The Workshop programme includes 17 full papers and 13 position papers selected from 67 submissions; as well as 4 invited talks, a panel and two Birds of a Feather sessions.
The Workshop will be held in Room 102 of Glasgow Hall.
|
8:30-8:50
|
Sign-in & Coffee (Note: Due to security requirements participants must register in advance) |
|
8:50-9:00
|
Welcome, Bret Michael, Workshop Chair |
|
9:00-10:00
|
Invited Talk: Doug Tygar, University of California at Berkeley (Chair: Elisa Bertino) |
| Title: Security Challenges in the Small | |
|
10:00-10:30
|
Coffee |
|
10:30-11:45
|
Specification & Analysis (Chair: Naftaly Minsky) |
| Obligation Monitoring in Policy
Management
(Slides) Claudio Bettini, Sushil Jajodia, X. Sean Wang, Duminda Wijesekera University of Milan, George Mason University |
|
|
Utilising the Event Calculus for Policy Driven
Adaptation on Mobile Systems
(Slides) |
|
| Delegation of Obligations
(Slides) Andreas Schaad, Jonathan Moffett University of York |
|
|
11:45-1:00
|
Lunch |
|
1:00-2:15
|
Policy Management in the Large (Chair: Bret Michael) |
| A Hierarchical Policy Specification Language and
Enforcement Mechanism for Governing Digital Enterprises Xuhui Ao, Naftaly Minsky, Thu Nguyen Rutgers University |
|
| Originator Control in Usage Control Jaehong Park, Ravi Sandhu George Mason University |
|
| A Community Authorization Service for Group Collaboration Laura Pearlman, Von Welch, Ian Foster, Carl Kesselman, Steven Tuecke University of Southern California, University of Chicago, Argonne National Laboratory |
|
|
2:15-2:40
|
Coffee |
|
2:40-3:30
|
Network Management I (Chair: Francisco Garcia) |
| Policy-based Management for ALAN-Enabled Networks
(Slides) Ognjen Prnjat, Ioannis Liabotis, Temitope Olukemi, Lionel Sacks, Mike Fisher, Paul McKee, Ken Carlberg, Gregorio Martinez University College London, BTexact Technologies |
|
|
PoP - An Automated Policy Replacement Architecture for PBNM
(Slides) |
|
|
3:30-3:45
|
Coffee |
|
3:45-4:45
|
Position Papers I (Chair: Edgar Sibley) |
|
How Policy Empowers Business-Driven Device Management |
|
| A Policy Based Storage Management Framework Murthy Devarakonda, Jack Gelb, Avi Saha, Jimmy Strickland IBM Corporation |
|
| Policy Driven Data Administration Vishal Batra, Jaijit Bhattacharya, Harish Chauhan, Ajay Gupta, Mukesh Mohania, Upendra Sharma IBM India Research Lab, Indian Institute of Technology |
|
|
Dynamically Extensible Policy Server and Agent |
|
|
4:45-5:00
|
Coffee |
|
5:00-6:00
|
Position Papers II (Chair: Hanan Lutfiyya) |
|
Cross-Domain Access Control via PKI |
|
| Revocation Schemes for Delegated Authorities Babak Sadighi Firozabadi, Marek Sergot Swedish Institute of Computer Science (SICS), Imperial College London |
|
|
|
|
| Web-based Policy Deployment Management System Hosoon Ku, Hee-Gweon Son, Janos Facsko, Jason Tyrell, Alan Haines Ericsson Datacom Networks and IP Services |
|
|
PEM3 - the Policy Enhanced Memory Management Model |
|
|
6:00-6:15
|
Coffee |
|
6:15-7:15
|
Birds of a Feather Sessions (Parallel) |
| Session 1: (Chair: Ed Feustel, Dartmouth College) | |
| The Security Contract - An Evolving Definition
(Slides 1,
Slides 2) | |
| Sesson 2: (Chair: Petre Dini, Concordia University & Cisco Systems Canada) | |
| Dynamic Policy-based Control in Distributed Networks |
|
9:00-10:00
|
Invited Talk: Andrew Grimshaw, University of Virginia & Avaki Corporation (Chair: Morris Sloman) |
| Title: Grid Computing: Beyond the Cluster | |
|
10:00-10:30
|
Coffee |
|
10:30-11:45
|
Access Control (Chair: Emil Lupu) |
| Meta-Policies for Distributed
Role-Based Access Control Systems
(Slides) Andras Belokosztolszki, Ken Moody University of Cambridge |
|
|
A System to Specify and Manage Multipolicy Access Control Models
(Slides) |
|
|
The Specification and Enforcement of Advanced Security Policies
(Slides) |
|
|
11:45-1:00
|
Lunch |
|
1:00-2:15
|
Network Management II (Chair: Dinesh Verma) |
|
An Adaptive Policy Based Management Framework for Differentiated Services
Networks |
|
| A Policy Based QoS Management System for the IntServ/DiffServ
Based Internet Appan Ponnappan, Lingjia Yang, Radhakrishna Pillai, Peter Braun Kent Ridge Digital Labs, Siemens AG |
|
| A Policy-based Approach to Personalization of Communication
over Converged Networks Patricia Lago (Paper presented by Riccardo Scandariato) Politecnico di Torino |
|
|
2:15-2:30
|
Coffee |
|
2:30-3:45
|
Panel (Chair: Morris Sloman, Imperial College, London) |
|
Title: Is a Universal Approach to Policy
Specification and Deployment for Network
