Efficient enforcement of security policies in distributed systems

Alzahrani, Ali Mousa G.

January 2013

Policy-based management (PBM) is an adaptable security policy mechanism in information systems (IS) that confirm only authorised users can access resources. A few decades ago, the traditional PBM has focused on closed systems, where enforcement mechanisms are trusted by system administrators who define access control policies. Most of current work on the PBM systems focuses on designing a centralised policy decision point (PDP), the component that evaluates an access request against a policy and reports the decision back, which can have performance and resilience drawbacks. Performance and resilience are a major concern for applications in military, health and national security domains where the performance is desirable to increase situational awareness through collaboration and to decrease the length of the decision making cycle. The centralised PDP also represents a single point of failure. In case of the failure of the centralised PDP, all resources in the system may cease to function. The efficient distribution of enforcement mechanisms is therefore key in building large scale policy managed distributed systems. Moving from the traditional PBM systems to dynamic PBM systems supports dynamic adaptability of behaviour by changing policy without recoding or stopping the system. The SANTA history-based dynamic PBM system has a formal underpinning in Interval Temporal Logic (ITL) allowing for formal analysis and verification to take place. The main aim of the research to automatically distribute enforcement mechanisms in the distributed system in order to provide resilience against network failure whilst preserving efficiency of policy decision making. The policy formalisation is based on SANTA policy model to provide a high level of assurance. The contribution of this work addresses the challenge of performance, manageability and security, by designing a Decentralised PBM framework and a corresponding Distributed Enforcements Architecture (DENAR). The ability of enforcing static and dynamic security policies in DENAR is the prime research issue, which balances the desire to distribute systems for flexibility whilst maintaining sufficient security over operations. Our research developed mechanisms to improve the efficiency of the enforcement of security policy mechanisms and their resilience against network failures in distributed information systems.

005.1

Policy-based runtime tracking for e-learning environments

Alghamdi, Turki Mohammed K.

January 2013

The Virtual Learning Environment (VLE) is a form of e-learning environment that is becoming widely adopted in higher educational institutions and universities. The term “Tracking” in relation to an e-learning context is the learner’s observation process of any possible interaction with learning activities. Learning activities are a collection of objects designed within e-learning environments to support learners in better understanding and fulfilling the learning objectives during the learning process. A tracking tool is an essential tool fixed within e- learning environments. Most current VLEs (e.g. MOODLE and Blackboard) have utilized similar tracking functions, which aim at recording statistical data for each learner. The current e-learning environments are unable to track individual learning activities where the tracked information can be used to support and guide learners. In this thesis, we propose a policy-based runtime tracking system. Such a tracking system is implemented as an integral part of an e-learning environment (e.g. MOODLE). Our proposed approach does the following: 1) keeps track of and captures the learning activity events and learner interaction events within a learning activity; 2) enforces a set of policies at runtime that specify how to manage the learning activities and the way the learners behave during them; and 3) provides the learners with supportive feedback in a timely manner. We present a computational model which defines the behaviour of the system’s components and describes the tracking mechanism applied in our proposed approach. We designed architecture for our proposed approach with respect to the computational model. We present learning activity policies based on the ECA model to be enforced at runtime; this is done in response to the captured events about either the learning activities or the interactions of learners within the learning activities. A policy-based enforcement mechanism is proposed where learning activity policies are specified to support and guide learners to achieve the learning objective and thus to meet such requirements. Finally, we present a case study based on a current e-learning environment to evaluate our approach.

005.1

A methodological approach to policy refinement in policy-based management systems

