Abstract :
The immunity model, as used in the GNU cfengine project, is a distributed framework for performing policy conformant system administration, used on hundreds of thousands of Unix-like and Windows systems. This paper describes the idealized approach to policy-guided maintenance, that is approximated by cfengine, building on the notion of ‘convergent’ operations, i.e. those that reach stable equilibrium. Agents gravitate towards a policy-determined configurations, through the repeated application of unintelligent ‘anti-body’ operations or discrete, coded counter-measures. The distributed agents turn passive discovery of state into active strategy for ‘curing’ systems of policy transgressions.
