Skip to main content
SpringerLink
Log in

The Ponder Policy Specification Language

  • Conference paper
  • First Online:
Policies for Distributed Systems and Networks (POLICY 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1995))

Abstract

The Ponder language provides a common means of specifying security policies that map onto various access control implementation mechanisms for firewalls, operating systems, databases and Java. It supports obligation policies that are event triggered condition-action rules for policy based management of networks and distributed systems. Ponder can also be used for security management activities such as registration of users or logging and auditing events for dealing with access to critical resources or security violations. Key concepts of the language include roles to group policies relating to a position in an organisation, relationships to define interactions between roles and management structures to define a configuration of roles and relationships pertaining to an organisational unit such as a department. These reusable composite policy specifications cater for the complexity of large enterprise information systems. Ponder is declarative, strongly-typed and object-oriented which makes the language flexible, extensible and adaptable to a wide range of management requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abrams, M.D. Renewed Understanding of Access Control Policies. In Proceedings of 16th National Computer Security Conference. 1993. Baltimore, Maryland, U.S.A.

    Google Scholar 

  2. Chen, F. and R.S. Sandhu. Constraints for Role-Based Access Control. In Proceedings of First ACM/NIST Role Based Access Control Workshop. 1995. Gaithersburg, Maryland, USA, ACM Press.

    Google Scholar 

  3. Chess, D.M., Security Issues in Mobile Code Systems, in Mobile Agents and Security, G. Vigna, Editor. 1998, Springer. p. 256.

    Google Scholar 

  4. Clark, D.D. and D.R. Wilson. A Comparison of Commercial and Military Computer Security Policies. In Proceedings of IEEE Symposium on Security and Privacy. 1987

    Google Scholar 

  5. Damianou, N., N. Dulay, E. Lupu, and M. Sloman. Ponder: A Language for Specifying Security and Management Policies for Distributed Systems. The Language Specification-Version 2.2. Research Report DoC 2000/1, Imperial College of Science Technology and Medicine, Department of Computing, London, 3 April, 2000.

    Google Scholar 

  6. Distributed Management Task Force, Inc. (DMTF), Common Information Model (CIM) Specification, version 2.2, available from http://www.dmtf.org/spec/cims.html, June 14, 1999.

  7. Goh, G. Policy Management Requirements, System Management Department, HP Laboratories Bristol, April, 1998.

    Google Scholar 

  8. Hegering, H.-G., S. Abeck, and B. Neumair, Integrated Management of Network Systems: Concepts, Architectures and Their Operational Application, 1999: Morgan Kaufmann Publishers.

    Google Scholar 

  9. Hewlett-Packard Company, A Primer on Policy-based Network Management, OpenView Network Management Division, Hewlett-Packard Company, September 14, 1999.

    Google Scholar 

  10. Hoagland, J.A., R. Pandey, and K.N. Levitt. Security Policy Specificaton Using a Graphical Approach. Technical report CSE-98-3, UC Davis Computer Science Department, July 22, 1998.

    Google Scholar 

  11. Internet Engineering Task Force, Policy Working Group http://www.ietf.org/html.charters/policy-charter.html

  12. Jajodia, S., P. Samarati, and V.S. Subrahmanian. A Logical Language for Expressing Authorisations. In Proceedings of IEEE Symposium on Security and Privacy. 1997, pp.31–42

    Google Scholar 

  13. Lobo, J., R. Bhatia, and S. Naqvi. A Policy Description Language. In Proc. of AAAI, July 1999. Orlando, Florida, USA

    Google Scholar 

  14. Lupu, E.C., and M. Sloman. Conflicts in Policy-Based Distributed Systems Management. IEEE Trans. on Software Engineering, 25(6): 852–869 Nov.1999.

    Article  Google Scholar 

  15. Lupu, E.C. A Role-Based Framework for Distributed Systems Management. Ph.D. Thesis, Department of Computing, Imperial College, London, U. K.

