Dynamic and adaptive policy models for coalition operations - - PowerPoint PPT Presentation

dynamic and adaptive policy models for coalition
SMART_READER_LITE
LIVE PREVIEW

Dynamic and adaptive policy models for coalition operations - - PowerPoint PPT Presentation

May 31, 2023 474 likes •608 views

Dynamic and adaptive policy models for coalition operations Seraphin B. Calo Overview Goal: develop approaches and mechanisms for policy based management that enable autonomy in the operation of the constituent elements of the coalition system

slide-1
SLIDE 1

Dynamic and adaptive policy models for coalition

  • perations

Seraphin B. Calo

slide-2
SLIDE 2

Overview

2 Goal: develop approaches and mechanisms for policy based management that enable autonomy in the operation of the constituent elements of the coalition system

Principal Topics

n Generative policy mechanisms: new policy

architectures in which elements can generate their policies under a loose set of guidance from a central coalition commander

n Algorithms that ensure consistency and

coherence in the operation of generative policy based systems

n Security and resource management: apply

the generative policy model to the management of coalition operations

Coalition Needs

n A dynamic, secure and resilient information

infrastructure that conforms to the policies

  • f each coalition member

n Autonomous operations within the bounds

  • f collaborative pursuit of common goals

n Understand human issues that impact

policy definition and enforcement

Policy: a set of considerations designed to guide decisions on courses of action

slide-3
SLIDE 3

Traditional Management Model

3

Managed Device Managed Device Managed Device Human Operator Alerts, logs Manual config Handled by System Management System Auto-config

A set of managed devices connected to a management system by a communication network

  • Managed devices are given configuration

information by the management system

  • Operational information (e.g., alerts or logs) are

provided by the managed device to the management system

  • Management system would have a set of

algorithms/policies/rules to deal with the set of alerts and logs that are processed In order to handle an alert or log, the system may decide to send a reconfiguration command to the managed device

  • Syntax and semantics of alerts, logs and configurations are determined by the domain of

management, e.g., fault management, security management, performance management etc.

  • When the system is not able to deal with the alerts or logs the human operator intervenes

to deal with the situation, diagnoses the underlying cause, and then reconfigures the system to react to the unexpected situation

slide-4
SLIDE 4

Policy Based Management

4

Policy Refinement (PRF) Policy Decision Point (PDP) Policy Enforcement Point (PEP) Human View

  • f Policies

Configuration Alerts/Logs Machine View

  • f Policies
  • Human operator provides an objective for the

managed device

  • Management system translates objectives into a

machine view of policy through the process of refinement or transformation

  • Policies are declarative, Event-Condition-Action

(ECA) rules

  • Managed devices contain policy enforcement points (PEP) for externalizing decisions
  • When a situation requiring a decision arises, the relevant PEP converts it into a request to a policy

decision point (PDP)

  • PDPs access the set of policies relevant to the decision that needs to be made
  • Policies determine the decision based on the managed device and its current state
  • PDP informs the PEP what actions to take
  • PEP can then change the system configuration to react to the environment

Policies capture desired behaviors DMTF/IETF Policy Model

slide-5
SLIDE 5

Evolution of Policy Based Management

5

PEP PRF PDP Device Mgmt System PEP PRF PDP Device Mgmt System PEP PRFM PDP Device Mgmt System PRFD No Autonomy Policy based Autonomy Generative Policy based Autonomy

Elements of the policy infrastructure can be configured in different ways

  • PEPs are associated with managed resources and will usually be co-located with them
  • Policy refinement process (PRF) will usually be embedded in the management system
  • PDPs could be embedded in the management system
  • Leads to more centralized management
  • PDP could be co-located with its associated PEPs in the managed environment
  • Supports distributed systems management configurations
  • Policies would be pushed to appropriate PDPs when they are specified or changed
  • System exhibits a greater degree of autonomic behavior

Generative paradigm splits refinement between management and managed systems

slide-6
SLIDE 6

Generative Policy Based Management

6

PRFM Device Mgmt System PRFD Interaction Graph PDP PEP Policies

  • PDP is embedded within the managed device
  • PDP gets its policies from the PRFD module that is

also embedded within the managed device

  • PRFM is responsible for sending the overall

coordination guidelines to the PRFD

  • PRFM provides two types of information to each PRFD
  • Representation of an interaction graph
  • Role of each PRFD in the interaction graph is defined by the PRFM
  • PRFM also associates a set of attributes with each link in the interaction graph
  • Link attributes indicate what information is available on that link

Generative Policy Model Information Flow

  • Interaction graph is an abstract description of the various entities within the environment that the PRFD

needs to interact with

  • It is defined as a relationship between entities in different roles, not as an exhaustive listing of all the

different devices in the system.

