Research On Policy Based Autonomic Mobile Network Management Mechanism

The development of large-scale heterogeneous networks tend to require network management to be more automatic and intelligent, so as to simplify the administrator's specific configuration and management work, and to better adapt to the complexity and diversity of the network management. In particular, in the real-time mobile network having high and variability, the delay-sensitive business requires a reasonable network resources allocation to improve the network performance. IBM's autonomic computing framework propose self-configuration, self-optimizing, self-healing, self-protection features to meet the needs of the intelligent autonomous network management, and the policy-based network management as a means of achieving autonomic computing, provide strong flexibility and adaptability.At the same time, the policy-based management techniques in network security management area have also acquired in-depth research and extension. The administrator draws up the unified network security management policy according to network security management requirement, and implements a unified security policy configuration and deployment in different types of network devices. The policy-based trusted network access remediation technology can make reliable and timely repair for those access terminals which does not meet the network security policy requirements, and also allows the users to re-access to the trusted network in an easily and fast way.Combining to the project of National Natural Science Foundation of China: Research on Policy-based Dynamic Resource Allocation and Management Mechanism in Mobile IP Handoff (serial number: 60573128), This dissertation focuses on the policy application in tmobile network resources autonomic management and trusted network remediation mechanism, and in-depth analyse the policy conflict and policy optimization and other related issues in these two areas.To provide the end to end QoS guarantee in large-scale heterogeneous network environment, there is a need of autonomic means to dynamically manage network resources meeting multi-dimensional needs (eg, traffic type, the user needs, network state, etc.). This paper establishes the policy-based autonomic management model of mobile resources, proposes the policy definition and hierarchy and gives the specific policy form and work mechanisms in the mobile resource allocation process. In mobile environment, changes in resource status and uncertainty for mobile switching lead that dynamic resource allocation policy conflicts can not be detected and resoluted in advance when the policy is created. This paper propose a kind of utility function based dynamic policy conflicts detection and resolution during policy execution, which realize the quantitative analysis of the conflict policie actions and improve the imperfection of the previous decision for the execution of policy actions by designating the priority. A new and feasible trusted remediation model was put forward, and the functions as well as the work flow of remediation model were explained in detail. Moreover, the communication and authentication process of remediation model were discussed. Simulations results show that by the proposed model, not only the safety and reliability of network can be ensured, but also the remediation model is easy to deploy and by which the convenient and reliable remediation services are able to be provided to those terminals who fail to meet the security policy. Aiming at the two difficulties in policy conflict problem, the judgment of condition overlap and the resolution of action conflict, this paper provides the finite semi-lattice based policy conflicts detection and resolution mechanism. This method denotes and estimates the condition overlaps using aggregation and formalizing the policy actions using finite semi-lattice algebraic structure, consequently abstract the policy conflicts resolution as the selection of new actions to perform when several policies conflict. The merits of this method are its independence of concrete policy grammar, policy hierarchy and policy application.The main research contents and conclusions in this dissertation can be summarized as follows:1. At present, domestic and international resource allocation research of fixed and wireless networks has gones in-depth toward dynamic and adaptive approach. However, the current results are still usually limited in those dynamic reservation and adjustment algorithms, to achieve dynamic and adaptive by periodically monitoring the QoS of each service inside the network and executing the appropriate resource allocation algorithm. In the mobile environment, due to the changes of network and the mobility of users, the method that fixs the allocation logic and adjustment logic into the network resource management module is insufficient to provide adequate flexibility and intelligent. The main objective of this paper is to build the autonomic mobile network resource management model, and by taking advantage of the policy means and utility computing, achieve the self-management, self-configuration and self-optimization of the mobile network, increase the utilization of the limited mobile resource and guarantee the QoS of a variety of real-time and non-real-time services. This paper establishes the policy-based autonomic management model of mobile resources, proposes the policy definition and hierarchy and gives the specific policy form and work mechanisms in the mobile resource allocation process. In mobile environment, changes