Policy Conflict Analysis in Distributed System Management

Accepted versio

Time as a guide to cause

How do people learn causal structure? In two studies we investigated the interplay between temporal order, intervention and covariational cues. In Study 1 temporal order overrode covariation information, leading to spurious causal inferences when the temporal cues were misleading. In Study 2 both temporal order and intervention contributed to accurate causal inference, well beyond that achievable through covariational data alone. Together the studies show that people use both temporal order and interventional cues to infer causal structure, and that these cues dominate the available statistical information. We endorse a hypothesis-driven account of learning, whereby people use cues such as temporal order to generate initial models, and then test these models against the incoming covariational data

Where next for the Liberal Democrats?

Labour’s predicament is difficult, but it is the Liberal Democrats who face an existential crisis. What then should the Lib Dems do next? The overriding priority must be to restore trust in the party, writes Peter Sloman

Activation or redistribution? The mystery of tax credits

The latest row over welfare cuts has focussed attention on the merits and limitations of the tax credits system which Gordon Brown put in place almost twenty years ago. Peter Sloman examines why tax credits are so controversial and how the debate has been obscured for so long

Policy based roles for distributed systems security

Distributed systems are increasingly being used in commercial environments necessitating the development of trustworthy and reliable security mechanisms. There is often no clear informal or formal specification of enterprise authorisation policies and no tools to translate policy specifications to access control implementation mechanisms such as capabilities or Access Control Lists. It is thus difficult to analyse the policy to detect conflicts or flaws and it is difficult to verify that the implementation corresponds to the policy specification. We present in this paper a framework for the specification of management policies. We are concerned with two types of policies: obligations which specify what activities a manager or agent must or must not perform on a set of target objects and authorisations which specify what activities a subject (manager or agent) can or can not perform on the set of target objects. Management policies are then grouped into roles reflecting the organisation..

Adaptive self-management of teams of autonomous vehicles

Unmanned Autonomous Vehicles (UAVs) are increasingly deployed for missions that are deemed dangerous or impractical to perform by humans in many military and disaster scenarios. Collaborating UAVs in a team form a Self- Managed Cell (SMC) with at least one commander. UAVs in an SMC may need to operate independently or in sub- groups, out of contact with the commander and the rest of the team in order to perform specific tasks, but must still be able to eventually synchronise state information. The SMC must also cope with intermittent and permanent communication failures as well permanent UAV failures. This paper describes a failure management scheme that copes with both communication link and UAV failures, which may result in temporary disjoint sub-networks within the SMC. A communication management protocol is proposed to control UAVs performing disconnected individual operations, while maintaining the SMCs structure by trying to ensure that all members of the mission regardless of destination or task, can communicate by moving UAVs to act as relays or by allowing the UAVs to rendezvous at intermittent intervals. Copyright 2008 ACM.Accepted versio

Security policy refinement using data integration: a position paper.

In spite of the wide adoption of policy-based approaches for security management, and many existing treatments of policy verification and analysis, relatively little attention has been paid to policy refinement: the problem of deriving lower-level, runnable policies from higher-level policies, policy goals, and specifications. In this paper we present our initial ideas on this task, using and adapting concepts from data integration. We take a view of policies as governing the performance of an action on a target by a subject, possibly with certain conditions. Transformation rules are applied to these components of a policy in a structured way, in order to translate the policy into more refined terms; the transformation rules we use are similar to those of global-as-view database schema mappings, or to extensions thereof. We illustrate our ideas with an example. Copyright 2009 ACM