Engineering Policy Research Articles

Security Policy Development: Towards a Life-Cycle and Logic-Based Verification Model

Although security plays a major role in the design of software systems, security requirements and policies are usually added to an already existing system, not created in conjunction with the product. As a result, there are often numerous problems with the overall design. In this paper, we discuss the relationship between software engineering, security engineering, and policy engineering and present a security policy life-cycle; an engineering methodology to policy development in high assurance computer systems. The model provides system security managers with a procedural engineering process to develop security policies. We also present an executable Prolog-based model as a formal specification and knowledge representation method using a theorem prover to verify system correctness with respect to security policies in their life-cycle stages.

A study on the development and exports outlook of palm biodiesel in Malaysia

This study provides a comprehensive analysis on the use of palm biodiesel in Malaysia and its exports outlook in the world market. The Malaysian government planned to introduce processed palm oil blends with diesel for domestic use under a mandatory ruling with methyl ester, derived from palm oil, for exports. The domestic market is far from ready as proper policy framework and engine warranty are yet in place. As with the export market, palm oil is potentially competitive to supply to the growing biofuel markets with respect to its price, productivity, and production volume. Nevertheless, international trade in biodiesel is minimal, as yet, and heavily restricted by trade barriers, agriculture policies, subsidies, incentives, etc.

Building an Application-Aware IPsec Policy System

As a security mechanism at the network-layer, the IP security protocol (IPsec) has been available for years, but its usage is limited to Virtual Private Networks (VPNs). The end-to-end security services provided by IPsec have not been widely used. To bring the IPsec services into wide usage, a standard IPsec API is a potential solution. However, the realization of a user-friendly IPsec API involves many modifications on the current IPsec and Internet Key Exchange (IKE) implementations. An alternative approach is to configure application-specific IPsec policies, but the current IPsec policy system lacks the knowledge of the context of applications running at upper layers, making it infeasible to configure application-specific policies in practice. In this paper, we propose an application-aware IPsec policy system on the existing IPsec/IKE infrastructure, in which a socket monitor running in the application context reports the socket activities to the application policy engine. In turn, the engine translates the application policies into the underlying security policies, and then writes them into the IPsec Security Policy Data-base (SPD) via the existing IPsec policy management interface. We implement a prototype in Linux (Kernel 2.6) and evaluate it in our testbed. The experimental results show that the overhead of policy translation is insignificant, and the overall system performance of the enhanced IPsec is comparable to those of security mechanisms at upper layers. Configured with the application-aware IPsec policies, both secured applications at upper layers and legacy applications can transparently obtain IP security enhancements.

Optimized FMIPv6 Using IEEE 802.21 MIH Services in Vehicular Networks

In this paper, we optimize the handover procedure in the fast handover for mobile IPv6 (FMIPv6) protocol by using the IEEE 802.21 media independent handover (MIH) services. FMIPv6 is used to enhance the performance of handovers in mobile IPv6 and its basic extension for network mobility (NEMO), i.e., the fundamental mobility management protocols used in vehicular networks. With the aid of the lower three layers' information of the mobile node/router (MN/MR) and the neighboring access networks, we tackle the radio access discovery and candidate access router (AR) discovery issues of FMIPv6. We introduce an "information element container" to store static and dynamic layer 2 (L2) and layer 3 (L3) information of neighboring access networks and propose to use a special cache maintained by the MN/MR to reduce the anticipation time in FMIPv6, thus increasing the probability of the predictive mode of FMIPv6 operation. Furthermore, we propose a cross-layer mechanism for making intelligent handover decisions in FMIPv6. The lower layer information of the available links obtained by MIH services and the higher layer information such as quality-of-service (QoS) parameter requirements of the applications are used by a policy engine to make intelligent handover decision. We will show through analysis and simulations of the signaling procedure that the overall expected handover (both L2 and L3) latency in FMIPv6 can be significantly reduced in the proposed mechanism.

Fighting Terror by Rite of Redemption and Reconciliation

This essay examines the Bush administration's rhetoric of evil in the war on terror and invasion of Iraq by reframing the question of national security into one of a chosen people's recurring quest for redemption. As such, ritualized perceptions of peril are an engine of unreflective policy making. Yet the ritual of redemptive violence suggests a remedy from within war culture, which begins with reconsidering the function of the scapegoat vis-à-vis the articulation of categorical guilt. From there, the essay explores the notion of transforming the scapegoat mechanism through rehumanizing rituals into a peace-building, as opposed to enemy-making, salvation device.

The Use of A Multidisciplinary Project to Expand the Materials Science Curriculum

AbstractA special interdisciplinary project course was offered in the Fall of 2006 within the Carnegie Institute of Technology at Carnegie Mellon University. The course was open to students from across the university, it drew participants from Civil and Environmental Engineering, Engineering and Public Policy, Materials Science and Engineering, Architecture, the School of Design. This multidisciplinary collection of students formed the necessary knowledge base to approach the various tasks of the project. Each student was to rely on their academic experience and talents to contribute to the work, while simultaneously learning from those in other disciplines. The participating material science and engineering were juniors acquainted with fundamental of materials. Some students were taking courses involving steel making process and steel mechanical properties concurrently. Students in civil and mechanical engineering and architecture are familiar with structural design and construction processes. Students in engineering and public policy and environmental engineering have experience with life cycle assessment and environmental impacts. The collaborative group experience introduced students to how disciplines interact in the real world, encouraging them to pursue their own interests in broader areas.The project consisted of three efforts assessing life cycle impact in terms of energy consumption, greenhouse gas emissions, and economic costs of equivalent products made from both steel and wood The first effort involved comparison of steel products versus wood products in existing designs. The second, looked at the optimization of steel products to improve design options and the third tried to identifying opportunities to leverage the use of steel materials in green building design and construction, based on certification requirements established by the US Green Building Council and the Leadership in Energy and Environmental Design (LEED) rating system.At Carnegie Mellon, the Green Design Initiative researchers have been leaders in life cycle assessment methodology development and assessment, and have a history of merging students and faculty from across the university into research teams. This multidisciplinary project was good example of how common topics can be exploited to provide excellent discovery opportunities for undergraduate engineering programs.

X-FEDERATE: a policy engineering framework for federated access management

Policy-based management (PBM) has been considered as a promising approach for design and enforcement of access management policies for distributed systems. The increasing shift toward federated information sharing in the organizational landscape, however, calls for revisiting current PBM approaches to satisfy the unique security requirements of the federated paradigm. This presents a twofold challenge for the design of a PBM approach, where, on the one hand, the policy must incorporate the access management needs of the individual systems, while, on the other hand, the policies across multiple systems must be designed in such a manner that they can be uniformly developed, deployed, and integrated within the federated system. In this paper, we analyze the impact of security management challenges on policy design and formulate a policy engineering methodology based on principles of software engineering to develop a PBM solution for federated systems. We present X-FEDERATE, a policy engineering framework for federated access management using an extension of the well-known role-based access control (RBAC) model. Our framework consists of an XML-based policy specification language, its UML-based meta-model, and an enforcement architecture. We provide a comparison of our framework with related approaches and highlight its significance for federated access management. The paper also presents a federation protocol and discusses a prototype of our framework that implements the protocol in a federated digital library environment

DRIC: Dependable Grid Computing Framework

Grid computing presents a new trend to distributed and Internet computing to coordinate large scale resources sharing and problem solving in dynamic, multi-institutional virtual organizations. Due to the diverse failures and error conditions in the grid environments, developing, deploying, and executing applications over the grid is a challenge, thus dependability is a key factor for grid computing. This paper presents a dependable grid computing framework, called DRIC, to provide an adaptive failure detection service and a policy-based failure handling mechanism. The failure detection service in DRIC is adaptive to users' QoS requirements and system conditions, and the failure-handling mechanism can be set optimized based on decision-making method by a policy engine. The performance evaluation results show that this framework is scalable, high efficiency and low overhead.