in resource status and uncertainty for mobile switching lead that dynamic resource allocation policy conflicts can not be detected and resoluted in advance when the policy is created. The simulation results show that the policy based autonomic mobile resourcemanagement model has obvious advantages and flexibility, than the traditional fixed resource reservation and the simple utility maximization resource allocation method.2. With the standardization of the policy management model and related agreements, policy as an appropriate means are widely used in various security access control system, filtering rules of router and firewall, the resource allocation rules of grid system, the QoS management rules of the fixed and mobile IP network and the other fields. However, although the policy has high flexibility and intelligence, the management system is always accompanied by an important problem inevitably need to be addressed, that is the policy conflict detection and digestion. As the core of the policy management systems, policies need to ensure proper and stable configuration, to make the system effectively. In recent years, the research on policy conflict has acquired full attention, and many organizations have done relevant research, and made some progress, but there are some limitations. In mobile environment, there exist the resource situation changes and the uncertainty of mobile switching, which makes that the static policy conflict detection and resolution of the dynamic resource allocation mechanism cannot be done in advance during the policy creation. This paper analyzes the possible conflict types in policy-based resource allocation mechanism for mobile network, propose a kind of dynamic conflict detection and resolution approach based on utility function, which achieves the quantitative analysis of the policy action, and improves the situation of assigning priority to policy action to decide which policy can be implemented. The example analysis shows that according to the network resource states and the system programming goals, the real-time calculation of the utility value for dynamic resource allocation policy action can achieve the automatic policy conflict resolution, enhance the accuracy of resource allocation, and improve the dynamic resource management capabilities of the system.3. In order to solve the problem of low reliability of the existing network, Trusted Computing Group (TCG) proposed the concept of trusted networks. Trusted network is based on Trusted Platform Module (Trusted Platform Module, TPM) to complete platform integrity verification, which makes the establishment of a robust and comprehensive network possible. Although TCG organization's standard document had proposed the repair of concept, but did not give the function description and the specific plan for implementing the healing process and the isolation environment. The existing studies have not resolved the problem. If the reliable network access process lack of repair part, then for those trusted access users who do not meet the integrity requirements of network, will not know the reason why they can not acess the trusted network, and can not acquire safe and trusted channels to obtain the repair data. Users can only download the remediation resource in the manual way, which for users is a very tedious and complicated process. It will inevitably affect the initiative of users to use the trusted network, and will bring the negative impact on the popularity of the trusted network. In order to further enhance the flexibility and security, this paper put forward a new and feasible trusted remediation model (Trusted Remediation Network Model, TRNM), based on the research of the existing trusted network framework. In this paper the functions as well as the work flow of remediation model were explained in detail. Moreover, the communication and authentication process of remediation model were discussed. Simulations results show that by the proposed model, not only the safety and reliability of network can be ensured, but also the remediation model is easy to deploy and by which the convenient and reliable remediation services are able to be provided to those terminals who fail to meet the security policy.4. At present, the policy conflict related research, mostly concerned about the the formal description of policy language, the policy execution ability and the policy conflict detection algorithms. There are also some other methods, but usurally depending on a specific policy language or policy application. All the policies need to identify the condition overlap for policy conflict detection despite of different policy condition description, and if the related policies condition overlap, the conflict detection module will query the tactical action libraries to determine whether the related policy actions conflict, and then will select some action to be performed according to certain criteria to realize policy conflict resolution. The difficulty of policy conflict detection and resolution is how to determine the conditions intersection and on what criteria to select the policy action to be implemented. This paper presents a network security policy conflict resolution methods based on lattice-ordered preference. It use the preferences structure normalize policy action, and then in the event of a conflict between policies, use the similarity of partial order structure to sort the conflict actions. After validation, this method has higher efficiency and is independent of the specific policy syntax, level and application.