    Google Scholar 

  16. Lupu, E.C. and M.S. Sloman, Towards a Role Based Framework for Distributed Systems Management. Journal of Network and Systems Management, 1997b. 5(1): p. 5–30.

    Article  Google Scholar 

  17. Mahon, H. Requirements for a Policy Management System. IETF Internet draft work in progress, Available from http://www.ietf.org, 22 October 1999.

  18. Marriott, D.A. Policy Service for Distributed Systems. Ph.D. Thesis, Department of Computing, Imperial College, London, U. K.

    Google Scholar 

  19. Miller, J., HELP! How to specify policies?, Unpublished paper, available electronically from http://enterprise.shl.com/policy/help.pdf

  20. Moore, B., J. Strassner, and E. Ellesson, Policy Core Information Model VI, IETF Internet draft, Available from http://www.ietf.org, May 2000.

  21. Ortalo, R. A Flexible Method for Information System Security Policy Specification. In Proceedings of 5th European Symposium on Research in Computer Security (ESORICS 98). 1998. Louvain-la-Neuve, Belgium, Springer-Verlag.

    Google Scholar 

  22. Rational Software Corporation, Object Constraint Language Specification, Version 1.1, Available at http://www.rational.com/uml/, September 1997.

  23. Sandhu, R.S. and P. Samarati, Authentication, Access Control, and Intrusion Detection. Part of the paper appeared under the title “Access Control: Principles and Practice” in IEEE Communications, 1994. 32(9): p. 40–48.

    Article  Google Scholar 

  24. Sandhu, R.S., E.J. Coyne, H.L. Feinstein, and C.E. Youman, Role-Based Access Control Models. IEEE Computer, 1996. 29(2): p. 38–47.

    Google Scholar 

  25. Sloman, M. and K. Twidle, Domains: A Framework for Structuring Management Policy. Chapter 16 in Network and Distributed Systems Management (Sloman, 1994ed), 1994a: p. 433–453.

    Google Scholar 

  26. Sloman, M.S., Policy Driven Management for Distributed Systems. Journal of Network and Systems Management, 1994b. 2(4): p. 333–360.

    Article  Google Scholar 

  27. Sun Microsystems, Inc., Java Management Extensions Instrumentation and Agent Specification, v1.0, December 1999.

    Google Scholar 

  28. Virmani A., J. Lobo, M. Kohli. Netmon: Network Management for the SARAS Softswitch, IEEE/IFIP Network Operations and Management Symposium, (NOMS2000), ed. J. Hong, R., Weihmayer, Hawaii, May 2000, pp803–816.

    Google Scholar 

  29. Weis, R. Policy Definition and Classification: Aspects, Criteria and Examples. In Proceedings of IFIP/IEEE International Workshop on Distributed Systems: Operations & Management. 1994a. Toulouse, France.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computing, Imperial College, 180 Queen’s Gate, SW7 2BZ, London

    Nicodemos Damianou, Naranker Dulay, Emil Lupu & Morris Sloman

Authors
  1. Nicodemos Damianou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Naranker Dulay
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Emil Lupu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Morris Sloman
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Imperial College, 180 Queen’s Gate, SW7 2BZ, London, UK

    Morris Sloman  & Emil C. Lupu  & 

  2. Bell Labs, 600 Mountain Ave., Murray Hill, 07974, NJ, USA

    Jorge Lobo

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Damianou, N., Dulay, N., Lupu, E., Sloman, M. (2001). The Ponder Policy Specification Language. In: Sloman, M., Lupu, E.C., Lobo, J. (eds) Policies for Distributed Systems and Networks. POLICY 2001. Lecture Notes in Computer Science, vol 1995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44569-2_2

Download citation

  • DOI: https://doi.org/10.1007/3-540-44569-2_2

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-41610-4

  • Online ISBN: 978-3-540-44569-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation