1 / 42

Integrated Development Environment for Policies

Integrated Development Environment for Policies. Anjali B Shah Department of Computer Science and Electrical Engineering University of Maryland Baltimore County. Presentation Outline. Problem Description Related Work Thesis Contribution RIDE Framework RIDE Policy Toolkit

siran
Download Presentation

Integrated Development Environment for Policies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Integrated Development Environment for Policies Anjali B Shah Department of Computer Science and Electrical Engineering University of Maryland Baltimore County

  2. Presentation Outline • Problem Description • Related Work • Thesis Contribution • RIDE Framework • RIDE Policy Toolkit • Namespace Manager • Policy Creation Interface • Policy Test-case Creation Interface • Future Work • Conclusion

  3. Problem Description • Policy-based governing frameworks are being increasingly used in a wide range of systems • These range from simple and static to increasingly complex, open, dynamic distributed environments • There is not much work in policy development that meets the requirements of these wide range of policy-based environments

  4. Problem Description (Cont.) • Some of these requirements that outline features for policy management tools to support: • User-friendly and extensible interface • Simplification of the inherently error-prone and complex policy creation process • Ability to accommodate information spanning several domains • Facility for group policy specification • Ability to test policy conformance • Support to facilitate dynamic policy modification

  5. Related Work • IBM’s P3P Policy Editor • Editor for EPAL Policy language • Ponder Policy Management Toolkit • KPAT – The KAoS Policy Administration Toolkit • Policy-Editor for KeyNote

  6. Thesis Contribution • Prior two iterations in UI development for policies • RIDE (Rei Integrated Development Environment) – A Wizard-based IDE for Policies. Comprises of: • Namespace Manager • Policy Creation Interface • Policy Test-case Creation Interface • RIDE supports a unique combination of following features: • Policy creation about speech acts that are used for dynamic policy management • Provision of support to test policy conformance

  7. Thesis Contribution (Cont.) • Ability to accommodate information spanning multiple domains by allowing the domain knowledge to be expressed using ontology languages • Automation of the policy creation process by automatically generating user-defined policies in Rei • Ability to express individual as well as group policies • Ease of management of domain information by offering the option of namespace template creation • User-friendly and extensible user interface

  8. RIDE Framework • Eclipse Framework • RIDE is developed as a pluggable component of the Eclipse framework • It uses Eclipse SWT, Jface API for UI development • Jena Toolkit • Rei Policy Specification Language • Model-View-Controller Architecture • Model: Stores data for components in the GUI • View: Creates visual representation of the components • Controller: Updates model and/or view in response to user interactions with the GUI

  9. RIDE Framework (cont.) RIDE Framework based on MVC Architecture PolicyRuleModel PolicyNamespace PolicyUnitTest Updates Notifies Contains Interacts Actor Action PolicyCreation Policy DL

  10. RIDE Framework (cont.) • PolicyRuleModel: As per the MVC paradigm, this class represents the model in RIDE framework • PolicyNamespace: Represents integrated view-controller pair • PolicyCreation: Represents an integrated view-contoller pair and consists of following nested views: • Actor • Action • Deontic Literal • Policy

  11. RIDE Framework (cont.) • PolicyUnitTest: Represents an integrated view-controller pair and provides an interface with Rei Engine • Behavior described by Observer Design Pattern exists between following pairs of views: • PolicyNamespace – Actor • PolicyNamespace – Action • Actor – Action • Actor – Policy • Action – Policy • PolicyNamespace – PolicyUnitTest

  12. Namespace Manager • Namespace Manager supports the following features to facilitate domain information specification: • Pre-specified Domain Independent Information • Furnishes necessary information about domain independent ontologies • Namespace Templates • Provides options to create and delete namespace domains, add to and remove from namespace domains • Direct Namespace Loading • Provides the option to enter namespace information without adding it to templates.

