Developing dynamic security policies

P. Naldurg, R. H. Campbell, M. D. Mickunas

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In this paper we define and provide a general construction for a class of policies we call dynamic policies. In most existing systems, policies are implemented and enforced by changing the operational parameters of shared system objects. These policies do not account for the behavior of the entire system, and enforcing these policies can have unexpected interactive or concurrent behavior. We present a policy specification, implementation, and enforcement methodology based on formal models of interactive behavior and satisfiability of system properties. We show that changing the operational parameters of our policy implementation entities does not affect the behavioral guarantees specified by the properties. We demonstrate the construction of dynamic access control policies based on safety property specifications and describe an implementation of these policies in the Seraphim active network architecture. We present examples of reactive security systems that demonstrate the power and dynamism of our policy implementations. We also describe other types of dynamic policies for information flow and availability based on safety, liveness, fairness, and other properties. We believe that dynamic policies are important building blocks of reactive security solutions for active networks.

Original languageEnglish (US)
Title of host publicationProceedings - DARPA Active Networks Conference and Exposition, DANCE 2002
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages204-215
Number of pages12
ISBN (Electronic)0769515649, 9780769515649
DOIs
StatePublished - Jan 1 2002
EventDARPA Active Networks Conference and Exposition, DANCE 2002 - San Francisco, United States
Duration: May 29 2002May 30 2002

Publication series

NameProceedings - DARPA Active Networks Conference and Exposition, DANCE 2002

Other

OtherDARPA Active Networks Conference and Exposition, DANCE 2002
CountryUnited States
CitySan Francisco
Period5/29/025/30/02

Keywords

  • Access control
  • Application software
  • Computer science
  • Contracts
  • Control systems
  • Information security
  • Power system management
  • Power system security
  • Safety
  • Software maintenance

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Developing dynamic security policies'. Together they form a unique fingerprint.

Cite this