Security in computing
Using type enforcement to assure a configurable guard
ACSAC '97 Proceedings of the 13th Annual Computer Security Applications Conference
Implementing RBAC on a type enforced system
ACSAC '97 Proceedings of the 13th Annual Computer Security Applications Conference
Assuring Distributed Trusted Mach
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Two Dimensional Time-Series for Anomaly Detection and Regulation in Adaptive Systems
DSOM '02 Proceedings of the 13th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Management Technologies for E-Commerce and E-Business Applications
The Specification and Enforcement of Advanced Security Policies
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Firmato: A novel firewall management toolkit
ACM Transactions on Computer Systems (TOCS)
LISA '98 Proceedings of the 12th USENIX conference on System administration
Using certified policies to regulate E-commerce transactions
ACM Transactions on Internet Technology (TOIT)
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
| Hi-index | 0.00 |
The security policies for computing resources must match the security policies of the organizations that use them; therefore, computer security policies must be adaptive to meet the changing security environment of their user-base. This paper presents four methods for implementing adaptive security policies for architectures which separate the definition of the policy in a Security Server from the enforcement which is done by the kernel. The four methods discussed include • reloading a new security database for the Security Server, • expanding the state and security database of the Security Server to include more than one mode of operation, • implementing another Security Server and handing off control for security computations, and • implementing multiple, concurrent Security Servers each controlling a subset of processes. Each of these methods comes with a set of trade-offs: policy flexibility, functional flexibility, security, reliability, and performance. This paper evaluates each of the implementations with respect to each of these criteria. Although the methods described in this paper were implemented for the Distributed Trusted Operating System (DTOS) prototype, this paper describes general research, and the conclusions drawn from this work need not be limited to that development platform.