Integrated Development Environment for Policies

1
Integrated Development Environment for Policies

• Anjali B Shah
• Department of Computer Science and Electrical
  Engineering
• University of Maryland Baltimore County

2
Presentation Outline

• Problem Description
• Related Work
• Thesis Contribution
• RIDE Framework
• RIDE Policy Toolkit
• Namespace Manager
• Policy Creation Interface
• Policy Test-case Creation Interface
• Future Work
• Conclusion

3
Problem Description

• Policy-based governing frameworks are being
  increasingly used in a wide range of systems
• These range from simple and static to
  increasingly complex, open, dynamic distributed
  environments
• There is not much work in policy development that
  meets the requirements of these wide range of
  policy-based environments

4
Problem Description (Cont.)

• Some of these requirements that outline features
  for policy management tools to support
• User-friendly and extensible interface
• Simplification of the inherently error-prone and
  complex policy creation process
• Ability to accommodate information spanning
  several domains
• Facility for group policy specification
• Ability to test policy conformance
• Support to facilitate dynamic policy modification

5
Related Work

• IBMs P3P Policy Editor
• Editor for EPAL Policy language
• Ponder Policy Management Toolkit
• KPAT The KAoS Policy Administration Toolkit
• Policy-Editor for KeyNote

6
Thesis Contribution

• Prior two iterations in UI development for
  policies
• RIDE (Rei Integrated Development Environment) A
  Wizard-based IDE for Policies. Comprises of
• Namespace Manager
• Policy Creation Interface
• Policy Test-case Creation Interface
• RIDE supports a unique combination of following
  features
• Policy creation about speech acts that are used
  for dynamic policy management
• Provision of support to test policy conformance

7
Thesis Contribution (Cont.)

• Ability to accommodate information spanning
  multiple domains by allowing the domain knowledge
  to be expressed using ontology languages
• Automation of the policy creation process by
  automatically generating user-defined policies in
  Rei
• Ability to express individual as well as group
  policies
• Ease of management of domain information by
  offering the option of namespace template
  creation
• User-friendly and extensible user interface

8
RIDE Framework

• Eclipse Framework
• RIDE is developed as a pluggable component of the
  Eclipse framework
• It uses Eclipse SWT, Jface API for UI development
• Jena Toolkit
• Rei Policy Specification Language
• Model-View-Controller Architecture
• Model Stores data for components in the GUI
• View Creates visual representation of the
  components
• Controller Updates model and/or view in response
  to user interactions with the GUI

9
RIDE Framework (cont.)
RIDE Framework based on MVC Architecture
PolicyRuleModel
PolicyNamespace
PolicyUnitTest
Updates
Notifies Contains
Interacts
Actor
Action
PolicyCreation
DL
Policy
10
RIDE Framework (cont.)

• PolicyRuleModel As per the MVC paradigm, this
  class represents the model in RIDE framework
• PolicyNamespace Represents integrated
  view-controller pair
• PolicyCreation Represents an integrated
  view-contoller pair and consists of following
  nested views
• Actor
• Action
• Deontic Literal
• Policy

11
RIDE Framework (cont.)

• PolicyUnitTest Represents an integrated
  view-controller pair and provides an interface
  with Rei Engine
• Behavior described by Observer Design Pattern
  exists between following pairs of views
• PolicyNamespace Actor
• PolicyNamespace Action
• Actor Action
• Actor Policy
• Action Policy
• PolicyNamespace PolicyUnitTest

12
Namespace Manager

• Namespace Manager supports the following features
  to facilitate domain information specification
• Pre-specified Domain Independent Information
• Furnishes necessary information about domain
  independent ontologies
• Namespace Templates
• Provides options to create and delete namespace
  domains, add to and remove from namespace domains
• Direct Namespace Loading
• Provides the option to enter namespace
  information without adding it to templates.

13
Namespace Manager (Cont.)
14
Namespace Manager (Cont.)
Template Creation using Namespace Manager
15
Namespace Manager (Cont.)
Namespace Addition to Template
16
Namespace Manager (Cont.)
Namespace Deletion from Template
17
Namespace Manager (Cont.)
Direct Namespace Loading
18
Policy Creation Interface

• Rule Creation Process
• Involves making selections in Rules section of
  Actor, Deontic Literal and Action tab pages
• Speech Act Creation Process
• First half of speech act creation is similar to
  rule creation process
• Second half requires users to make selections on
  Policy tab page
• Constraint Creation Process
• Involves making selections in Constraints
  section of Actor and Action tab pages

19
Rule Creation Process
Actor Selection for Rule Creation
20
Rule Creation Process (Cont.)
Modality Selection for Rule Creation
21
Rule Creation Process (Cont.)
Action Selection for Rule Creation
22
Rule Creation Process (Cont.)
Completion of Rule Creation Process
23
Policy Creation Interface (Cont.)

