Programme (Provisional)

The Workshop programme includes 17 full papers and 13 position papers selected from 67 submissions; as well as 4 invited talks, a panel and two Birds of a Feather sessions.

The Workshop will be held in Room 102 of Glasgow Hall.

Wednesday 5th June 2002

Sign-in & Coffee (Note: Due to security requirements participants must register in advance)
Welcome, Bret Michael, Workshop Chair
Invited Talk: Doug Tygar, University of California at Berkeley (Chair: Elisa Bertino)
  Title: Security Challenges in the Small
Specification & Analysis (Chair: Naftaly Minsky)
Obligation Monitoring in Policy Management (Slides)
Claudio Bettini, Sushil Jajodia, X. Sean Wang, Duminda Wijesekera
University of Milan, George Mason University

Utilising the Event Calculus for Policy Driven Adaptation on Mobile Systems (Slides)
Chrisos Efstratiou, Adrian Friday, Nigel Davies, Keith Cheverst
Lancaster University, University of Arizona

Delegation of Obligations (Slides)
Andreas Schaad, Jonathan Moffett
University of York
Policy Management in the Large (Chair: Bret Michael)
A Hierarchical Policy Specification Language and Enforcement Mechanism for Governing Digital Enterprises
Xuhui Ao, Naftaly Minsky, Thu Nguyen
Rutgers University
Originator Control in Usage Control
Jaehong Park, Ravi Sandhu
George Mason University
A Community Authorization Service for Group Collaboration
Laura Pearlman, Von Welch, Ian Foster, Carl Kesselman, Steven Tuecke
University of Southern California, University of Chicago, Argonne National Laboratory
Network Management I (Chair: Francisco Garcia)
Policy-based Management for ALAN-Enabled Networks (Slides)
Ognjen Prnjat, Ioannis Liabotis, Temitope Olukemi, Lionel Sacks, Mike Fisher, Paul McKee, Ken Carlberg, Gregorio Martinez
University College London, BTexact Technologies

PoP - An Automated Policy Replacement Architecture for PBNM (Slides)
Lisandro Granville, Gustavo Coelho, Maria Almeida, Liane Tarouco
Federal University of Rio Grande do Sull

Position Papers I (Chair: Edgar Sibley)

How Policy Empowers Business-Driven Device Management
John Strassner
Intelliden Corporation

A Policy Based Storage Management Framework
Murthy Devarakonda, Jack Gelb, Avi Saha, Jimmy Strickland
IBM Corporation
Policy Driven Data Administration
Vishal Batra, Jaijit Bhattacharya, Harish Chauhan, Ajay Gupta, Mukesh Mohania, Upendra Sharma
IBM India Research Lab, Indian Institute of Technology

Dynamically Extensible Policy Server and Agent
Yasusi Kanada
Hitachi IP Network Research Center


Position Papers II (Chair: Hanan Lutfiyya)

Cross-Domain Access Control via PKI
Grit Denker, Jonathan Millen, Yutaka Miyake
SRI International, KDDI R&D Laboratories Inc

  Revocation Schemes for Delegated Authorities
Babak Sadighi Firozabadi, Marek Sergot
Swedish Institute of Computer Science (SICS), Imperial College London


  Web-based Policy Deployment Management System
Hosoon Ku, Hee-Gweon Son, Janos Facsko, Jason Tyrell, Alan Haines
Ericsson Datacom Networks and IP Services

PEM3 - the Policy Enhanced Memory Management Model
Johan Andersson, Christian Jensen, Stefan Weber
Trinity College Dublin

Birds of a Feather Sessions (Parallel)
  Session 1: (Chair: Ed Feustel, Dartmouth College)
  The Security Contract - An Evolving Definition (Slides 1, Slides 2)
  Sesson 2: (Chair: Petre Dini, Concordia University & Cisco Systems Canada)
  Dynamic Policy-based Control in Distributed Networks

Thursday 6th June 2002

Invited Talk: Andrew Grimshaw, University of Virginia & Avaki Corporation (Chair: Morris Sloman)
  Title: Grid Computing: Beyond the Cluster
Access Control (Chair: Emil Lupu)
Meta-Policies for Distributed Role-Based Access Control Systems (Slides)
Andras Belokosztolszki, Ken Moody
University of Cambridge

A System to Specify and Manage Multipolicy Access Control Models (Slides)
Elisa Bertino, Barbara Catania, Elena Ferrari, Paolo Perlasca
University of Milan, University of Genova, University of Insubria


The Specification and Enforcement of Advanced Security Policies (Slides)
Tatyana Ryutov, Clifford Neuman
University of Southern California

Network Management II (Chair: Dinesh Verma)

An Adaptive Policy Based Management Framework for Differentiated Services Networks
Leonidas Lymberopoulos, Emil Lupu, Morris Sloman
Imperial College London