Rubio Loyola, Javier

29 June 2007

En la actualidad se están realizando diversos esfuerzos para realizar la visión fu-turista de las redes de telecomunicación autogestionadas. La gestión basada en políticas ha sido reconocida como una herramienta potencial para habilitar esta visión. Mayorita-riamente, ésta técnica ha sido reconocida como proveedora de flexibilidad, adaptabilidad y soporte para asignar recursos, controlar Calidad de Servicio y seguridad, de una manera automática y de acuerdo a reglas administrativas. Adicionalmente, se ha considerado que la gestión basada en políticas proveería tal flexibilidad en tiempo de ejecución y como resultado de cambios en la red, interacciones entre usuarios, aplicaciones y disponibilidad de recursos. A pesar de enormes esfuerzos realizados con lenguajes de especificación de políticas, arquitecturas de gestión en diversos dominios y estandarización, la gestión ba-sada en políticas aún no es una realidad. Una de las razones para la reticencia en su utili-zación es la dificultad para analizar políticas que garanticen estabilidad en el sistema. Además de la problemática asociada a la gestión de conflictos entre políticas, otro obstá-culo para su utilización es la dificultad de derivar políticas ejecutables alineadas a objeti-vos administrativos o a otras políticas de alto nivel. Este último es el problema del refi namiento de políticas.Esta Tesis aborda el problema crítico de refinamiento de políticas. Damos una vi-sión completa del proceso de refinamiento, desde el análisis formal hasta su realización práctica, identificando los elementos que intervienen en cada paso de tal proceso. Inicialmente, proponemos un marco de trabajo para refinamiento de políticas ba-sado en Lógica Lineal Temporal, una lógica estándar que permite el análisis en sistemas reactivos. Esta técnica es utilizada para representar políticas a diferentes niveles jerár-quicos de abstracción. Acto seguido desarrollamos mecanismos que habilitan la obten-ción de políticas ejecutables a partir de ciertos requerimientos mediante la utilización de técnicas de exploración de estados basados en Lógica Lineal Temporal. Adicionalmente, aclaramos e identificamos las actividades y tareas de gestión de las partes administrativas durante el ciclo de vida de un sistema de gestión basado en políticas, desde la perspectiva del proceso de refinamiento de políticas. Esta Tesis presenta también directrices para abordar el proceso de refinamiento de políticas en contextos de gestión de red. Damos un paso adelante en la materialización de este proceso mediante la utilización de propiedades estructurales inherentes a sistemas de gestión de red. Proveemos, en fin, una metodología para aplicar los conceptos introduci-dos en el marco de trabajo desarrollado en esta Tesis en sistemas de gestión de red. En esta Tesis también realizamos un proceso de refinamiento de políticas com-pleto. Detallamos la realización de tal proceso en una solución exitosa de gestión basada en políticas. Tomando como base el dominio de Gestión de Calidad de Servicio, aclara-mos y presentamos las implicaciones del problema de refinamiento en este dominio de aplicación. / Current research efforts are being directed to commit with the long-term view of self management properties for telecommunications networks. One of the key approaches that have been recognised as an enabler of such a view is policy-based management. Pol-icy-based management has been mostly acknowledged as a methodology that provides flexibility, adaptability and support to automatically assign network resources, control Quality of Service and security, by considering administratively specified rules. The hype of policy-based management was to commit with these features in run-time as a result of changeable network conditions resulting from the interactions of users, applications and existing resources. Despite enormous efforts with policy languages, management archi-tectures using policy in different application domains, standardisation and industrial ef-forts, policy-based management is still not a reality. One reason behind the reticence for its use is the difficulty to analyse policies that guarantee configuration stability. In addi-tion to policy conflict analysis, a key issue for this reticence is the need to derive en-forceable policies from high level administrative goals or from higher level policies, namely the policy refinement process.This Thesis deals with the critical nature of addressing the policy refinement problem. We provide a holistic view of this process, from formal analysis to its practical realisation, identifying the key elements involved in each step of such critical process. We initially propose a policy refinement framework relying on Linear Temporal Logic (LTL), a standard logic that allows analysis of reactive systems. Based on the for-mer logic, we lay down the process of representing policies at different levels of abstrac-tion. Following on with this, we develop the mechanisms that enable the abstraction of enforceable policies from hierarchical requirements in a fully automatic manner, making use of Linear Temporal Logic based state exploration techniques. In addition, we clarify and identify the activities and management tasks that the administrative parties should carry out during the life cycle of the policy-based management system, from the perspec tive of the policy refinement process.This Thesis provides the guidelines to address policy refinement in network management contexts. Concretely, we take one step ahead in the materialisation of the policy refinement process by exploiting inherent containment properties of network management systems. For this purpose we provide the methodology to apply the concepts introduced in the policy refinement framework developed in this Thesis in the above context.In this Thesis we also execute a complete and rather detailed policy refinement process for a successful policy-based management solution. Taking the intra-domain Quality of Service Management application domain as background, we clarify and pre-sent the implications of the policy refinement problem in such a concrete application do-main.

