A Flexible Architecture for Security Policy Enforcement

Washington, DC April 22-April 24

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/DISCEX.2003.1194971

DARPA Information Survivability Confe ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Patrick McDaniel Articles by Atul Prakash

	ASCII Text	x
	Patrick McDaniel, Atul Prakash, "A Flexible Architecture for Security Policy Enforcement," DARPA Information Survivability Conference and Exposition,, vol. 2, pp. 234, DARPA Information Survivability Conference and Exposition - Volume II, 2003.

	BibTex	x
	@article{ 10.1109/DISCEX.2003.1194971, author = {Patrick McDaniel and Atul Prakash}, title = {A Flexible Architecture for Security Policy Enforcement}, journal ={DARPA Information Survivability Conference and Exposition,}, volume = {2}, year = {2003}, issn = {2003102155}, pages = {234}, doi = {http://doi.ieeecomputersociety.org/10.1109/DISCEX.2003.1194971}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - DARPA Information Survivability Conference and Exposition, TI - A Flexible Architecture for Security Policy Enforcement SN - 2003102155 SP EP A1 - Patrick McDaniel, A1 - Atul Prakash, PY - 2003 KW - null VL - 2 JA - DARPA Information Survivability Conference and Exposition, ER -

Patrick McDaniel, AT&T Labs - Research

Atul Prakash, University of Michigan

Significant progress has been made on the design of security policy representations for complex communication systems. A significant problem however remains - how to design software architectures that enforce ever- changing security policy requirements efficiently. This research summary describes the security policy enforcement architecture of the Antigone 2.0 the group communication system. The architecture is designed to be flexible: new security mechanism modules are added as needed to support emerging policy requirements. Such mechanisms regulate the processing of system and network events as directed by the policy and enforce fine- grained control over sensitive data. A software bus is used coordinate the delivery of these events to mechanisms within each process. We summarize an analysis of the performance of the architecture and show that the overheads are modest for typical environments.

Citation:

Patrick McDaniel, Atul Prakash, "A Flexible Architecture for Security Policy Enforcement," discex, vol. 2, pp.234, DARPA Information Survivability Conference and Exposition - Volume II, 2003

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.