a goal-based approach to policy refinement

A Goal-based Approach toPolicy Refinement

Arosha K Bandara, Emil C Lupu, Alessandra RussoDepartment of Computing, Imperial College London, UK

Jonathan MoffettDepartment of Computer Science, University of York, UK

POLICY 2004: 7-9 June 2004IBM TJ Watson Research Laboratory, NY

(c) DoC, Imperial College London, 2004

Motivation

P1

P2

P4

P3

Policy • Flexible

• Adaptable

• Scalable

Policies need to be correct, complete and valid Analyse policies to detect inconsistencies;

Derive policies from high-level requirements and system description

Objects

ActionsPolicy

Refinement

• Cassasa-Mont et al., “Policy Refinement Wizard”;• Various, “Domain/Role hierarchy traversal”

Events

Constraints

1


Refined

Policies

Analysis Framework

Property checks

Behavioural model of managed objects

Policy specification

Errors + Conflicts

Organisational model of managed objects

Ponder Language

• Supports relevant policy types

• Easy to use high-level policy language

State Charts

• Widely used notation.

• Easily translated into formal representation.

Domain Hierarchy

• Flexible approach that supports roles/relations.

• Part of Ponder framework.Logic Rules

• Suitable for interactionwith formal representation.

Goals Bandara et al., “Using Event Calculus to Formalise Policy Specification and Analysis”, POLICY 2003, Lake Como, June 2003

3

Low-level

Actions

Event Calculus

• Well understood formalism.

• Models event-driven systems.

• Use deduction for simple property checks

• Use abductive reasoning to deriveexplanations for property violations.


The Big Picture – An Example

Research

9.0.0.0/16

Router 3Core

8.0.0.0/16

Router 4ServerSite

12.0.0.0/16

Accounting

11.0.0.0/16Engineering

10.0.0.0/16

Router 1 Router 2

CICS

eComm

...

G5 – Traffic to Web Services

Applications on eComm

Server (tfcG5) get Gold QoS at peak time...

SLA Goal12.0.0.3

12.0.0.2

8.0.0.4

8.0.0.2

11.0.0.2

8.0.0.1

10.0.0.1

9.0.0.38.0.0.3

Verma D. C.,“Policy Validation and Translation Algorithms” in “Policy-based Networking”

on admit(webSvcTraffic)subject s = /DiffServManagertarget t = /routers/do t.setDSCP(DSCP) t.setMeter(Meter) t.setRateLimit(Limit) ...

SrcIP SrcPort TCP/UDP DestIP DestPort PHB RateLimit Overflow * * TCP 12.0.0.3 80 EF 10Mbps BestEffort12.0.0.3 * TCP * * EF 10Mbps BestEffort...

2


The Approach

Assign Resp.

SY

SR

EQ

GO

AL

SS

YS

TE

M C

OM

PO

NE

NT

S

Properties

Behaviour

Properties

Behaviour

Properties

Behaviour

Van Lamsweerde A., Darimont R. et al.,“Goal-directed Requirements Elaboration”

Goals

Objects / Ops

KAOS

Operational Goal

4


Properties

Behaviour

Properties

Behaviour

The Approach

Operational Goal

Assign Resp.

SY

SR

EQ

GO

AL

SS

YS

TE

M C

OM

PO

NE

NT

S

GX

GX2GX1

SX

SX1

ABDUCTION

SX2

ABDUCTION

AB

DU

CT

ION

Kelly T., et al.,“Goal Structured Notation (GSN)”

Goals

Objects / Ops

KAOS

5


Example - Revisited

int routerID

setDSCP(DSCP)

setMeter(Meter) setInRate(InRate)setScheduler(Scheduler)setOverflow(OF)

setOutRate(OutRate)

DiffServRouter

state(R, dscp, DSCP)

state(R, meterType, Meter)

state(R, rateLimit, InRate)

state(R, ofp, OF)

state(R, sched, Sched)

state(R, outRate, OutRate)

R.setDSCP(DSCP)

R.setMeter(Meter)

R.setInRate(InRate)

R.setOverflow(OF)

R.setScheduler(Sched)

R.setOutRate(OutRate)

6

Research

9.0.0.0/16

Router 3Core

8.0.0.0/16

Router 4ServerSite

12.0.0.0/16

Accounting

11.0.0.0/16Engineering

10.0.0.0/16

Router 1 Router 2

CICS

eComm

12.0.0.3

12.0.0.2

8.0.0.4

8.0.0.2

11.0.0.2

8.0.0.1

10.0.0.1

9.0.0.38.0.0.3 ...