Data Protection and Data Sharing in Telematics

Automotive telematics may be defined as the information-intensive applications enabled for vehicles by a combination of telecommunications and computing technology. Telematics by its nature requires the capture, storage, and exchange of sensor data to obtain remote services. Such data likely include personal, sensitive information, which require proper handling to protect the driver's privacy. Some existing approaches focus on protecting privacy through anonymous interactions or by stopping information flow altogether. We complement these by concentrating instead on giving different stakeholders control over data sharing and use. In this paper, we identify several data protection challenges specifically related to the automotive telematics domain, and propose a general data protection framework to address some of those challenges. The framework enables data aggregation before data is released to service providers, which minimizes the disclosure of privacy sensitive information. We have implemented the core component, the privacy engine, to help users manage their privacy policies and to authorize data requests based on policy matching. The policy manager provides a flexible privacy policy model that allows data subjects to express rich constraint-based policies, including event-based, and spatio-temporal constraints. Thus, the policy engine can decide on a large number of requests without user assistance and causes no interruptions while driving. A performance study indicates that the overhead is stable with an increasing number of data subjects.

Formal support for certificate management policies

Traditionally, creation and revocation of certificates are governed by policies that are carried manually, off-line, by trusted agents. This approach to certificate management is appropriate for many current applications, where these policies cannot be verified automatically (e.g. require verification of non-digital credentials). But it is expensive, time consuming and error-prone for the growing class of applications where certificate management policies can be formalized and carried out automatically. We argue that, in these cases, creation and revocation of certificates could be viewed as any other on-line service available in a system. Access to these particular service instances could be regulated much in the same manner as file access or resource allocation. This paper proposes a formulation for certification and revocation policies, and a framework for their support. In this framework, certificate management policies are enforced by generic policy engines, wrapped around certification authorities and revocation servers. The proposed framework is easy to deploy, requiring no modifications of current public-key infrastructure (PKI). Moreover, we show that this framework is quite affordable, even in its present, experimental stage.

Gigabit ethernet switches using a shared buffer architecture

Gigabit Ethernet networks have seen great demand in recent years. This growth was fueled by both an increase in port speed at the client side and new applications in MAN and WAN space. In this article, we report a highly integrated Ethernet switch IC design that supports 12 gigabit ports and one 10 Gb port. All packet memory and search memory are integrated on chip. A deeply pipelined structure with parallel memory access is employed to achieve wirespeed search performance. A flexible policy engine is designed to allow packet filtering and modification. A novel tail buffer architecture is proposed to address the variable packet length issue in the shared buffer architecture. Custom mixed-signal circuits are incorporated to implement the 10G Ethernet interface in XGMII. The chip integrates 70 million transistors in a 16 mm × 15 mm die using 0.18 μm CMOS technology. The chip has been tested to verify the wirespeed searching and switching performance.

Architecture and Environment for Enabling Interactive Grids

Traditional use of grid computing allows a user to submit batch jobs in a grid environment. We believe, next generation grids will extend the application domain to include interactive graphical sessions. We term such grids Interactive Grids. In this paper, we describe some of the challenges involved in building Interactive Grids. These include fine grain access control, performance QoS guarantees, dynamic account management, scheduling, and user data management. We present the key architectural concepts in building Interactive Grids viz. hierarchical sessions, hierarchical admission control, hierarchical agents, classes of dynamic accounts, application profiling, user data management, scheduling for interactive sessions, persistent environment settings, and exporting remote desktop. We also describe IGENV, an environment for enabling interactive grids. IGENV consists of GISH -'Grid Interactive Shell', Controlled Desktop, SAC -'Session Admission Control' module, GMMA -'Grid Monitoring and Management Agents', and Policy Engine. We also present our testbed implementation for Interactive Grids using and extending Globus Toolkit 2.0 for the Grid middleware infrastructure, and VNC as the remote display technology.

