a goal-based approach to policy refinement
DESCRIPTION
A Goal-based Approach to Policy Refinement. Arosha K Bandara , Emil C Lupu, Alessandra Russo Department of Computing, Imperial College London, UK Jonathan Moffett Department of Computer Science, University of York, UK POLICY 2004: 7-9 June 2004 IBM TJ Watson Research Laboratory, NY. - PowerPoint PPT PresentationTRANSCRIPT
A Goal-based Approach toPolicy Refinement
Arosha K Bandara, Emil C Lupu, Alessandra RussoDepartment of Computing, Imperial College London, UK
Jonathan MoffettDepartment of Computer Science, University of York, UK
POLICY 2004: 7-9 June 2004IBM TJ Watson Research Laboratory, NY
(c) DoC, Imperial College London, 2004
Motivation
P1
P2
P4
P3
Policy • Flexible
• Adaptable
• Scalable
Policies need to be correct, complete and valid Analyse policies to detect inconsistencies;
Derive policies from high-level requirements and system description
Objects
ActionsPolicy
Refinement
• Cassasa-Mont et al., “Policy Refinement Wizard”;• Various, “Domain/Role hierarchy traversal”
Events
Constraints
1
(c) DoC, Imperial College London, 2004
Refined
Policies
Analysis Framework
Property checks
Behavioural model of managed objects
Policy specification
Errors + Conflicts
Organisational model of managed objects
Ponder Language
• Supports relevant policy types
• Easy to use high-level policy language
State Charts
• Widely used notation.
• Easily translated into formal representation.
Domain Hierarchy
• Flexible approach that supports roles/relations.
• Part of Ponder framework.Logic Rules
• Suitable for interactionwith formal representation.
Goals Bandara et al., “Using Event Calculus to Formalise Policy Specification and Analysis”, POLICY 2003, Lake Como, June 2003
3
Low-level
Actions
Event Calculus
• Well understood formalism.
• Models event-driven systems.
• Use deduction for simple property checks
• Use abductive reasoning to deriveexplanations for property violations.
(c) DoC, Imperial College London, 2004
The Big Picture – An Example
Research
9.0.0.0/16
Router 3Core
8.0.0.0/16
Router 4ServerSite
12.0.0.0/16
Accounting
11.0.0.0/16Engineering
10.0.0.0/16
Router 1 Router 2
CICS
eComm
...
G5 – Traffic to Web Services
Applications on eComm
Server (tfcG5) get Gold QoS at peak time...
SLA Goal12.0.0.3
12.0.0.2
8.0.0.4
8.0.0.2
11.0.0.2
8.0.0.1
10.0.0.1
9.0.0.38.0.0.3
Verma D. C.,“Policy Validation and Translation Algorithms” in “Policy-based Networking”
on admit(webSvcTraffic)subject s = /DiffServManagertarget t = /routers/do t.setDSCP(DSCP) t.setMeter(Meter) t.setRateLimit(Limit) ...
SrcIP SrcPort TCP/UDP DestIP DestPort PHB RateLimit Overflow * * TCP 12.0.0.3 80 EF 10Mbps BestEffort12.0.0.3 * TCP * * EF 10Mbps BestEffort...
2
(c) DoC, Imperial College London, 2004
The Approach
Assign Resp.
SY
SR
EQ
GO
AL
SS
YS
TE
M C
OM
PO
NE
NT
S
Properties
Behaviour
Properties
Behaviour
Properties
Behaviour
Van Lamsweerde A., Darimont R. et al.,“Goal-directed Requirements Elaboration”
Goals
Objects / Ops
KAOS
Operational Goal
4
(c) DoC, Imperial College London, 2004
Properties
Behaviour
Properties
Behaviour
The Approach
Operational Goal
Assign Resp.
SY
SR
EQ
GO
AL
SS
YS
TE
M C
OM
PO
NE
NT
S
GX
GX2GX1
SX
SX1
ABDUCTION
SX2
ABDUCTION
AB
DU
CT
ION
Kelly T., et al.,“Goal Structured Notation (GSN)”
Goals
Objects / Ops
KAOS
5
(c) DoC, Imperial College London, 2004
Example - Revisited
int routerID
setDSCP(DSCP)
setMeter(Meter) setInRate(InRate)setScheduler(Scheduler)setOverflow(OF)
setOutRate(OutRate)
DiffServRouter
state(R, dscp, DSCP)
state(R, meterType, Meter)
state(R, rateLimit, InRate)
state(R, ofp, OF)
state(R, sched, Sched)
state(R, outRate, OutRate)
R.setDSCP(DSCP)
R.setMeter(Meter)
R.setInRate(InRate)
R.setOverflow(OF)
R.setScheduler(Sched)
R.setOutRate(OutRate)
6
Research
9.0.0.0/16
Router 3Core
8.0.0.0/16
Router 4ServerSite
12.0.0.0/16
Accounting
11.0.0.0/16Engineering
10.0.0.0/16
Router 1 Router 2
CICS
eComm
12.0.0.3
12.0.0.2
8.0.0.4
8.0.0.2
11.0.0.2
8.0.0.1
10.0.0.1
9.0.0.38.0.0.3 ...
