|
7th USENIX Security Symposium, San Antonio, Texas
A Comparison of Methods for Implementing Adaptive Security Policies
Michael Carney and Brian Loe
Secure Computing Corporation
Abstract
The security policies for computing resources must match the
security policies of the organizations that use them; therefore,
computer security policies must be adaptive to meet the
changing security environment of their user-base. This paper
presents four methods for implementing adaptive security policies
for architectures which separate the definition of the policy in a
Security Server from the enforcement which is done by the kernel.
The four methods discussed include
- reloading a new security database for the Security Server,
- expanding the state and security database of the Security Server to
include more than one mode of operation,
- implementing another Security Server and handing off control for security
computations, and
- implementing multiple, concurrent Security Servers each controlling a
subset of processes.
Each of these methods comes with a set of trade-offs: policy
flexibility, functional flexibility, security, reliability, and
performance. This paper evaluates each of the implementations with
respect to each of these criteria. Although the methods described
in this paper were implemented for the Distributed Trusted Operating
System (DTOS) prototype, this paper describes general research, and
the conclusions drawn from this work need not be limited to that
development platform.
- View the full text of this paper in
HTML form and
PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|
Need help? Use our Contacts page.
Technical Program