  13. Namespace Manager (Cont.)

  14. Namespace Manager (Cont.) Template Creation using Namespace Manager

  15. Namespace Manager(Cont.) Namespace Addition to Template

  16. Namespace Manager (Cont.) Namespace Deletion from Template

  17. Namespace Manager (Cont.) Direct Namespace Loading

  18. Policy Creation Interface • Rule Creation Process • Involves making selections in Rules’ section of Actor, Deontic Literal and Action tab pages • Speech Act Creation Process • First half of speech act creation is similar to rule creation process • Second half requires users to make selections on Policy tab page • Constraint Creation Process • Involves making selections in Constraints’ section of Actor and Action tab pages

  19. Rule Creation Process Actor Selection for Rule Creation

  20. Rule Creation Process (Cont.) Modality Selection for Rule Creation

  21. Rule Creation Process (Cont.) Action Selection for Rule Creation

  22. Rule Creation Process (Cont.) Completion of Rule Creation Process

  23. Policy Creation Interface (Cont.) • Rule Creation Process • Involves making selections in Rules’ section of Actor, Deontic Literal and Action tab pages • Speech Act Creation Process • First half of the process is similar to rule creation process • Second half requires users-selections on Policy tab page • Constraint Creation Process • Involves making selections in Constraints’ section of Actor and Action tab pages

  24. Speech Act Creation Process First Step in Speech Act Creation Process

  25. Speech Act Creation Process Second Step in Speech Act Creation Process

  26. Policy Creation Interface (Cont.) • Rule Creation Process • Involves making selections in Rules’ section of Actor, Deontic Literal and Action tab pages • Speech Act Creation Process • First half of speech act creation is similar to rule creation process • Second half requires users to make selections on Policy tab page • Constraint Creation Process • Involves making selections in Constraints’ section of Actor and Action tab pages

  27. Constraint Creation Process Simple Constraint Creation Process

  28. Constraint Creation Process Booelan Constraint Creation Process

  29. Policy Creation Interface (Cont.) • Granting Object Creation Process • Adds a constraint to an existing rule to form a new rule. Allows re-use of rules in different policies with varied constraints • Policy Creation Process • Entails prior creation of rules, constraints, speech acts, granting objects • Allows individual as well as group policies to be created • Has ability to create security, management and conversation policies • Meta-policy Creation Process • Creates meta-policies over policies that are found to be conflicting

  30. Granting Object Creation Process Granting Object Creation Process

  31. Policy Creation Interface (Cont.) • Granting Object Creation Process • Adds a constraint to an existing rule to form a new rule. Allows re-use of rules in different policies with varied constraints • Policy Creation Process • Entails prior creation of rules, constraints, speech acts, granting objects • Allows individual as well as group policies to be created • Has ability to create security, management and conversation policies • Meta-policy Creation Process • Creates meta-policies over policies that are found to be conflicting

  32. Policy Creation Process Policy Creation Process

  33. Policy Creation Interface (Cont.) • Granting Object Creation Process • Adds a constraint to an existing rule to form a new rule. Allows re-use of rules in different policies with varied constraints • Policy Creation Process • Entails prior creation of rules, constraints, speech acts, granting objects • Allows individual as well as group policies to be created • Has ability to create security, management and conversation policies • Meta-policy Creation Process • Creates meta-policies over policies that are found to be conflicting

  34. Meta-policy Creation Process Meta-policy Creation Process

  35. Policy Creation Interface (Cont.) Policy File Creation Process

  36. Policy Creation Interface (Cont.) Policy File showing Auto-generated OWL Code

  37. Provides an interface to create test-cases over policy files generated through the policy creation interface Verifies the correctness of individual test-cases (policy units/modules) to test policy conformance Interface with Rei Engine helps compute results for the test-cases Policy Test-case Creation Interface Policy File Verification for Correctness

  38. Policy Test-case Creation Process Policy Test-Case Creation Process

  39. Policy Test-case Creation Process (Cont.) Policy Test-Case Results

  40. Future Work • Some of the useful features that future work on RIDE can provide: • Extension of RIDE’s interface to support creation and manipulation of domain related ontologies • Extension of the interface to support a graphical domain browser to view relationships between policies for a given domain • Ability to create and modify policies using such a browser that automatically detects inconsistencies arising among policies • Provision for meta-policy creation to declare default behavior or priority between rules

  41. Conclusion • RIDE, the main contribution of this thesis, provides a user-friendly and extensible graphical user interface • Provides support to test policy conformance • Automates and simplifies the error-prone and complex policy creation process • Provides options such as template creation to facilitate domain information specification • Has the ability to create policies over specific instances or groups of actors and actions

  42. Conclusion (Cont.) • Being a plug-in extension of Eclipse gives it the advantage of being easily extensible, but cannot be used as a stand-alone application • Supports no graphical interface for creating, modifying and browsing domain ontologies and browsing, modifying the policies created through the wizard • Supports no automatic detection of conflicts that arise out of inconsistencies between policies

More Related