Accession Number : ADA311215

Title :   Experimentation with Adaptive Security Policies.

Descriptive Note : Final rept. Dec 94-Dec 95,

Corporate Author : SECURE COMPUTING CORP ROSEVILLE MN

Personal Author(s) : Schneider, Edward A. ; Kalsow, William ; TeWinkel, Lynn ; Carney, Michael

PDF Url : ADA311215

Report Date : JUN 1996

Pagination or Media Count : 54

Abstract : This work provides experimental evidence of the validity of recent theoretical work in the area of adaptive security policies. Solutions for several issues with these policies, including the coupling between policy and implementation, control over policy changes, stale cached data, reassigning security attributes, and recovery from change, were examined using the Distributed Trusted Operating System. Dynamic security lattices and task-based access control, previously studied by ORA, were also examined. The issue of trade-offs between security and fault tolerance, raised by SRI, was also studied, especially the problems of adapting the policy of a fault-tolerant service. An adaptation of an MLS policy enhanced with Type enforcement to a similar policy with more permissions was demonstrated, first using a single Security Server in which the policy table is replaced, and then handing off security decisions from one Security Server to another. Exercise of the relaxed permissions was audited, as specified by the Security Server.

Descriptors :   *DATA PROCESSING SECURITY, *ADAPTIVE SYSTEMS, *OPERATING SYSTEMS(COMPUTERS), CONTROL, POLICIES, DECISION MAKING, MODIFICATION, THEORY, TABLES(DATA), FAULT TOLERANCE, FAULTS.

Subject Categories : Computer Programming and Software
      Computer Systems Management and Standards

Distribution Statement : APPROVED FOR PUBLIC RELEASE