• Rule Creation Process
• Involves making selections in Rules section of
  Actor, Deontic Literal and Action tab pages
• Speech Act Creation Process
• First half of the process is similar to rule
  creation process
• Second half requires users-selections on Policy
  tab page
• Constraint Creation Process
• Involves making selections in Constraints
  section of Actor and Action tab pages

24
Speech Act Creation Process
First Step in Speech Act Creation Process
25
Speech Act Creation Process
Second Step in Speech Act Creation Process
26
Policy Creation Interface (Cont.)

• Rule Creation Process
• Involves making selections in Rules section of
  Actor, Deontic Literal and Action tab pages
• Speech Act Creation Process
• First half of speech act creation is similar to
  rule creation process
• Second half requires users to make selections on
  Policy tab page
• Constraint Creation Process
• Involves making selections in Constraints
  section of Actor and Action tab pages

27
Constraint Creation Process
Simple Constraint Creation Process
28
Constraint Creation Process
Booelan Constraint Creation Process
29
Policy Creation Interface (Cont.)

• Granting Object Creation Process
• Adds a constraint to an existing rule to form a
  new rule. Allows re-use of rules in different
  policies with varied constraints
• Policy Creation Process
• Entails prior creation of rules, constraints,
  speech acts, granting objects
• Allows individual as well as group policies to be
  created
• Has ability to create security, management and
  conversation policies
• Meta-policy Creation Process
• Creates meta-policies over policies that are
  found to be conflicting

30
Granting Object Creation Process
Granting Object Creation Process
31
Policy Creation Interface (Cont.)

• Granting Object Creation Process
• Adds a constraint to an existing rule to form a
  new rule. Allows re-use of rules in different
  policies with varied constraints
• Policy Creation Process
• Entails prior creation of rules, constraints,
  speech acts, granting objects
• Allows individual as well as group policies to be
  created
• Has ability to create security, management and
  conversation policies
• Meta-policy Creation Process
• Creates meta-policies over policies that are
  found to be conflicting

32
Policy Creation Process
Policy Creation Process
33
Policy Creation Interface (Cont.)

• Granting Object Creation Process
• Adds a constraint to an existing rule to form a
  new rule. Allows re-use of rules in different
  policies with varied constraints
• Policy Creation Process
• Entails prior creation of rules, constraints,
  speech acts, granting objects
• Allows individual as well as group policies to be
  created
• Has ability to create security, management and
  conversation policies
• Meta-policy Creation Process
• Creates meta-policies over policies that are
  found to be conflicting

34
Meta-policy Creation Process
Meta-policy Creation Process
35
Policy Creation Interface (Cont.)
Policy File Creation Process
36
Policy Creation Interface (Cont.)
Policy File showing Auto-generated OWL Code
37
Policy Test-case Creation Interface

• Provides an interface to create test-cases over
  policy files generated through the policy
  creation interface
• Verifies the correctness of individual test-cases
  (policy units/modules) to test policy conformance
• Interface with Rei Engine helps compute results
  for the test-cases

Policy File Verification for Correctness
38
Policy Test-case Creation Process
Policy Test-Case Creation Process
39
Policy Test-case Creation Process (Cont.)
Policy Test-Case Results
40
Future Work

• Some of the useful features that future work on
  RIDE can provide
• Extension of RIDEs interface to support creation
  and manipulation of domain related ontologies
• Extension of the interface to support a graphical
  domain browser to view relationships between
  policies for a given domain
• Ability to create and modify policies using such
  a browser that automatically detects
  inconsistencies arising among policies
• Provision for meta-policy creation to declare
  default behavior or priority between rules

41
Conclusion

• RIDE, the main contribution of this thesis,
  provides a user-friendly and extensible graphical
  user interface
• Provides support to test policy conformance
• Automates and simplifies the error-prone and
  complex policy creation process
• Provides options such as template creation to
  facilitate domain information specification
• Has the ability to create policies over specific
  instances or groups of actors and actions

42
Conclusion (Cont.)

• Being a plug-in extension of Eclipse gives it the
  advantage of being easily extensible, but cannot
  be used as a stand-alone application
• Supports no graphical interface for creating,
  modifying and browsing domain ontologies and
  browsing, modifying the policies created through
  the wizard
• Supports no automatic detection of conflicts that
  arise out of inconsistencies between policies