Up to: Projects Page, DSE Section, Department of Computing, Imperial College

Pro-active role based management for Telecommunication Services

Sponsor: Fujitsu Network Systems Laboratories, Kawasaki, Japan

Participants: Emil Lupu, Morris Sloman, Jeff Kramer, Jeff Magee

  1. Motivation

    2. The vast improvement in the past few years of telecommunication networks has lead to the multiplication of services offered to customers and of organisations involved in the provision of services between communication endpoints. This complicates the management task of the network operators which have to operate in a complex pattern of customer/provider relationships as well as manage an exponentially increasing number of objects. Often there is no clear informal or formal specification of the management policies and procedures which have to be enforced.

    Further, the advent of ATM networks and the diversity of transmission media leads to adaptive Quality of Service requirements and management. This shifts network management controls towards the end user and application. The devolution of management responsibilities towards the user requires a tight access control from the service providers and rigorous specification of the management actions to be taken. Access control is however not sufficient since the use of services must be monitored and coercive actions must be taken for the full enforcement of security.

    Because several operators, within the same organisation or across organisational boundaries, have responsibility for managing network resources the specifications of the management tasks have to be further aggregated into roles delimiting the scope of responsibility. Thus, roles and relationships which represent the organisational structure are needed. >From a security point of view this implies the realisation of role based access control.

    As a result of these requirements several policies may apply to an object and conflicts may arise between them. These conflicts must be detected and/or resolved in order to ensure the consistency of the sets of policies. Some of the feature interaction conflicts may also be detected in this way.

  2. Objectives

    3. i) Policy, role and relationship specification - Refine and extend the tool support for the specification of policies, roles and relationships.

    ii) Policy/Role Analysis and Conflict detection

    iii) Case Study and Demonstrator - Evaluation of the applicability of the concepts developed to Telecommunications Service management.

  3. Relevant Publications

    4. Lupu, E.C. and M.S. Sloman (1999)Conflicts in Policy-based Distributed Systems Management. To appear in IEEE Transactions on Software Engineering, Special Issue on Inconsistency Managment, 1999.

    Lupu, E. C. and M. S. Sloman (1997). A Policy Based Role Object Model. In Proceedings of the 1st IEEE International Enterprise Distributed Object Computing Workshop (EDOC'97), Gold Coast, Queensland, Australia, pp 36-47, October 1997.

    Lupu, E. C., and M. S. Sloman (1997). Reconciling Role Based Management and Role Based Access Control. Proceedings of the Second ACM Workshop on Role Based Access Control. Fairfax, Virginia, USA. ACM Press, ISBN 0-89791-985-8, November 1997, pp. 135-142.

Web pages maintained by Dan Chalmers (dc@doc.ic.ac.uk), unless otherwise indicated.