KEYWORDS: Systems modeling, Control systems, Analytical research, Safety, Dynamical systems, Prototyping, Information security, Computing systems, Defense and security, Detection and tracking algorithms
English-language policies about the desired behavior of computer systems often suffer from translation errors when
implemented with a proliferation of low-level rules governing access control, resource allocation and configuration. To
solve this, Dynamic Policy Enforcement systems replace these low-level rules with a relatively small number of
semantically grounded, machine-understandable policy statements. These statements use domain terms defined in an
ontology that are formally defined so that they can be enforced by the system but also meaningful to human
administrators to ensure that they accurately represent organizational policies. In this paper, we describe the application
of one such Dynamic Policy Enforcement system, KAoS, to the control of distributed, information-management services
defined by the Air Force Research Laboratory's Joint Battlespace Infosphere (JBI) program. Our research allows
administrators to define the desired behavior of the participants in the system, both human and software, with one
collection of well defined policies. As a result, a single set of tools for the definition, analysis, control, and monitoring
of policy can be used to implement access control, service configuration, and service delivery prioritization.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.