A Comparison of Methods for Implementing Adaptive Security Policies

Michael Carney
Secure Computing Corporation
2675 Long Lake Road
Roseville, Minnesota 55113
e-mail: carney@securecomputing.com

Brian Loe
Secure Computing Corporation
2675 Long Lake Road
Roseville, Minnesota 55113
e-mail: loe@securecomputing.com

Abstract:

The security policies for computing resources must match the security policies of the organizations that use them; therefore, computer security policies must be adaptive to meet the changing security environment of their user-base. This paper presents four methods for implementing adaptive security policies for architectures which separate the definition of the policy in a Security Server from the enforcement which is done by the kernel. The four methods discussed include

reloading a new security database for the Security Server,
expanding the state and security database of the Security Server to include more than one mode of operation,
implementing another Security Server and handing off control for security computations, and
implementing multiple, concurrent Security Servers each controlling a subset of processes.

Each of these methods comes with a set of trade-offs: policy flexibility, functional flexibility, security, reliability, and performance. This paper evaluates each of the implementations with respect to each of these criteria. Although the methods described in this paper were implemented for the Distributed Trusted Operating System (DTOS) prototype, this paper describes general research, and the conclusions drawn from this work need not be limited to that development platform.

Brian Loe
Tue Dec 9 09:16:53 CST 1997

This paper was originally published in the Proceedings of the 7th USENIX Security Symposium, January 26-29, 1998, San Antonio, Texas
Last changed: 12 April 2002 aw

Technical Program

Conference Index

USENIX home