network management

policy refinement

policy-based management

621.3

Simulation-Assisted QoS-Aware VHO in Wireless Heterogeneous Networks

Al Ridhawi, Ismaeel

08 January 2014

The main goal of today’s wireless Service Providers (SPs) is to provide optimum and ubiquitous service for roaming users while maximizing the SPs own monetary profits. The fundamental objective is to support such requirements by providing solutions that are adaptive to varying conditions in highly mobile and heterogeneous, as well as dynamically changing wireless network infrastructures. This can only be achieved through well-designed management systems. Most techniques fail to utilize the knowledge gained from previously tested reconfiguration strategies on system and network behaviour. This dissertation presents a novel framework that automates the cooperation among a number of wireless SPs facing the challenge of meeting strict service demands for a large number of mobile users. The proposed work employs a novel policy-based system configuration model to automate the process of adapting new network policies. The proposed framework relies on the assistance of a real-time simulator that runs as a constant background process in order to continuously find optimal policy configurations for the SPs’ networks. To minimize the computational time needed to find these configurations, a modified tabu-search scheme is proposed. An objective is to efficiently explore the space of network configurations in order to find optimal network decisions and provide a service performance that adheres to contracted service level agreements. This framework also relies on a distributed Quality of Service (QoS) monitoring scheme. The proposed scheme relies on the efficient identification of candidate QoS monitoring users that can efficiently submit QoS related measurements on behalf of their neighbors. These candidate users are chosen according to their devices’ residual power and transmission capabilities and their estimated remaining service lifetime. Service monitoring users are then selected from these candidates using a novel user-to-user semantic similarity matching algorithm. This step ensures that the monitoring users are reporting on behalf of other users that are highly similar to them in terms of their mobility, used services and device profiles. Experimental results demonstrate the significant gains achieved in terms of the reduced traffic overhead and overall consumed users’ devices power while achieving a high monitoring accuracy, adaptation time speedup, base station load balancing, and individual providers’ payoffs.

wireless networks

vertical handover

policy-based network management

QoS monitoring

Simulation-Assisted QoS-Aware VHO in Wireless Heterogeneous Networks

Al Ridhawi, Ismaeel

January 2014

The main goal of today’s wireless Service Providers (SPs) is to provide optimum and ubiquitous service for roaming users while maximizing the SPs own monetary profits. The fundamental objective is to support such requirements by providing solutions that are adaptive to varying conditions in highly mobile and heterogeneous, as well as dynamically changing wireless network infrastructures. This can only be achieved through well-designed management systems. Most techniques fail to utilize the knowledge gained from previously tested reconfiguration strategies on system and network behaviour. This dissertation presents a novel framework that automates the cooperation among a number of wireless SPs facing the challenge of meeting strict service demands for a large number of mobile users. The proposed work employs a novel policy-based system configuration model to automate the process of adapting new network policies. The proposed framework relies on the assistance of a real-time simulator that runs as a constant background process in order to continuously find optimal policy configurations for the SPs’ networks. To minimize the computational time needed to find these configurations, a modified tabu-search scheme is proposed. An objective is to efficiently explore the space of network configurations in order to find optimal network decisions and provide a service performance that adheres to contracted service level agreements. This framework also relies on a distributed Quality of Service (QoS) monitoring scheme. The proposed scheme relies on the efficient identification of candidate QoS monitoring users that can efficiently submit QoS related measurements on behalf of their neighbors. These candidate users are chosen according to their devices’ residual power and transmission capabilities and their estimated remaining service lifetime. Service monitoring users are then selected from these candidates using a novel user-to-user semantic similarity matching algorithm. This step ensures that the monitoring users are reporting on behalf of other users that are highly similar to them in terms of their mobility, used services and device profiles. Experimental results demonstrate the significant gains achieved in terms of the reduced traffic overhead and overall consumed users’ devices power while achieving a high monitoring accuracy, adaptation time speedup, base station load balancing, and individual providers’ payoffs.

wireless networks

vertical handover

policy-based network management

QoS monitoring

PBQoS - uma arquitetura de gerenciamento baseado em políticas para distribuição otimizada de conteúdo multimídia com controle de QoS em redes Overlay. / PBQoS - a Policy-based management architecture for optimized multimedia content distribution to control the QoS in an Overlay network.

