Efficient policy conflict detection
First Claim
Patent Images
1. A method for detecting a policy conflict in a managed system, the method comprising:
- performing a multiple-level policy conflict detection sequence comprising at least a first level analysis, a second level analysis, and a third level analysis, with each level analysis being less computationally complex than the next level, wherein the performing of the multiple-level policy conflict detection sequence comprises;
examining during the first level analysis, by a policy server computing system, a plurality of policy rules for overlapping policy targets;
in response to no policy target overlaps being determined, reporting, by the policy server computing system, that the plurality of policy rules do not conflict;
in response to determining that policy targets overlap, if a set of conditions and a set of events for the policy rules are not simultaneously satisfied, then reporting, by the policy server computing system, that there is no conflict in the plurality of policies;
in response to the conditions and events for the policy rules being simultaneously satisfied, the policy server computing system applying, during the second level analysis, the plurality of policy rules to at least one of a model or an actual instance of a real system and evaluating at least one resulting macro state to determine whether a policy conflict exists;
when the second level analysis fails to find a definite conflict in the plurality of policies, the policy server computing system applying, during the third level analysis, the plurality of policy rules to a system model and evaluating at least one resulting micro state to determine whether a policy conflict exists.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and computer program product for detecting a policy conflict in a managed system includes examining a plurality of policy rules for overlapping policy targets, in response to finding no overlapping policy targets, reporting that the policy rules do not conflict, and in response to finding overlapping policy targets, examining the plurality of policy rules for at least two rules having a same condition and a same event, and, in response to not finding at least two rules having a same condition and a same event, reporting that the policy rules do not conflict.
116 Citations
4 Claims
-
1. A method for detecting a policy conflict in a managed system, the method comprising:
-
performing a multiple-level policy conflict detection sequence comprising at least a first level analysis, a second level analysis, and a third level analysis, with each level analysis being less computationally complex than the next level, wherein the performing of the multiple-level policy conflict detection sequence comprises; examining during the first level analysis, by a policy server computing system, a plurality of policy rules for overlapping policy targets; in response to no policy target overlaps being determined, reporting, by the policy server computing system, that the plurality of policy rules do not conflict; in response to determining that policy targets overlap, if a set of conditions and a set of events for the policy rules are not simultaneously satisfied, then reporting, by the policy server computing system, that there is no conflict in the plurality of policies; in response to the conditions and events for the policy rules being simultaneously satisfied, the policy server computing system applying, during the second level analysis, the plurality of policy rules to at least one of a model or an actual instance of a real system and evaluating at least one resulting macro state to determine whether a policy conflict exists; when the second level analysis fails to find a definite conflict in the plurality of policies, the policy server computing system applying, during the third level analysis, the plurality of policy rules to a system model and evaluating at least one resulting micro state to determine whether a policy conflict exists. - View Dependent Claims (2, 3, 4)
-
Specification