and Security Management Feasible? Click here for details |
|
|
3:45-4:15
|
Coffee |
|
4:15-5:30
|
Position Papers III (Chair: Andrea Westerinen) |
| A Multi-domain Security Policy Distribution Architecture
for Dynamic IPsec VPN Management Abdelmaleck Benzekri, François Barrère, Frédéric Grasset, Romain Laborde UPS-IRIT Toulouse |
|
| Policy-Driven Access Control over a Distributed Firewall
Architecture
(Slides) Theo Dimitrakos, Ivan Djordjevic, Brian Matthews, Juan Bicarregui, Chris Phillips Rutherford Appleton Laboratory, Queen Mary College London |
|
|
A Weakly Coupled Adaptive Gossip Protocol for Application Level Active
Networks
(Slides) |
|
| Applying Trust Policies for Efficiently Protecting
Mobile Agents Against DoS Attacks
(Slides) Biljana Cubaleska, Markus Schneider University of Hagen, Institute for Secure Telecooperation Darmstadt |
|
|
A Policy-based Infrastructure for the Dynamic Control of Agent Mobility
(Slides) |
|
|
7:00-10:30
|
Monterey Bay Aquarium: Outer Bay Strolling Dinner |
| 9:00-10:00 | Invited Talk: Peter Linington (University of Kent) (Chair: Jorge Lobo) |
| Title: Enterprise Policies and
Shrink-wrapped Systems
(Slides) | |
|
10:00-10:30
|
Coffee |
|
10:30-11:45
|
Trust (Chair: Ravi Sandhu) |
|
Requirements for Policy Languages for Trust Negotiation |
|
|
Towards Practical Automated Trust Negotiation |
|
| Policies in Accountable Contracts
(Slides) Brian Shand, Jean Bacon University of Cambridge |
|
Tim Moses (Entrust Inc), Naftaly Minsky (Rutgers University), Andrea Westerinen (Cisco Inc), Dinesh Verma (IBM T.J. Watson Research Center)
|
Policy is being widely used in enterprises for defining strategies for quality of service management, storage backup, system configuration as well as security authorization and management. A typical enterprise has routers, firewalls, web-servers, databases and workstations, all with different techniques, and possibly some limited vendor-specific tool-support for specifying policy. Ideally, a common approach to specifying and deploying policy for all aspects of policy based management would permit a 'holistic' approach to defining and disseminating policies which reflect the overall strategy or goals of the organisation. A common, standard set of tools and techniques used throughout the enterprise would simplify analysis and reduce inconsistencies and conflicts in the policies deployed across the various components within the enterprise and allow policy exchange with external service providers. However, as indicated by the diverse set of programming and scripting languages used within a typical large enterprise, the concept of universal programming language has never been successful. Why should a common approach succeed for policy specification and deployment? There has been considerable activity in various standards bodies relating to specifying policies for network and systems management, security and role based access control (RBAC). The IETF and DMTF have been concentrating on information models for management policies, protocols for transferring policies to network devices and routing policies; NIST has been pushing an RBAC standard, the ODP activities have been proposing community objectives with roles, obligations and authorizations and the Oasis consortium are working on XML based specification of access control policies and authentication information. All these divergent 'standards' activities may generate incompatible policy-based solutions which cover a narrow field of application and prevent a common approach. Standards organisations are very slow in trying to reach consensus. Often the outcome is a compromise between so many different entrenched positions, that it is technically cumbersome and very complex. Large vendors often provide tools that only support their own specific products. Independent policy tool suppliers may not have the resources to develop support for a wide range of products. The panel will address the following issues: |
|
|
•
|
How do we derive policies from business goals? |
|
•
|
Is the concept of a universal approach to defining and deploying policy an unreachable 'holy-grail'? |
|
•
|
Are management and security policies too different for a common approach? |
|
•
|
Would a universal policy specification and deployment toolkit be too complex to be practical? |
|
•
|
Do standards hinder the adoption of a common approach to Policy Based Systems? |
|
•
|
Who will develop tools to support the common policy approach? |
|
•
|
Will large-vendor approaches dominate the market or is there a place for start-ups? |