Almeida, Fernando Luiz de

16 December 2010

Avanços nas tecnologias de comunicação e processamento de sinais além de mudar a forma de como realizar negócios em todo o mundo, têm motivado o surgimento de serviços e aplicações multimídia na Internet de forma crescente. Como conseqüência, é possível conceber, desenvolver, implantar e operar serviços de distribuição de vídeo digital na Internet, tanto na abordagem sob-demanda quanto ao vivo. Com o aumento das aplicações multimídia na rede, torna-se cada vez mais complexo e necessário definir um modelo eficiente que possa realizar o gerenciamento efetivo e integrado de todos os elementos e serviços que compõe um sistema computacional. Pensando assim, este trabalho propõe uma arquitetura de gerenciamento baseado em políticas aplicada à distribuição de conteúdo multimídia com controle de QoS (Quality of Service) em redes de sobreposição (overlay). A arquitetura é baseada nos padrões de gerenciamento por políticas definida pela IETF (Internet Engineering Task Force) que, através de informações contextuais (rede e clientes) administra os serviços disponíveis no sistema. Faz uso dos requisitos de QoS providos pela rede de distribuição e os compara com os requisitos mínimos exigidos pelos perfis das aplicações previamente mapeados em regras de políticas. Dessa forma é possível controlar e administrar os elementos e serviços do sistema, afim de melhor distribuir recursos aos usuários deste sistema. / Advances in communication technologies and signal processing have not only changed the way business is conducted around the world, but have also driven the development of services and multimedia applications on the Internet. As a result, it is possible to design, develop, deploy and operate services for digital video distribution on the Internet, both according to an on-demand approach and live. Because of the increase in multimedia applications on the network, it has become increasingly more complex and necessary to define an efficient architecture that can achieve the effective and integrated management of all the elements and services that compose a computer system. With this in mind, this study proposes developing a robust and efficient architecture based on IETF (Internet Engineering Task Force) policy management standards applied to multimedia distribution content with QoS (Quality of Service) control in Overlay Networks. This architecture makes use of QoS requirements provided by the distribution network and compares them to the minimum requirements demanded by each type of application previously mapped in the policy rules. This system makes it possible to control and manage system information and services and also to distribute resources to system users better.

Overlay Network

Policy Based Network Management

Quality of Service

Redes Overlay

Roteamento

Routing

PBQoS - uma arquitetura de gerenciamento baseado em políticas para distribuição otimizada de conteúdo multimídia com controle de QoS em redes Overlay. / PBQoS - a Policy-based management architecture for optimized multimedia content distribution to control the QoS in an Overlay network.

Fernando Luiz de Almeida

16 December 2010

Avanços nas tecnologias de comunicação e processamento de sinais além de mudar a forma de como realizar negócios em todo o mundo, têm motivado o surgimento de serviços e aplicações multimídia na Internet de forma crescente. Como conseqüência, é possível conceber, desenvolver, implantar e operar serviços de distribuição de vídeo digital na Internet, tanto na abordagem sob-demanda quanto ao vivo. Com o aumento das aplicações multimídia na rede, torna-se cada vez mais complexo e necessário definir um modelo eficiente que possa realizar o gerenciamento efetivo e integrado de todos os elementos e serviços que compõe um sistema computacional. Pensando assim, este trabalho propõe uma arquitetura de gerenciamento baseado em políticas aplicada à distribuição de conteúdo multimídia com controle de QoS (Quality of Service) em redes de sobreposição (overlay). A arquitetura é baseada nos padrões de gerenciamento por políticas definida pela IETF (Internet Engineering Task Force) que, através de informações contextuais (rede e clientes) administra os serviços disponíveis no sistema. Faz uso dos requisitos de QoS providos pela rede de distribuição e os compara com os requisitos mínimos exigidos pelos perfis das aplicações previamente mapeados em regras de políticas. Dessa forma é possível controlar e administrar os elementos e serviços do sistema, afim de melhor distribuir recursos aos usuários deste sistema. / Advances in communication technologies and signal processing have not only changed the way business is conducted around the world, but have also driven the development of services and multimedia applications on the Internet. As a result, it is possible to design, develop, deploy and operate services for digital video distribution on the Internet, both according to an on-demand approach and live. Because of the increase in multimedia applications on the network, it has become increasingly more complex and necessary to define an efficient architecture that can achieve the effective and integrated management of all the elements and services that compose a computer system. With this in mind, this study proposes developing a robust and efficient architecture based on IETF (Internet Engineering Task Force) policy management standards applied to multimedia distribution content with QoS (Quality of Service) control in Overlay Networks. This architecture makes use of QoS requirements provided by the distribution network and compares them to the minimum requirements demanded by each type of application previously mapped in the policy rules. This system makes it possible to control and manage system information and services and also to distribute resources to system users better.