Hutang Luar Negeri Pemicu Krisis Ekonomi Indonesia

The multidimensional crisis in Indonesia today, is a real reflection of the government policy engineering, which fully relies on the foreign debt. This kind of crisis, therefore, can be seen as the implication of the implementation of the wrong, economic policies as occuring in many developing countries.

Hutang Luar Negeri Pemicu Krisis Ekonomi Indonesia

The multidimensional crisis in Indonesia today, is a real reflection of the government policy engineering, which fully relies on the foreign debt. This kind of crisis, therefore, can be seen as the implication of the implementation of the wrong, economic policies as occuring in many developing countries.Â

Scott, Contempt And Pity - Social Policy And The Image Of The Damaged Black Psyche, 1880-1996

Societal-generated images and perceptions of a population group invariably exact a price. Even when such images are the handiwork of scholars and experts, a toll results nonetheless, often with social and public policy implications. African-Americans are arguably the most glaring population group example of this scenario. Certainly the scholarly debate continues regarding the historical origins of popular perceptions of and about African-Americans. There is as well an ongoing scholarly debate about the social and public policy ramifications of popular images of African-Americans, both historical and contemporary. In his recent publication, Contempt and Pity: Social Policy and the Image of the Damaged Black Psyche, 1880-1996, Daryl Scott of Columbia University endeavors to isolate and identify specific bodies of social science scholarship that have given historical currency to notions of pathology in Black life. Indeed, as to his own scholarly intent, Scott leaves little, if any, doubt. It is "to make a contribution to the study of social science history by combining a study of social science ideas with the making of social policy." Scott provides an engagingly crafted analysis and discussion of the linkage between social science scholarship, Black imagery, and social policy engineering.

Foreign Policy Engineering: From Theory to Practice and Back Again

Foreign Policy Engineering: From Theory to Practice and Back Again

Regulation of advanced practice nursing--the cog in the health policy engine.

Regulation of advanced practice nursing--the cog in the health policy engine.

Az ipar szerepe a „szocialista” gazdaság- és területfejlesztési politikában

The situation was easily assessable, and the tasks were clear for the regional experts of the socialist era: industry (autarchy and over-emphasized defence objectives gave priority to heavy industry) was the engine of economic development policy, which was also based on industrial development. It must be added, that little attention was paid on details. In stead of developing a structurally well-balanced and efficient regional policy which meets the characteristics of different regions and then can be fitted into an organic regional economy, the primary objective was to increase the number of industrial workplaces.

"Religion as an Engine of Civil Policy": A Comment on the First Amendment Limitations on the Church-State Partnership in the Social Welfare Field

James Madison warned in his famous Memorial and Remonstrance Against Religious Assessments that to use tax revenues to finance teachers of the Christian Religion is to Religion as an engine of Civil policy.' Such a tax assessment would of course violate the Establishment Clause of the first amendment.2 Congress cannot prescribe religious education for the ills of society. But the federal and state governments can employ religiously motivated persons and institutions to carry out governmental functions. As Chief Justice Warren stated in McGowan v. Maryland,3 government action is not banned under the first amendment merely because it happens to coincide or harmonize with the tenets of some or all religions.4 The many Church-State partnerships in the social service field are based upon this fortunate harmonization of governmental and religious purposes. Chief Justice Warren's statement answers one question yet creates another, perhaps more important, one. Governmental and religious purposes may validly coincide, but at what point does this harmonization of purpose become subsidization of religious activity in effect? Supreme Court cases since McGowan give answers to this question. In three sections, this paper will analyze the first amendment limitations on the Church-State partnership in the social services field. In the first section, the past and present role of the Church5 as a social service provider will be summarized. In the second section, the Religion Clauses will be analyzed to determine what constitutional restrictions are imposed upon the Church and State when they deal with