributed agent framework for performing policy-based network and system administration that is used on hundreds of thousands of Unix-like and Windows systems. This paper describes cfengine’s stochastic approach to policy implementation using distributed agents. It builds on the notion of ‘convergent’ statements, i.e. those which cause agents to gravitate towards an ideal config...
متن کاملAn Effective Modality Conflict Model for Identifying Applicable Policies During Policy Evaluation
Policy evaluation is a process to determine whether a request submitted by a user satisfies the access control policies defined by an organization. Modality conflict is one of the main issues in policy evaluation. Existing modality conflict detection approaches do not consider complex condition attributes such as spatial and temporal constraints. An effective authorization propagation rule is n...
متن کامل