Redes Overlay

Roteamento

Overlay Network

Policy Based Network Management

Quality of Service

Routing

Policy-based approach for context-aware systems

Al-Sammarraie, Mohammed

January 2011

Pervasive (ubiquitous) computing is a new paradigm where the computers are submerged into the background of the everyday life. One important aspect of pervasive systems is context-awareness. Context-aware systems are those that can adapt their behaviours according to the current context. Context-aware applications are being integrated into our everyday activity aspects such as: health care, smart homes and transportations. There exist a wide range of context-aware applications such as: mobile phones, learning systems, smart vehicles. Some context-aware systems are critical since the consequence of failing to identify a given context may be catastrophic. For example, an auto-pilot system is a critical context-aware system; it senses the humidity, clouds, wind speed and accordingly adjusts the altitude, throttle and other parameters. Being a critical context-aware system has to be provably correct. Policy-based approaches has been used in many applications but not in context-aware systems. In this research, we want to discover the anatomy (i.e. architecture, structure and operational behaviour) of policy-based management as applied to context-aware systems, and how policies are managed within such a dynamic system. We propose a novel computational model and its formalisation is presented using the Calculus of Context-aware Ambients (CCA). CCA has been proposed as a suitable mathematical notation to model mobile and context-aware systems. We decided to use CCA due to three reasons: (i) in CCA, mobility and context-awareness are primitive constructs and are treated as first-class citizens; (ii) properties of a system can be formally analysed; (iii) CCA specifications are executable, and thus, leading to rapid prototyping and early validation of the system properties. We, then show how policies can be expressed in CCA. For illustration, the specification of the event-condition-action (ECA) conceptual policy model is modelled in CCA in a natural fashion. We also propose a policy-based architecture for context-aware systems, showing its different components, and how they interact. Furthermore, we give the specification of the policy enforcement mechanism used in our proposed architecture in CCA. To evaluate our approach, a real-world case study of an infostation-based mobile learning (mLearning) system is chosen. This mLearning system is deployed across a university campus to enable mobile users to access mobile services (mServices) represented by course materials (lectures, tests and tutorials) and communication services (intelligent message notification and VoIP). Users can access the mServices through their mobile devices (Hand-set phones, PDAs and laptops) regardless of their device type or location within a university campus. We have specified the mLearning system in CCA (i.e. specification based on policies of the mServices), afterwards, the specification is simulated using the CCA interpreter tool. We have developed an animation tool specially designed for the mLearning system. The animation tool provides graphical representation of the CCA processes. In terms of safety and liveness, some important properties of the mLearning system have been validated as a proof of concept.

