University of Bologna • Oldest University in Europe (certainly the oldest medieval). Autonomous Pervasive Systems and the Policy • Born out of conflict: the papal- Challenges of a Small World! imperial rivalry, restrictions put by the church on learning and in particular on common law. Emil Lupu Imperial College London • Lack of protection of non “citizens” leads to the formation of guilds (“universitas”). Policy at Bologna • In essence a school of law. • Doctors who start lectures late or finish late must pay a fine. • A university ran by the students. Policy (Bologna University style): • Doctors who fail to attract at least 5 students are deemed Policies are for absent and fined. • Doctors elected by students. Large Systems • Doctors must pay a deposit • Curriculum must be agreed by before being allowed to leave the the students. city to ensure their return. • Curriculum must be divided into Peter Watson two-weekly puncta. Ideas: A history from Fire to Freud Phoenix Publ. 2005
Policies Policy Areas • Originally introduced to separate the strategy for resource allocation in OSs from the mechanisms controlling the resources. Network and R Levin et al.�Policy/Mechanism Separation in Hydra. 5th Symp. on Operating Business Rules SLAs Privacy Access Control and Systems Principles (SOSP), November 1975. Systems Security Management Management • Became popular in large centralised access control systems and Policy Workshop subsequently, in the early 90’s, for managing large networks and distributed Semantic Web Web-Services Data Centric Security 1999 systems. Enterprise • Policies apply to large sets of objects providing uniform configuration. Trust Distributed Object Multi-Agent Systems • Provide the means to automate adaptation across large systems Computing Negotiation Policies for Large Systems require Complex Policy Systems Examples: Ponder Java obligation Policy policies • Build on complex software infrastructure: CIM, LDAP , Storage, Databases, Source Java security Text Code Generator Editor Web-Services (WS-*), Grid-Environments, ... Scope/ Win2000 security Syntax Type IC Code Generator AST Analysis Analysis XML Syntax Semantic Code Generator ... Analyser Analyser (SableCC) Call Policy- Code Service to store • Systems are functionally separated. A function realised for the entire system CIM Assembler policy code in directory e.g., Authentication, Fault-Diagnostics, Accounting, ... Compiler Toolkit Policy Enforcement Analysis Object HypTree Browser Agents • Architectures are tightly coupled, making in difficult and laborious to add new enable enable Access Refinement Controllers elements. DiffServ (Authorisation Policies) Policy Dormant Domain Service Deleted edge router Management load unload Agents core network Loaded • Computational power is infinite (or almost). Components are always available London Front End (Obligation & disable network Refrain Policies) tr2 Enabled edge Policy Management Agent tr1 router Event Service Deployment OEOs • Policies are replacing human actions. 1 2 3 OPOs load, enable,.. enable,disable Roles, Rel register, ... RPOs 6 5 checkRefrains eventHandler eventEngine Paris inst inst network Management obligMethod Configuration 4 8 mstruct /london/tr1 = trafficT(op1, qos1) 7 2 REOs Access Controllers Structures Manager mstruct /paris/tr2 = trafficT(op1, qos2) enable,disable Enforcement ACs LDAP Server 9 checkRefrain
Lessons Policy Outset • Development intensive requiring numerous services that depend on many • Policy motivated by arguments of underlying systems and packages. Must be able to rely on commercial policy scale products ... which aren’t there. • Industry cannot deliver the • Difficult to maintain, distribute and demonstrate. Numerous queries received products and benchmarks about the Ponder toolkit were about LDAP installation and configuration. • Academics cannot deliver • Difficult to integrate with new techniques: planning, context, analysis, security convincing demonstrations and management ... • Restrict to theoretical work. • Policies replace human (administrator) led activity. Typically compared with scripting and ad-hoc human-driven solutions. Poor short term ROI. • Small proof of concept for Need to provide “advantage”: analysis, refinement and validation. individual techniques. Need to provide benchmarking and proof of scale up. Cardiac Monitoring UbiMon Body Sensor Node Secondary unit Primary unit Autonomous Pervasive Systems Sensors RF Control ... at any scale Control RF Power Battery Signal conditioning Antenna Antenna Tertiary unit/Central Server
The BSN platform Body Area Networks for eHealth • Implanted and wearable sensors: - TinyOS Heart monitoring, blood-pressure, - Ultra low power 16 bit processor oxygen saturation, etc. - 64KB + 256KB Flash memory - 6 analog channels • Continuous monitoring of - IEEE 802.15.4 (Zigbee) wireless link physiological condition e.g., cardiac arrhythmia. • Maintenance of chronic conditions: heart deficiencies, diabetes mellitus, chronic anaesthesia • Incremental drug delivery. Context dependent drug delivery. • Remote interrogation Body Area Networks • Alert for emergency interventions. Requirements Policy-based closed adaptation loop • Continuous adaptation: • Low-coupling Events • sensor failures, new sensors and • Support for Interactions Events Monitor diagnostic units • peer-to-peer interactions • changes in user activity and between devices Manager context Agent • composition between • changes in the patient’s medical subsystems Managed condition Objects Control Decisions • federation between collections actions • interactions with other devices of devices Policies in different environments: home, • Decision making: goal-driven, (auth) hospital, GP clinic heuristics, utility • Minimal resource (power) New functionality Policies • Learning: classification, statistical, consumption (oblig/ECAs) declarative • No administrator interactions
Policies in Healthcare Environments The Controller: Gumstix • Obligations define which operations need to be performed when certain • 200-400MHz (Intel XScale PXA255) events occur. Event-Condition-Action Rules 16 MBFlash Bluetooth • Authorisations define which operations are permitted and under which circumstances. • Expansion boards: Wifi, Eth, Cf or MMC, audio, GPS • Other policy types: Membership management, Information Filtering, Trust Management, Delegation, Negotiation, etc. • Linux 2.6 • Policies applied to different functional areas: device and service discovery, device configuration, authentication and authorisation, privacy, • GCC, JamVM and other collaborations, ... development tools • 802.15.4 through connected BSN Autonomous Unmanned Vehicles Building Integration • Each vehicle is • Can aggregate • Instrumentation • Interactions with an autonomous and collaborate of in-door persons (and collection of in fleets of environments: their personal managed autonomous multimedia, area networks) devices with vehicles assisted living for different the elderly • Composition and functional • Must interact federation that capabilities with external • Discovery and follows: physical environment autonomy across space, functional • Must be nested space extensible to collections of different sensors devices and modules
Recommend
More recommend