G5 – Traffic to Web Services Applications on eComm

Server (tfcG5) get Gold QoS at peak time...

SLA Goal


Example – Goal Elaboration

admit(pkt, tfcG5) qos(pkt, gold)

7

P Q

P R R Q

routed(pkt, router, tfcG5) qos(pkt,gold)

admit(pkt, tfcG5) routed(pkt, router, tfcG5)

configured(pkt, router, gold) qos(pkt, gold)

routed(pkt, router, tfcG5) configured(pkt, router, gold)


state(r, dscp, parms.DSCP)

state(r, meter, parms.meterType)

state(r, inRate, parms.inRate)

state(r, ofp, parms.overflow)

state(r, outRate, parms.outRate)

calculatedParms(router, parms)

parmsSet(router, parms)

configured(pkt, router, gold)

routed(pkt, router, tfcG5)

Example – Goal Elaboration (contd.)admit(pkt, tfcG5) qos(pkt, gold)

provideQoS(gold)

config(router, gold)

r.setDSCP(dscp);

r.setMeter(meter);

r.setInRate(inRate);

….

8


Example – Goal Elaboration (contd.)

classifier(router, parms.DSCP)

meter(router, parms.meterType)

inRate(router, parms.inRate)

overflow(router, parms.overflow)

outRate(router, parms.outRate)

calculatedParms(router, parms)

parmsSet(router, parms)

configured(pkt, router, gold)

routed(pkt, router, tfcG5)

admit(pkt, tfcG5) qos(pkt, gold)

provideQoS(gold)

config(router, gold)

r.setDSCP(dscp);

r.setMeter(meter);

r.setScheduler(inRate);

….

9

???

2: Elaborate Goals Further

2: Extend System Description

1: Use Abstract Strategy


Strategies and Policies

S1 S2P1: { ... do S1 ...}

P2: { ... do S2 ...}

S1(x)

P1: { ... do S1 ...}

P2: { ... do S2 ...}

P3: { ... do S3 ...}

S1(y)

P1: { ... do S1(x) ...}

P2: { ... do S1(y) ...}

DIS

JOIN

TD

ISJO

INT

GO

AL

SG

OA

LS

MU

LT

IPL

EM

UL

TIP

LE

ST

RA

TE

GIE

S S

TR

AT

EG

IES

PA

RA

ME

TE

RIS

ED

PA

RA

ME

TE

RIS

ED

ST

RA

TE

GIE

SS

TR

AT

EG

IES

S1 S2 S3

10


Elaborate

Abduce

Pulling it together …

11

High-LevelPolicy

AB C

D

E

On admission of tfcG5 packet, (Event) if during peak times (Condition) ensure it receives gold QoS (Goal)

P Q

P R R Q

Patterns

On admitPkt(tfcG5) when time.between(“9:00”, “17:00”) subject s = /DiffServManager/; target t = /routers/; do t.setDSCP(dscp) t.setMeter(meter) ...

Objects

StrategyStrategyStrategyMap

Sel

ect

Sel

ect


Summary

• Goal elaboration provides a mechanism, supported by formal techniques, for deriving low-level system goals.

• Strategy, the set of actions that will achieve a given goal.

• Abductive reasoning can be used to identify strategies.

• Strategies can be used to specify the action clauses of the refined policies.

• High-level notations, e.g. UML, can be used to hide details of formal techniques from the user.

12


Future Directions

• Integrate this approach with the object refinement techniques identified previously [Bandara 2003].

• Develop techniques for Event/Constraint refinement.

• Develop tool support for the overall method.

• Evaluate by applying to real scenarios.

13

[Bandara 2003] Bandara et al., “Using Event Calculus to Formalise Policy Specification and Analysis”,

In Proceedings of POLICY 2003, Lake Como, June 2003


Emil LupuAlessandra Russo Jonathan Moffett

Morris Sloman Naranker Dulay

Thank You !

Questions?

END

a goal-based approach to policy refinement

Documents

imperial college london

nyc doc

gold7c doc

policies10c doc

example revisited6c

requirements elaboration4c

policy validation

example goal elaboration