600

Proposal of a model for the management of active networks based on policies

Vivero Millor, Julio

12 December 2003

Les expectatives dels usuaris en relació a la quantitat i qualitat del serveis de xarxa estan creixent ràpidament. En canvi, desenvolupar e implantar nous serveis de xarxa (serveis que operen a nivell de xarxa) seguint el procés d'estandardització és massa lent i no pot satisfà les expectatives.Les xarxes actives i programables van ser proposades per acomodar la ràpida evolució de noves tecnologies i accelerar la implantació de serveis sofisticats. Les xarxes actives permeten que tercers (usuaris finals, operadors i proveïdors de servei) introdueixin serveis específics per aplicacions (en forma de codi) dins la xarxa. D'aquesta manera, les aplicacions poden fer servir aquests serveis per obtenir el suport necessari de la xarxa en termes de comportament per exemple.Tanmateix, les tecnologies de xarxes actives i programables introdueixen una complexitat addicional als elements de xarxa que ha de ser tractada pel sistema de gestió. Alguns exemples d'aquesta complexitat addicional són la necessitat de suportar nous serveis introduïts dinàmicament a la xarxa o la gestió de xarxes actives virtuals. Aquestes xarxes poden ser creades dins una infrastructura de xarxa programable per satisfer les creixents necessitats de control i particularització que els clients imposen a les xarxes. A més, la probable implantació progressiva de les xarxes actives i programables dins les xarxes IP actuals afegeix un altre requisit important al pla de gestió: aquest ha de ser capaç de suportar tecnologies de xarxa heterogènies (passives, actives i programables).La solució proposada en aquesta tesi millora els sistemes de gestió basats en polítiques amb conceptes de les tecnologies de xarxes actives i programables per satisfer tots els requisits abans esmentats; assolint, d'aquesta manera, una solució sòlida per la gestió de xarxes actives i programables.Finalment, l'arquitectura per la gestió de xarxes actives basada en polítiques (MANBoP) que proposem ha estat dissenyada per poder ser instanciada a qualsevol nivell de gestió (xarxa, sub-xarxa o element). A més, diferents instàncies es poden agrupar fàcilment per crear una infrastructura de gestió. Per exemple, una instància MANBoP de nivell de xarxa pot treballar sobre instàncies de nivell de element, o vàries instàncies de nivell de sub-xarxa poden ser creades per treballar en paral·lel, cadascuna gestionant una regió geogràfica de la xarxa diferent. L'objectiu d'aquest atribut de l'arquitectura és facilitar la tasca de creació d'una infrastructura de gestió. D'aquesta manera, els operadors de xarxa poden crear la infrastructura de gestió que més els convingui segons els seus objectius de negoci i reduir així els costs de gestió. / -RESUMENLas expectativas de los usuarios en relación con la cantidad y calidad de los servicios de red están creciendo rápidamente. En cambio, desarrollar e implantar nuevos servicios de red (servicios que operan al nivel de red) siguiendo los procesos de estandarización es demasiado lento y no colma las expectativas.Las redes activas y programables fueron propuestas para acomodar la rápida evolución de las nuevas tecnologías y acelerar la implantación de nuevos servicios más sofisticados. Las redes activas permiten que terceros (usuarios finales, operadores o proveedores de servicio) introduzcan servicios específicos para aplicaciones (en forma de código) dentro de la red. De esta forma, las aplicaciones pueden utilizar estos servicios para obtener el soporta que necesitan de la red en términos, por ejemplo, de comportamiento.Sin embargo, las tecnologías de redes activas y programables introducen una complejidad adicional en los elementos de red que debe ser tratada por el sistema de gestión. Algunos ejemplos de esta complejidad adicional son la necesidad de soportar nuevos servicios introducidos dinámicamente en la red o la gestión de redes activas virtuales. Éstas pueden ser creadas dentro de una infraestructura de red programable para satisfacer las necesidades crecientes de control y particularización que los clientes imponen sobre las redes. Además, la probable progresiva implantación de la redes activas y programables en la redes IP actuales añade otro importante requisito al plano de gestión: éste tiene que ser capaz de soportar tecnologías de red heterogéneas (pasivas, activas y programables).La solución propuesta en esta tesis mejora los sistemas de gestión basados en políticas con conceptos de las tecnologías de redes activas y programables para satisfacer todos los requisitos enumerados anteriormente, consiguiendo, de esta forma, una solución sólida para la gestión de redes activas y programables.Finalmente, la arquitectura de gestión de redes activas basada en políticas (MANBoP) que proponemos ha sido diseñada para poder ser instanciada en cualquier nivel de gestión (red, sub-red o elemento). Además, diferentes instancias pueden ser agrupadas fácilmente para crear una infraestructura de gestión. Por ejemplo, una instancia MANBoP de nivel de red puede trabajar sobre instancias de nivel de elemento, o varias instancias de nivel de sub-red pueden ser creadas para trabajar en paralelo sobre diferentes regiones geográficas de la red. El objetivo de esta característica de la arquitectura es facilitar la creación de una infraestructura de gestión para que los operadores de red puedan crear la que más les convenga según sus objetivos de negocio, reduciendo así los costes de gestión. / User expectations of the range and quality of network services are growing rapidly. However, developing and deploying new network services (i.e. services that operate on the network layer), through best practice and standardization, is too slow and cannot match the steps of expectations. Active and programmable networks were proposed to accommodate the rapid evolution of new technologies and accelerate the deployment of new sophisticated services. Active networks (AN) enable third parties (end users, operators, and service providers) to inject application-specific services (in the form of code) into the network. Applications are thus able to utilize these services to obtain required network support in terms of, e.g. performance; that is, applications are now becoming network-aware. Nonetheless, active and programmable networking technologies introduce additional complexity in network elements that must be handled by the management architecture. Examples of this additional complexity are the need of coping with new services dynamically introduced in the network, or the management of virtual active networks (VANs). VANs might be created over a programmable network infrastructure to satisfy increasing requirements for the control and customization of resources that customers impose on networks. Furthermore, the likely progressive deployment of active and programmable routers in today's IP networks introduces another important requirement in the management plane; that is, it has to be able to cope with heterogeneous network technologies, i.e., passive, active and programmable.The solution proposed in this thesis enhances a policy-based management system with active networking technology concepts to fulfill the above-mentioned requirements, thus achieving a sound solution for the management of active and programmable networks.In addition, the Management of Active Networks Based on Policies (MANBoP) framework proposed is designed to be instantiated at any management level (i.e. network, sub-network or element). Moreover, different instances can be easily set up jointly to create a management infrastructure, e.g., a network-level MANBoP instance can be set up over element-level instances, or several subnetwork-level instances can work in parallel each one managing a different geographical region of the network, etc. The aim of this framework property is to ease the management infrastructure creation task, thus allowing network operators to adapt the management infrastructure to their business needs, resulting in a reduction of management costs.

