A Cautionary Note About Policy Conflict Resolution
in Proc Military Communications Conference MILCOM (2006)
- ISBN: 142440617X
- DOI: 10.1109/MILCOM.2006.302500
Available from ieeexplore.ieee.org
or
Page 1
A Cautionary Note About Policy Conflict Resolution
1 of 8
A CAUTIONARY NOTE ABOUT POLICY CONFLICT RESOLUTION
Ritu Chadha
chadha@research.telcordia.com; Tel: +1-732-699-2987; Fax: +1-732-336-7025.
Telcordia Technologies, One Telcordia Drive, Piscataway NJ 08854, USA.
ABSTRACT
Policy-based network management promises to deliver a
high degree of automation for military network manage-
ment. A policy-based network management system pro-
vides the capability to express networking requirements in
the form of policies and have them automatically realized
in the network, without requiring further manual updates.
However, as with every technology, these benefits come at
the expense of certain obvious risks. The biggest risk asso-
ciated with policy-based management is that the policies
themselves can interact in undesirable ways, by causing
conflicting actions to be taken by the management system.
Thus it is essential that policies be analyzed for conflicts,
and that mechanisms be put in place for determining how
to resolve these conflicts. A number of policy conflict reso-
lution techniques have been described in the literature;
however, they often concentrate on the abstract problem of
formal policy analysis and have very little to do with prac-
tical policy conflict resolution in live management systems.
This paper provides an overview of the state of the art in
policy conflict detection and resolution, followed by a
critical look at what is really needed to resolve practical
policy conflicts in network management systems. The
premise of this paper is that application-specific policy
conflict detection and resolution can mostly be addressed
by careful policy writing (or re-writing), rather than via
cumbersome and unrealistically complex policy conflict
resolution solutions.
1 INTRODUCTION
The subject of policy-based network management has re-
ceived a great deal of attention in the recent past. Today’s
military networks are highly dynamic and pose stringent
requirements for security, reliability, and above all, opera-
tions automation. Policy-based network management
shows a great deal of promise due to its potential for pro-
viding a many-fold increase in automation of network op-
erations. However, as with any technology, policy-based
management is a double-edged sword. The ability to de-
fine policies provides a great deal of power to network
operators, but at the same time, puts a dangerous tool in
their hands. It is essential that policies be analyzed before
and during deployment to ensure that they do not give rise
to undesirable or inconsistent behavior.
Policy conflict detection and resolution is not a new topic,
and several approaches have been suggested in the litera-
ture for detecting and resolving various types of policy
conflicts. There are two problems here: the first is that
there is a danger that people will assume that policy con-
flict resolution strategies will magically correct all prob-
lems with poorly expressed policies (hence the title of this
paper); and the second is that much of the work in this
field provides academic solutions with over-simplified
examples, and often tends to substitute complex conflict
resolution techniques for common sense and practical pol-
icy-writing guidelines. Further, some of the approaches are
extremely cumbersome to use and require extensive mod-
eling of the managed system and of the effect that the poli-
cies have on the managed system, which itself is extremely
error-prone, leading to the obvious next question: how can
anyone guarantee that these models themselves are con-
flict-free? Do we need conflict resolution systems for con-
flict resolution systems?
In this paper, we postulate that application-specific run-
time conflict resolution is largely unnecessary, and that
most of time, more effective conflict resolution can be
achieved by careful inspection and rewriting of policies.
The argument that has been put forward against this ap-
proach is that when a user wants to add a new policy, the
user would have to examine the entire set of existing poli-
cies to be able to write the new policy correctly. This ar-
gument is refuted as follows: if application-specific con-
flict resolution is being used, the user may be able to write
a new policy without looking at other policies, but will still
need to look at all the existing policies to uncover potential
conflicts with these policies! This is because any mecha-
nized conflict resolution approach still requires the user to
manually develop conflict resolution rules. Thus manual
analysis is still required, regardless of the approach. The
question is – which approach is better? In order to answer
this questions, we need to look at the pros and cons of each
approach.
This paper is structured as follows. The next section pro-
vides a brief definition of the structure of a policy, to set
the stage for discussions about policy conflicts. Section 3
provides an overview of related work. Section 4 describes
types of policy conflicts, and Section 5 describes our pro-
posed approach to conflict resolution. In Section 6, two
A CAUTIONARY NOTE ABOUT POLICY CONFLICT RESOLUTION
Ritu Chadha
chadha@research.telcordia.com; Tel: +1-732-699-2987; Fax: +1-732-336-7025.
