This paper presents a new verification and validation (V&V) technique for simulation using dynamic policy enforcement. Constraints are formally specified as policies, and they will be used to check whether simulation satisfies these policies at runtime. This paper also proposes a development framework where policies are developed along with system development and V&V. Once policies are extracted from requirements and specified in a policy specification language, the rest of the development work is automatically performed by the tools in the framework. Both security requirements and functional requirements can be specified as policies and dynamically enforced during the simulation. An automated tool is available for policy specification and enforcement, and it is fully integrated with the simulation infrastructure. This paper also presents a sample system that is modeled and simulated, and policies are used to verify and validate the system model. The paper also discusses the overhead imposed to perform this kind of automated policy-based V&V compared to the hard-coded implementation of the same approach.

Web Services Policy is used to specify service constraints. Although many efforts like WS-Policy have been done to provide declarative configuration languages, it is still hard to discover and exchange the configuration information in the service computing environment. A novel approach to share service knowledge and application-specific information is needed. In this paper, we model web service policy with corporate knowledge, which is defined as the amount of knowledge provided by individual agents. This approach provides a distributed knowledge management method to our proposed semantic policy framework that enables reasoning, which is necessary for policy creation, conflicts resolution and negotiation. 1.

Policies which address security and privacy are pervasive parts of both technical and social systems, and technology to enable both organizations and individuals to create and manage such policies is seen as a critical need in IT. This paper describes policy authoring as a key component to usable privacy and security systems, and advances the notions of policy templates in a policy management environment in which different roles with different skill sets are seen as important. We discuss existing guidelines and provide support for the addition of new guidelines for usable policy authoring for security and privacy systems. We describe the relationship between general policy templates and specific policies, and the skills necessary to author each of these in a way that produces high-quality policies. We also report on an experiment in which technical users with limited policy experience authored policy templates using a prototype template authoring user interface we developed.

Abstract—Using roles for modeling organizations has become common in commercial policy based access control systems and widely accepted in policy-based management research for the grouping of policies. In this paper we argue that the role abstraction is inflexible in the face of many forms of organizational change and thus only an appropriate abstraction for mostly static organizational structures. We describe a novel policy grouping abstraction based upon communities. We ground the community-based approach through an application to dynamic spectrum access. Keywords: Policy-based Management, roles, Communities, Spectrum Management I.

Abstract — This paper describes the Contract Expression Language (CEL), currently being developed at the industry consortium Content Reference Forum. The CEL is an XMLbased language designed to express contractual agreements between different parties for the purposes of capturing and communicating contractual information, and facilitating contract execution and enforcement by machines with respect to granted permissions, mandated obligations and stipulated prohibitions. In addition to modeling contractual agreements using the deontic concepts of rights, obligations and prohibitions, it has distinct features for specifying statements of intentional, factual and exclusive types, defining preference rules for resolving conflicts, and supporting lifecycles and trust management of contracts in open and distributed environments. This paper presents an overview of the CEL in terms of its data model, expressiveness and processing models, and illustrates its application in the Content Reference Framework for content distribution, and its compliance to the Business Collaboration Framework for ebusiness transactions.

We consider the distribution of real-time multimedia content (e.g., radio or TV broadcasts) through multiple aggregators. An aggregator is an intermediary content provider that operates a pool of proxy servers to aggregate content from sources and forward it to mobile hosts. Aggregators package content into channels (e.g., CNN or ABC) and offer them in various versions (e.g., using different encodings) that differ in quality or price. Mobile hosts receive channels via the wireless Internet, which consists of multiple types of wireless networks (e.g. 802.11 and UMTS). At specific locations, mobile hosts can connect to multiple networks simultaneously (e.g., in a hotspot) and can thus potentially receive different alternative versions of a channel from different aggregators through different interfaces.

Abstract not found

Abstract. We present a specification approach of secured systems as transition systems and security policies as constraints that guard the transitions. In this context, security properties are expressed as invariants. Then we propose an abduction algorithm to generate possible security policies for a given transition-based system. Because abduction is guided by invariants, the generated security policies enforce security properties specified by these invariants. In this framework we are able to tune abduction in two ways in order to: (i) filter out bad security policies and (ii) generate additional possible security policies. Invariant-guided abduction helps designing policies and thus allows using formal methods much earlier in the process of building secured systems. This approach is illustrated on role-based access control systems. 1