7th USENIX Security Symposium, 1998
[Technical Program]
Pp. 1–14 of the Proceedings | |
Next: Introduction
A Comparison of Methods for
Implementing Adaptive Security Policies
Michael Carney
Secure Computing Corporation
2675 Long Lake Road
Roseville, Minnesota 55113
e-mail: carney@securecomputing.com
Brian Loe
Secure Computing Corporation
2675 Long Lake Road
Roseville, Minnesota 55113
e-mail: loe@securecomputing.com
Abstract:
The security policies for computing resources must match the
security policies of the organizations that use them; therefore,
computer security policies must be adaptive to meet the
changing security environment of their user-base. This paper
presents four methods for implementing adaptive security policies
for architectures which separate the definition of the policy in a
Security Server from the enforcement which is done by the kernel.
The four methods discussed include
- reloading a new security database for the Security Server,
- expanding the state and security database of the Security Server to
include more than one mode of operation,
- implementing another Security Server and handing off control for security
computations, and
- implementing multiple, concurrent Security Servers each controlling a
subset of processes.
Each of these methods comes with a set of trade-offs: policy
flexibility, functional flexibility, security, reliability, and
performance. This paper evaluates each of the implementations with
respect to each of these criteria. Although the methods described
in this paper were implemented for the Distributed Trusted Operating
System (DTOS) prototype, this paper describes general research, and
the conclusions drawn from this work need not be limited to that
development platform.
Brian Loe
Tue Dec 9 09:16:53 CST 1997
|