Telcordia Technologies, One Telcordia Drive, Piscataway NJ 08854, USA.
ABSTRACT
Policy-based network management promises to deliver a
high degree of automation for military network manage-
ment. A policy-based network management system pro-
vides the capability to express networking requirements in
the form of policies and have them automatically realized
in the network, without requiring further manual updates.
However, as with every technology, these benefits come at
the expense of certain obvious risks. The biggest risk asso-
ciated with policy-based management is that the policies
themselves can interact in undesirable ways, by causing
conflicting actions to be taken by the management system.
Thus it is essential that policies be analyzed for conflicts,
and that mechanisms be put in place for determining how
to resolve these conflicts. A number of policy conflict reso-
lution techniques have been described in the literature;
however, they often concentrate on the abstract problem of
formal policy analysis and have very little to do with prac-
tical policy conflict resolution in live management systems.
This paper provides an overview of the state of the art in
policy conflict detection and resolution, followed by a
critical look at what is really needed to resolve practical
policy conflicts in network management systems. The
premise of this paper is that application-specific policy
conflict detection and resolution can mostly be addressed
by careful policy writing (or re-writing), rather than via
cumbersome and unrealistically complex policy conflict
resolution solutions.
1 INTRODUCTION
The subject of policy-based network management has re-
ceived a great deal of attention in the recent past. Today’s
military networks are highly dynamic and pose stringent
requirements for security, reliability, and above all, opera-
tions automation. Policy-based network management
shows a great deal of promise due to its potential for pro-
viding a many-fold increase in automation of network op-
erations. However, as with any technology, policy-based
management is a double-edged sword. The ability to de-
fine policies provides a great deal of power to network
operators, but at the same time, puts a dangerous tool in
their hands. It is essential that policies be analyzed before
and during deployment to ensure that they do not give rise
to undesirable or inconsistent behavior.
Policy conflict detection and resolution is not a new topic,
and several approaches have been suggested in the litera-
ture for detecting and resolving various types of policy
conflicts. There are two problems here: the first is that
there is a danger that people will assume that policy con-
flict resolution strategies will magically correct all prob-
lems with poorly expressed policies (hence the title of this
paper); and the second is that much of the work in this
field provides academic solutions with over-simplified
examples, and often tends to substitute complex conflict
resolution techniques for common sense and practical pol-
icy-writing guidelines. Further, some of the approaches are
extremely cumbersome to use and require extensive mod-
eling of the managed system and of the effect that the poli-
cies have on the managed system, which itself is extremely
error-prone, leading to the obvious next question: how can
anyone guarantee that these models themselves are con-
flict-free? Do we need conflict resolution systems for con-
flict resolution systems?
In this paper, we postulate that application-specific run-
time conflict resolution is largely unnecessary, and that
most of time, more effective conflict resolution can be
achieved by careful inspection and rewriting of policies.
The argument that has been put forward against this ap-
proach is that when a user wants to add a new policy, the
user would have to examine the entire set of existing poli-
cies to be able to write the new policy correctly. This ar-
gument is refuted as follows: if application-specific con-
flict resolution is being used, the user may be able to write
a new policy without looking at other policies, but will still
need to look at all the existing policies to uncover potential
conflicts with these policies! This is because any mecha-
nized conflict resolution approach still requires the user to
manually develop conflict resolution rules. Thus manual
analysis is still required, regardless of the approach. The
question is – which approach is better? In order to answer
this questions, we need to look at the pros and cons of each
approach.
This paper is structured as follows. The next section pro-
vides a brief definition of the structure of a policy, to set
the stage for discussions about policy conflicts. Section 3
provides an overview of related work. Section 4 describes
types of policy conflicts, and Section 5 describes our pro-
posed approach to conflict resolution. In Section 6, two
Sign up today - FREE
Mendeley saves you time finding and organizing research. Learn more
- All your research in one place
- Add and import papers easily
- Access it anywhere, anytime
Start using Mendeley in seconds!
Readership Statistics
3 Readers on Mendeley
by Discipline
by Academic Status
33% Post Doc
33% Ph.D. Student
33% Professor
by Country
67% Ireland
33% Brazil