G5 – Traffic to Web Services Applications on eComm
Server (tfcG5) get Gold QoS at peak time...
SLA Goal
(c) DoC, Imperial College London, 2004
Example – Goal Elaboration
admit(pkt, tfcG5) qos(pkt, gold)
7
P Q
P R R Q
routed(pkt, router, tfcG5) qos(pkt,gold)
admit(pkt, tfcG5) routed(pkt, router, tfcG5)
configured(pkt, router, gold) qos(pkt, gold)
routed(pkt, router, tfcG5) configured(pkt, router, gold)
(c) DoC, Imperial College London, 2004
state(r, dscp, parms.DSCP)
state(r, meter, parms.meterType)
state(r, inRate, parms.inRate)
state(r, ofp, parms.overflow)
state(r, outRate, parms.outRate)
calculatedParms(router, parms)
parmsSet(router, parms)
configured(pkt, router, gold)
routed(pkt, router, tfcG5)
Example – Goal Elaboration (contd.)admit(pkt, tfcG5) qos(pkt, gold)
provideQoS(gold)
config(router, gold)
r.setDSCP(dscp);
r.setMeter(meter);
r.setInRate(inRate);
….
8
(c) DoC, Imperial College London, 2004
Example – Goal Elaboration (contd.)
classifier(router, parms.DSCP)
meter(router, parms.meterType)
inRate(router, parms.inRate)
overflow(router, parms.overflow)
outRate(router, parms.outRate)
calculatedParms(router, parms)
parmsSet(router, parms)
configured(pkt, router, gold)
routed(pkt, router, tfcG5)
admit(pkt, tfcG5) qos(pkt, gold)
provideQoS(gold)
config(router, gold)
r.setDSCP(dscp);
r.setMeter(meter);
r.setScheduler(inRate);
….
9
???
2: Elaborate Goals Further
2: Extend System Description
1: Use Abstract Strategy
(c) DoC, Imperial College London, 2004
Strategies and Policies
S1 S2P1: { ... do S1 ...}
P2: { ... do S2 ...}
S1(x)
P1: { ... do S1 ...}
P2: { ... do S2 ...}
P3: { ... do S3 ...}
S1(y)
P1: { ... do S1(x) ...}
P2: { ... do S1(y) ...}
DIS
JOIN
TD
ISJO
INT
GO
AL
SG
OA
LS
MU
LT
IPL
EM
UL
TIP
LE
ST
RA
TE
GIE
S S
TR
AT
EG
IES
PA
RA
ME
TE
RIS
ED
PA
RA
ME
TE
RIS
ED
ST
RA
TE
GIE
SS
TR
AT
EG
IES
S1 S2 S3
10
(c) DoC, Imperial College London, 2004
Elaborate
Abduce
Pulling it together …
11
High-LevelPolicy
AB C
D
E
On admission of tfcG5 packet, (Event) if during peak times (Condition) ensure it receives gold QoS (Goal)
P Q
P R R Q
Patterns
On admitPkt(tfcG5) when time.between(“9:00”, “17:00”) subject s = /DiffServManager/; target t = /routers/; do t.setDSCP(dscp) t.setMeter(meter) ...
Objects
StrategyStrategyStrategyMap
Sel
ect
Sel
ect
(c) DoC, Imperial College London, 2004
Summary
• Goal elaboration provides a mechanism, supported by formal techniques, for deriving low-level system goals.
• Strategy, the set of actions that will achieve a given goal.
• Abductive reasoning can be used to identify strategies.
• Strategies can be used to specify the action clauses of the refined policies.
• High-level notations, e.g. UML, can be used to hide details of formal techniques from the user.
12
(c) DoC, Imperial College London, 2004
Future Directions
• Integrate this approach with the object refinement techniques identified previously [Bandara 2003].
• Develop techniques for Event/Constraint refinement.
• Develop tool support for the overall method.
• Evaluate by applying to real scenarios.
13
[Bandara 2003] Bandara et al., “Using Event Calculus to Formalise Policy Specification and Analysis”,
In Proceedings of POLICY 2003, Lake Como, June 2003
(c) DoC, Imperial College London, 2004
Emil LupuAlessandra Russo Jonathan Moffett
Morris Sloman Naranker Dulay
Thank You !
Questions?
END