Developing dynamic security policies

P. Naldurg; R. H. Campbell; M. D. Mickunas

doi:10.1109/DANCE.2002.1003494

Developing dynamic security policies

P. Naldurg, R. H. Campbell, M. D. Mickunas

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

In this paper we define and provide a general construction for a class of policies we call dynamic policies. In most existing systems, policies are implemented and enforced by changing the operational parameters of shared system objects. These policies do not account for the behavior of the entire system, and enforcing these policies can have unexpected interactive or concurrent behavior. We present a policy specification, implementation, and enforcement methodology based on formal models of interactive behavior and satisfiability of system properties. We show that changing the operational parameters of our policy implementation entities does not affect the behavioral guarantees specified by the properties. We demonstrate the construction of dynamic access control policies based on safety property specifications and describe an implementation of these policies in the Seraphim active network architecture. We present examples of reactive security systems that demonstrate the power and dynamism of our policy implementations. We also describe other types of dynamic policies for information flow and availability based on safety, liveness, fairness, and other properties. We believe that dynamic policies are important building blocks of reactive security solutions for active networks.

Original language	English (US)
Title of host publication	Proceedings - DARPA Active Networks Conference and Exposition, DANCE 2002
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	204-215
Number of pages	12
ISBN (Electronic)	0769515649, 9780769515649
DOIs	https://doi.org/10.1109/DANCE.2002.1003494
State	Published - 2002
Event	DARPA Active Networks Conference and Exposition, DANCE 2002 - San Francisco, United States Duration: May 29 2002 → May 30 2002

Publication series

Name	Proceedings - DARPA Active Networks Conference and Exposition, DANCE 2002

Other

Other	DARPA Active Networks Conference and Exposition, DANCE 2002
Country/Territory	United States
City	San Francisco
Period	5/29/02 → 5/30/02

Keywords

Access control
Application software
Computer science
Contracts
Control systems
Information security
Power system management
Power system security
Safety
Software maintenance

ASJC Scopus subject areas

Computer Networks and Communications

Online availability

10.1109/DANCE.2002.1003494

Library availability

Discover UIUC Full Text

Cite this

Naldurg, P., Campbell, R. H., & Mickunas, M. D. (2002). Developing dynamic security policies. In Proceedings - DARPA Active Networks Conference and Exposition, DANCE 2002 (pp. 204-215). Article 1003494 (Proceedings - DARPA Active Networks Conference and Exposition, DANCE 2002). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DANCE.2002.1003494

Developing dynamic security policies. / Naldurg, P.; Campbell, R. H.; Mickunas, M. D.
Proceedings - DARPA Active Networks Conference and Exposition, DANCE 2002. Institute of Electrical and Electronics Engineers Inc., 2002. p. 204-215 1003494 (Proceedings - DARPA Active Networks Conference and Exposition, DANCE 2002).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Naldurg, P, Campbell, RH & Mickunas, MD 2002, Developing dynamic security policies. in Proceedings - DARPA Active Networks Conference and Exposition, DANCE 2002., 1003494, Proceedings - DARPA Active Networks Conference and Exposition, DANCE 2002, Institute of Electrical and Electronics Engineers Inc., pp. 204-215, DARPA Active Networks Conference and Exposition, DANCE 2002, San Francisco, United States, 5/29/02. https://doi.org/10.1109/DANCE.2002.1003494