A Policy Based QoS Management System for the IntServ/DiffServ Based Internet
Appan Ponnappan, Lingjia Yang, Radhakrishna Pillai, Peter Braun
Kent Ridge Digital Labs, Siemens AG
A Policy-based Approach to Personalization of Communication over Converged Networks
Patricia Lago (Paper presented by Riccardo Scandariato)
Politecnico di Torino
Panel (Chair: Morris Sloman, Imperial College, London)

Title: Is a Universal Approach to Policy Specification and Deployment for Network and Security Management Feasible?
Tim Moses (Entrust Inc), Naftaly Minsky (Rutgers University), Andrea Westerinen (Cisco Inc), Dinesh Verma (IBM T.J. Watson Research Center)

Click here for details

Position Papers III (Chair: Andrea Westerinen)
A Multi-domain Security Policy Distribution Architecture for Dynamic IPsec VPN Management
Abdelmaleck Benzekri, François Barrère, Frédéric Grasset, Romain Laborde
UPS-IRIT Toulouse
Policy-Driven Access Control over a Distributed Firewall Architecture (Slides)
Theo Dimitrakos, Ivan Djordjevic, Brian Matthews, Juan Bicarregui, Chris Phillips
Rutherford Appleton Laboratory, Queen Mary College London

A Weakly Coupled Adaptive Gossip Protocol for Application Level Active Networks (Slides)
Ibiso Wokoma, Ioannis Liabotis, Ognjen Prnjat, Lionel Sacks, Ian Marshall
University College London

  Applying Trust Policies for Efficiently Protecting Mobile Agents Against DoS Attacks (Slides)
Biljana Cubaleska, Markus Schneider
University of Hagen, Institute for Secure Telecooperation Darmstadt

A Policy-based Infrastructure for the Dynamic Control of Agent Mobility (Slides)
Rebecca Montanari, Gianluca Tonti
University of Bologna

Monterey Bay Aquarium: Outer Bay Strolling Dinner

Friday 7th June 2002

9:00-10:00 Invited Talk: Peter Linington (University of Kent) (Chair: Jorge Lobo)
  Title: Enterprise Policies and Shrink-wrapped Systems (Slides)
Trust (Chair: Ravi Sandhu)

Requirements for Policy Languages for Trust Negotiation
Kent Seamons, Marianne Winslett, Ting Yu, Bryan Smith, Evan Child, Jared Jacobson, Hyrum Mills, Lina Yu
Brigham Young University, University of Illinois at Urbana-Champaign


Towards Practical Automated Trust Negotiation
William Winsborough, Ninghui Li
Network Associates Inc, Stanford University

Policies in Accountable Contracts (Slides)
Brian Shand, Jean Bacon
University of Cambridge

Policy 2002 Panel (Thursday 6th June)

Chair: Morris Sloman, Imperial College, London

Is a Universal Approach to Policy Specification and Deployment for Network and Security Management Feasible?

Tim Moses (Entrust Inc), Naftaly Minsky (Rutgers University), Andrea Westerinen (Cisco Inc), Dinesh Verma (IBM T.J. Watson Research Center)

Policy is being widely used in enterprises for defining strategies for quality of service management, storage backup, system configuration as well as security authorization and management. A typical enterprise has routers, firewalls, web-servers, databases and workstations, all with different techniques, and possibly some limited vendor-specific tool-support for specifying policy. Ideally, a common approach to specifying and deploying policy for all aspects of policy based management would permit a 'holistic' approach to defining and disseminating policies which reflect the overall strategy or goals of the organisation. A common, standard set of tools and techniques used throughout the enterprise would simplify analysis and reduce inconsistencies and conflicts in the policies deployed across the various components within the enterprise and allow policy exchange with external service providers.

However, as indicated by the diverse set of programming and scripting languages used within a typical large enterprise, the concept of universal programming language has never been successful. Why should a common approach succeed for policy specification and deployment?

There has been considerable activity in various standards bodies relating to specifying policies for network and systems management, security and role based access control (RBAC). The IETF and DMTF have been concentrating on information models for management policies, protocols for transferring policies to network devices and routing policies; NIST has been pushing an RBAC standard, the ODP activities have been proposing community objectives with roles, obligations and authorizations and the Oasis consortium are working on XML based specification of access control policies and authentication information. All these divergent 'standards' activities may generate incompatible policy-based solutions which cover a narrow field of application and prevent a common approach.

Standards organisations are very slow in trying to reach consensus. Often the outcome is a compromise between so many different entrenched positions, that it is technically cumbersome and very complex. Large vendors often provide tools that only support their own specific products. Independent policy tool suppliers may not have the resources to develop support for a wide range of products.

The panel will address the following issues:

How do we derive policies from business goals?

Is the concept of a universal approach to defining and deploying policy an unreachable 'holy-grail'?


Are management and security policies too different for a common approach?

Would a universal policy specification and deployment toolkit be too complex to be practical?
Do standards hinder the adoption of a common approach to Policy Based Systems?
Who will develop tools to support the common policy approach?
Will large-vendor approaches dominate the market or is there a place for start-ups?