The present invention relates to a policy description assistance system and a policy description assistance method.
A management method using a policy-based management technique is widely known as a technique for optimizing operational management of large-scale networks and systems. The policy-based management technique automates processes to be executed according to the state of a network or a system using a set of policies, such as if-then rules, which associates a condition and an operation when the condition is satisfied.
Naturally, in the policy-based management technique, the correctness of policy description is very important. This is because errors in policy description have an adverse effect on a network or a system that actually operates.
On the other hand, although descriptions based on the if-then rule are, by themselves, easy to understand, it is difficult to understand existing rules and to describe or add new rules when a plurality of if-then rules affects each other. This is because in general sequential programs, a change occurring from a certain state during execution of a program is restricted to a certain location on the program sentence, whereas in the if-then rules, immediately after execution of the then clause, all rules can be a potential object that is executed next. Thus, it is difficult to understand whether the order of rules executed is described as intended.
As one method for dealing with such a problem, a formal verification technique has been applied to policies that have been described. For example, Patent Documents 1 and 2 disclose a software verification technique based on logical formulas of policies and a technique called model checking (see E. M. Clarke, O. Grumberg, and D. A. Peled, Model Checking, The MIT Press, 1999, and the like), respectively, so as to enable validity of described policies to be checked. Moreover, Patent Document 3 discloses a technique of making it easy to modify policy rules when changing system configuration. Further, Patent Document 4 discloses a monitoring technique of illustrating association between rules. For example, in a system that executes description of general if-then rules, a condition part (if clause) and a conclusion part (then clause) that satisfies the condition part can be displayed hierarchically by linking both parts by a line. Moreover, a rule that is executed by satisfying a condition and a rule that is affected by execution of the conclusion part of the rule can be displayed by connecting both rules by a line.
Patent Document 1: Patent Publication JP-A-2007-41677
Patent Document 2: WO 2008/114355
Patent Document 3: Patent Publication JP-A-2007-87232
Patent Document 4: Patent Publication JP-A-61-202230