Interaction Graph

slide-7
SLIDE 7

Example: Secure Access

7

Packet Firewall Web Server SSH Server Document Server

  • Document server contains a set of documents, some of

which are considered sensitive

  • Set of users have access to sensitive documents
  • Can be accessed either using a web-based server or

via a secure shell based system

  • Packet filtering firewall is provided to safeguard access to

both the web-based server and the SSH server

Maintaining secure access to documents

  • Human administrator manually configures filtering and access control policies for the firewall, web-

server, secure shell server and the document server

  • Ports on the firewall need to be configured to allow access to the web server

⎻ If web-server employs a moving target defense, it changes its port for the web-server regularly ⎻ Configuration of the firewall needs to be repeated manually every-time such a change occurs

Current Practice

slide-8
SLIDE 8

Example: Secure Access (Generative)

8

Packet Firewall Web Server SSH Server Document Server

N P D

Global Interaction Graph

N P D N P D N P P D

Address, Port User Id

  • Human operator specifies access requirements for documents
  • Packet firewall, Web server, SSH server, and Document server

each derive their policies to comply with access requirements

  • If web-server switches its port as part of the moving target

defense, the packet firewall would automatically adjust its filtering policies accordingly

  • Three roles: network protection role(N), protocol protection role(P), document protection role(D)

⎻ Web server and SSH server are both in the protocol protection role, Document server is in the document protection role, and Firewall is in the network protection role

  • Attributes: entity in role D can provide User Ids to entity in role P, entity in role P can provide Address

and Port number to entity in role N

  • PRFD for each device receives the interaction graph

⎻ Discovers the other nodes that are associated with adjacent roles in the interaction graph ⎻ Gets the attribute values identified by the devices in those roles in the interaction graph ⎻ Generates its own set of policies to be used for its PDP

Generative Approach Component Interactions

slide-9
SLIDE 9

Software Defined Coalitions (SDC)

Coalition Operations

  • Members of a coalition establish dynamic communities of

interest (CoI) to accomplish joint missions

  • CoIs may also be formed in non-military contexts, e.g.

when different civilian agencies come together to deal with emergency situations (e.g., fires, hurricanes)

  • Coalition members retain their management policies, and

not all members may be trusted equally

IT Infrastructure

  • CoI assets come from the different coalition members
  • Many assets would be capable of significant processing power (e.g., drones, self-driving cars, robots, video cameras)

⎻ Each of these assets can run the PEP, PDP and the PRFD components of the generative architecture, and take decisions on their own

  • Coalition assets are subject to dual management
  • Must be able to deal with the instructions and commands from both managers
  • May have to work independently in a disconnected mode
  • A U.S. asset (e.g., drone) that is part of a coalition CoI initially needs to be prepared for participation by a U.S.
  • perator using a U.S. management system
  • The CoI commander needs to prepare them for the mission using the mission management system
  • During the mission, the assets may be operating without a connection to any management system
slide-10
SLIDE 10

SDC: Autonomic Authorization

Access Requirements

  • A CoI asset must be able to accept configuration and management commands from the CoI commander
  • The owning coalition member may want some constraints on how the asset may be used
  • During operations, assets from multiple coalition members may need to interconnect
  • Two stages: a connection stage and an authorization stage
  • For the connection stage, the shared secret approach can be used
  • Anyone attempting to connect must present proof that they know a shared secret
  • Shared secret is predefined and provided to all of the assets involved in the CoI

Generative Authorization

  • Assets will be given an interaction graph containing three roles: the mission commander role, a peer asset

role, and the designated role of the asset itself

  • Assuming that network addresses are used for access control and authorization, each of the links has an

attribute that specifies the network address of the peer on the link

  • Different assets connect with their peers by providing the right shared secret, then the access control

policies for each new connected peer can be generated automatically from the interaction graph

  • As the mission evolves, participants in the mission change, and higher level policies change, the policies

for the operation of the assets can be derived automatically

slide-11
SLIDE 11

Conclusions

  • We have examined the problem of enabling autonomic behavior in managed devices,

and enabling them to generate policies for their operations on their own

  • Policies are generated for each domain according to an interaction graph which is

provided by a management system, and which defines the scope of activities for the devices

  • We have given several examples of how these architecture can be used to generate

policies and achieve self-management in different contexts

  • The architecture provides a significant advancement over the current state of the art

in policy based management.

  • Several new directions remain to be explored
  • Algorithms for checking the validity and effectiveness of generated policies
  • Mechanisms for expressing global constraints
  • Application of the framework to different management domains to assess its

advantages Generative Policy Model for Autonomous Systems