Finite State Transducers for Policy Evaluation and Conflict - - PowerPoint PPT Presentation

finite state transducers for policy evaluation and
SMART_READER_LITE
LIVE PREVIEW

Finite State Transducers for Policy Evaluation and Conflict - - PowerPoint PPT Presentation

Oct 24, 2023 213 likes •432 views

Finite State Transducers for Policy Evaluation and Conflict Resolution Javier Baliosian and Joan Serrat Universitat Politcnica de Catalunya Spain Network Management Group jbaliosian@tsc.upc.es 1 Motivation A policy conflict occurs

slide-1
SLIDE 1

1

Finite State Transducers for Policy Evaluation and Conflict Resolution

Javier Baliosian and Joan Serrat Universitat Politècnica de Catalunya – Spain Network Management Group jbaliosian@tsc.upc.es

slide-2
SLIDE 2

2

Motivation

A policy conflict occurs when the conditions of two or more policy rules that apply to the same set of managed objects are simultaneously satisfied, but the actions of two or more of these policy rules conflict with each other. (Strassner)

  • We have been looking for a technology independent

model for conflict resolution in PBNM.

  • In fields such as speech recognition, quick decisions

based on ambiguous grammatical rules are required. They make use of Finite State Transducers (FSTs).

  • We propose an approach consisting of an adapted

subset of FST concepts with the aim of detecting and solving conflicting policy rules.

slide-3
SLIDE 3

3

Finite State Transducers

  • They are special automata for which, on each edge, there

are two labels instead of one.

  • Transducers can be seen as devices defining a class of

relations over strings of symbols.

  • Their implementations tend to have good performance.

2 1 1/0 0/0 1/1 0/1 1/1 0/0

Classic transducer representing division by 3

slide-4
SLIDE 4

4

Obligations

  • They are modeled as a graph with one edge only
  • The incoming label is the condition part
  • The outgoing label is the action
  • It must be added to the existing model with a union

d / k

1

if the user dials up then execute the action connect

slide-5
SLIDE 5

5

FST Operations

Operations on FSTs

  • Union
  • Intersection
  • Complement
  • Composition
  • Kleene closure
  • Determinization
  • In the general case, FSTs are not closed under

some of these operations, but

  • The restrictions required for the operations’

closure are compatible with PBNM.

slide-6
SLIDE 6

6

Determinization

2 3 4

e/f g/f i/j

1

a/c a/d

  • Determinzation is the actual conflict resolution process
  • It consists of leaving only one possible edge to choose in a

given node

  • For this algorithm, we replace the classic labels for

Tautness Functions.

  • We named the extended transducers as TFFSTs

Ambiguous transducer

slide-7
SLIDE 7

7

Tautness Functions

  • This is intended to represent how

“taut” a condition is around an event

  • Related to the concepts of

“distance” and “nested domains”

  • It assigns a real in [-1,1] to the

duple <condition,event>

c b a

A B

slide-8
SLIDE 8

8

Examples of TFs

  • The most straightforward example is when a domain is

“inside” another domain. B is tauter than A on the event e.

  • In PCIM we can count the number of elements in

PolicySetAppliesToElement association. The more elements there are, the less taut the condition.

e

B A

Policy A: All users are forbidden to reboot workstations. Policy B: The system administrators are authorized to reboot workstations. Event e: A system administrator is trying to reboot a workstation

slide-9
SLIDE 9

9

Determinization (cont'd)

2 3 4 e/f g/f i/j 1 a/c a/d

Before After

5 3 4 e →τ g / (c ∨ (c∧d)).f e ∧¬g / c.f i/j a/ε g ∧¬e / d.f e⇄τg / (c ∧ d).f ⊕ E g→τ e / (d ∨ (c∧d)).f

slide-10
SLIDE 10

10

TFFST Semantics in Policy-Based Management

  • Rights
  • Prohibitions
  • Obligations
  • Dispensations
  • Constraints
  • Conflict Resolution
slide-11
SLIDE 11

11

Rights

  • These are just an edge with the same label on both sides

and the identity flag on.

  • This means: Every time input is positive under “u,” then it

replicates the input on the output.

1

<u> /<u>

Example: Rule 1: The users are authorized to print

T1

slide-12
SLIDE 12

12

Identities on TFFSTs

  • Both labels on each edge of a transducer can be seen as a

condition that may be fulfilled by several events.