active networks

policy-based management

management

programmable networks

3325. Tecnología de las comunicaciones

621.3

A Distributed and Heuristic Policy-based Management Architecture for Large-Scale Grids

Magaña Perdomo, Edgar

30 May 2008

The aim of this thesis is to design and implement a new Grid Resource Management methodology, where non-massive resources owners would be able to share their resources and integrate human collaboration across multiple domains regardless of network technology, operative platform or administrative domain.This thesis proposes a distributed and heuristic policy-based resource management architecture for large-scale Grids. The resource management architecture proposed herein is composed of four main building blocs: services management, resource discovery and monitoring, resource scheduling and jobs allocation and activation. The Grid Services Management (GSM) and Jobs Allocation and Activation (JAA) are supported by means of a Policy-based Grid Resource Management Architecture (PbGRMA). This architecture is able to identify service needs arising from diverse sources during the deployment and management of Grid Services, such as requirements demanded by customers, applications and network conditions. Afterwards, the PbGRMA merges these requirements into deployment policies for the corresponding Grid Services. The Grid Resource Discovery and Monitoring (GRDM) is supported by the introduction of the SNMP-based Balanced Load Monitoring Agents for Resource Scheduling (SBLOMARS), in which network and computational resources are monitored by distributed agents. This allows for a flexible, heterogeneous and scalable monitoring system. The Grid Resource Scheduling (GRS) is based on the Balanced Load Multi-Constrained Resource Scheduler (BLOMERS). This heuristic scheduler represents an alternate way of solving the inherent NP-hard problem for resource scheduling in large-scale distributed networks by means of the implementation of a Genetic Algorithm.Finally, based on the outcome of both the GRDM and GRS, the PbGRMA allocates the corresponding Grid Services by means of its interfaces with Globus ToolKit Middleware and Unix-based CLI commands along of any large-scale Grid Infrastructure. The synergy obtained by these components allows Grid administrators to exploit the available resources with predetermined levels of Quality of Service (QoS), reducing computational costs and makespan in resource scheduling while ensuring that the resource load is balanced throughout the Grid. The makespan of a schedule is the time required for all jobs to be processed when no one job could be interrupted during its execution and each node can perform at most one operation at any time.This new approach has been successfully tested in a real large-scale scenario such as Grid5000. The results presented along this Thesis show that our general solution is a reliable, flexible and scalable architecture to deploy and manage Grid Services in large-scale Grid Infrastructures. Moreover, the substitution of the heuristic algorithm approach used into the Grid Resource Scheduling (GRS) phase by other non-heuristics selection algorithms could make our solution useful in smaller Grid Infrastructures.

monitoring agents

genetic alghorithms

BLOMERS

SBLOMARS

resource management

monitoring system

policy-based management

CISCO IPSLA

621.3