Accession Number : ADA297004

Title :   Research Advances in Handling Adaptive Security.

Descriptive Note : Final rept. May-Oct 94,

Corporate Author : ODYSSEY RESEARCH ASSOCIATES INC ITHACA NY

Personal Author(s) : Hird, Geoffrey R. ; McCullough, Daryl ; Brackin, Stephen ; Long, Doug

PDF Url : ADA297004

Report Date : JUN 1995

Pagination or Media Count : 63

Abstract : Static computer security policies may sometimes be inadequate for two reasons: (1) the high-level objectives of the security policy, and the approach to enforcing that policy, may change over time; and (2) the computer system itself may change its structure or configuration. The goal of this project was to study dynamic security that takes into account these two kinds of changes. The report gives the results of our study of these issues. We address the fundamental conflict between functionality and security that arises when the security policy must change dynamically. We suggest mechanisms for implementing dynamic security policies, and methods for analyzing the consequences (dynamic lattices). We introduce "task-based" dynamic policies. We present a foundational model of need-to-know. For systems that must adapt and change their configurations dynamically, we identify a way of decomposing an adaptive system that provides a systematic way of analyzing its security and ensuring that security is maintained after and during adaptations. We describe a method for performing security risk analysis of an adaptive system. We sketch a way of providing tool support for the risk analysis. (KAR) P. 3

Descriptors :   *DATA PROCESSING SECURITY, *ADAPTIVE SYSTEMS, *RESEARCH MANAGEMENT, POLICIES, RISK, TOOLS, COMPUTERS, DYNAMICS, SYSTEMS ANALYSIS, HANDLING, STATICS.

Subject Categories : Computer Systems Management and Standards

Distribution Statement : APPROVED FOR PUBLIC RELEASE