  • Identity is needed to reproduce exactly the input on the
  • utput.

1

u / u

1

<u>/<u> Any action that fulfills “u” may be produced The same incoming event is thrown as

  • utput if it fulfills

condition “u”

slide-13
SLIDE 13

13

Prohibitions

  • These are expressed as the substraction of a right

<r>/<r>

2 1

r / ¬r ¬r / ?

?/? ?/? [r]/[r] 1,2 0,0 <u ∧ r>/<u ∧ ¬ r> <u ∧ ¬ r>/<u>

T2

T1∩T2

1 <r>/<r>

Auxiliary right: Guest users are allowed to print

T2 T2 Complement

T1−T2 Example: Rule 1: The users are authorized to print (T1) Rule2: Guest users are forbidden to print

slide-14
SLIDE 14

14

Obligations

  • Obligations can be associated with more than one event

Example: Rule 1: if the user dials up (d in the figure) and the system sends the order of charge (c in the figure), then the connect action (k in the figure) should be executed. (Chomicki et al. example) 1

<d>/<d>

2

<c>/<c>k ?-c/?-c

slide-15
SLIDE 15

15

Dispensations

  • As in the case of prohibitions, dispensations should be

expressed as the intersection of the existing policy body with a transducer expressing the complement of an

  • bligation.

1

c / ¬a ¬c / ?

1

c / a c / a

2 1

c / ¬a ¬c / ? ? / ? ? / ?

Auxiliary obligation Obligation's complement Dispensation in an “all permitted” environment

slide-16
SLIDE 16

16

Constraints

  • Constraints must be composed after the model of policies.

<?-c>/<?-c> <e>/<e>

6 4 5 7

<e>/<e> <e>/<e>

1 1

<?-e>/<?-e> <?-c>/<?-c>

2

3

c/ε <?-e>/<?-e> <?-e>/<?-e> <e>/<e> <?-c>/<?-c> <?-c>/<?-c> <?-e>/<?-e> c/ ε <e>/<e> <?-e>/<?-e> c/ε <?-c>/<?-c> c/ ε

Rule 2: if an error (e in the figure)

  • ccurs, charge action should not be

triggered Rule 1: if the user dials up and the system sends the order of charge, then a connect action should be executed.

1 <d>/<d> 2 <c>/<c>k ?-c / ?-c

Example:

slide-17
SLIDE 17

17

Constraints (cont'd)

Example continuation: Composition of both transducers is

<?-e-c>/<?-e-c> <?-c>/<?-c> <c>/<c>k <e>/<e> <e>/<e> <d>/<d>

6 4 5 8 3 7

<e>/<e> <?-c>/<?-c> <e>/<e>

1

c/k <?-e-c>/<?-e-c> <?-c>/<?-c> c/k c/k c/k <?-e-c>/<?-e-c>

  • This TFFST is equivalent to the sequential evaluation of the

last two.

slide-18
SLIDE 18

18

The Overall Process

  • 1. Compute the union of all transducers representing

rights and obligations

  • 2. Subtract the transducers representing prohibitions

and dispensations

  • 3. Compose the resulting transducer with each

constraint transducer

  • 4. Determinize the resulting transducer to solve

conflicts

slide-19
SLIDE 19

19

Conclusions

  • A formal model based on a new entity called TFFST was

developed for conflict detection and resolution of modality conflicts and some dynamic conflicts by means of constraints.

  • Its operations do not solve problems that were not solvable

before but,

  • ur framework is designed to be efficient and independent of

technology.

  • Conflict resolution is carried out beforehand, and runtime

processes have a linear order on the amount of incoming events.

  • The model takes advantage of experience from other fields.
slide-20
SLIDE 20

20

Conclusions (cont'd)

  • Tautness Functions are an abstraction layer
  • They make the conflict resolution process as general as

possible.

  • From the point of view of the algorithms, they are

technology-independent.

  • They make it possible to deal with orthogonal conditions.
  • They are a research issue in themselves.
slide-21
SLIDE 21

21

Ongoing and Future Work

  • Modeling with weighted TFFSTs for explicit priorities.
  • Support for more than one PDP.
  • Scalability evaluation.
  • Development of practical network management related

Tautness Functions.

  • Rewriting of determinization algorithm.
  • Policy re-writing from TFFSTs must be researched.