Dynamic policy enforcement in JBI information management services with the KAoS Policy and Domain Services

Justin Donnelly, Jacob Madden, Alden Roberts, Matthew Greenberg, Jeffrey Bradshaw, Andrzej Uszok, Raja Suresh
2007 Defense Transformation and Net-Centric Systems 2007  
English-language policies about the desired behavior of computer systems often suffer from translation errors when implemented with a proliferation of low-level rules governing access control, resource allocation and configuration. To solve this, Dynamic Policy Enforcement systems replace these low-level rules with a relatively small number of semantically grounded, machine-understandable policy statements. These statements use domain terms defined in an ontology that are formally defined so
more » ... t they can be enforced by the system but also meaningful to human administrators to ensure that they accurately represent organizational policies. In this paper, we describe the application of one such Dynamic Policy Enforcement system, KAoS, to the control of distributed, information-management services defined by the Air Force Research Laboratory's Joint Battlespace Infosphere (JBI) program. Our research allows administrators to define the desired behavior of the participants in the system, both human and software, with one collection of well defined policies. As a result, a single set of tools for the definition, analysis, control, and monitoring of policy can be used to implement access control, service configuration, and service delivery prioritization.
doi:10.1117/12.720702 fatcat:7a7ldnasxrbm5jevekql6w63ka