@inproceedings{9b99b747175a40d6ad3bf5fc834b7055,

title = "Developing dynamic security policies",

abstract = "In this paper we define and provide a general construction for a class of policies we call dynamic policies. In most existing systems, policies are implemented and enforced by changing the operational parameters of shared system objects. These policies do not account for the behavior of the entire system, and enforcing these policies can have unexpected interactive or concurrent behavior. We present a policy specification, implementation, and enforcement methodology based on formal models of interactive behavior and satisfiability of system properties. We show that changing the operational parameters of our policy implementation entities does not affect the behavioral guarantees specified by the properties. We demonstrate the construction of dynamic access control policies based on safety property specifications and describe an implementation of these policies in the Seraphim active network architecture. We present examples of reactive security systems that demonstrate the power and dynamism of our policy implementations. We also describe other types of dynamic policies for information flow and availability based on safety, liveness, fairness, and other properties. We believe that dynamic policies are important building blocks of reactive security solutions for active networks.",

keywords = "Access control, Application software, Computer science, Contracts, Control systems, Information security, Power system management, Power system security, Safety, Software maintenance",

author = "P. Naldurg and Campbell, {R. H.} and Mickunas, {M. D.}",

note = "Publisher Copyright: {\textcopyright} 2002 IEEE.; DARPA Active Networks Conference and Exposition, DANCE 2002 ; Conference date: 29-05-2002 Through 30-05-2002",

year = "2002",

doi = "10.1109/DANCE.2002.1003494",

language = "English (US)",

series = "Proceedings - DARPA Active Networks Conference and Exposition, DANCE 2002",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "204--215",

booktitle = "Proceedings - DARPA Active Networks Conference and Exposition, DANCE 2002",

address = "United States",

}

TY - GEN

T1 - Developing dynamic security policies

AU - Naldurg, P.

AU - Campbell, R. H.

AU - Mickunas, M. D.

PY - 2002

Y1 - 2002

N2 - In this paper we define and provide a general construction for a class of policies we call dynamic policies. In most existing systems, policies are implemented and enforced by changing the operational parameters of shared system objects. These policies do not account for the behavior of the entire system, and enforcing these policies can have unexpected interactive or concurrent behavior. We present a policy specification, implementation, and enforcement methodology based on formal models of interactive behavior and satisfiability of system properties. We show that changing the operational parameters of our policy implementation entities does not affect the behavioral guarantees specified by the properties. We demonstrate the construction of dynamic access control policies based on safety property specifications and describe an implementation of these policies in the Seraphim active network architecture. We present examples of reactive security systems that demonstrate the power and dynamism of our policy implementations. We also describe other types of dynamic policies for information flow and availability based on safety, liveness, fairness, and other properties. We believe that dynamic policies are important building blocks of reactive security solutions for active networks.

AB - In this paper we define and provide a general construction for a class of policies we call dynamic policies. In most existing systems, policies are implemented and enforced by changing the operational parameters of shared system objects. These policies do not account for the behavior of the entire system, and enforcing these policies can have unexpected interactive or concurrent behavior. We present a policy specification, implementation, and enforcement methodology based on formal models of interactive behavior and satisfiability of system properties. We show that changing the operational parameters of our policy implementation entities does not affect the behavioral guarantees specified by the properties. We demonstrate the construction of dynamic access control policies based on safety property specifications and describe an implementation of these policies in the Seraphim active network architecture. We present examples of reactive security systems that demonstrate the power and dynamism of our policy implementations. We also describe other types of dynamic policies for information flow and availability based on safety, liveness, fairness, and other properties. We believe that dynamic policies are important building blocks of reactive security solutions for active networks.

KW - Access control

KW - Application software

KW - Computer science

KW - Contracts

KW - Control systems

KW - Information security

KW - Power system management

KW - Power system security

KW - Safety

KW - Software maintenance

UR - http://www.scopus.com/inward/record.url?scp=35248854997&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=35248854997&partnerID=8YFLogxK

U2 - 10.1109/DANCE.2002.1003494

DO - 10.1109/DANCE.2002.1003494

M3 - Conference contribution

AN - SCOPUS:35248854997

T3 - Proceedings - DARPA Active Networks Conference and Exposition, DANCE 2002

SP - 204

EP - 215

BT - Proceedings - DARPA Active Networks Conference and Exposition, DANCE 2002

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - DARPA Active Networks Conference and Exposition, DANCE 2002

Y2 - 29 May 2002 through 30 May 2002

ER -

Developing dynamic security policies

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this