A flexible architecture for security policy enforcement

P. McDaniel, A. Prakash

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Scopus citations

Abstract

Significant progress has been made on the design of security policy representations for complex communication systems. A significant problem however remains of how to design software architectures that enforce ever-changing security policy requirements efficiently. This research summary describes the security policy enforcement architecture of the Antigone 2.0 group communication system. The architecture is designed to be flexible: new security mechanism modules are added as needed to support emerging policy requirements. Such mechanisms regulate the processing of system and network events as directed by the policy and enforce fine-grained control over sensitive data. A software bus is used coordinate the delivery of these events to mechanisms within each process. We summarize an analysis of the performance of the architecture and show that the overheads are modest for typical environments.

Original languageEnglish (US)
Title of host publicationProceedings - DARPA Information Survivability Conference and Exposition, DISCEX 2003
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages234-239
Number of pages6
ISBN (Electronic)0769518974, 9780769518978
DOIs
StatePublished - 2003
EventDARPA Information Survivability Conference and Exposition, DISCEX 2003 - Washington, United States
Duration: Apr 22 2003Apr 24 2003

Publication series

NameProceedings - DARPA Information Survivability Conference and Exposition, DISCEX 2003
Volume2

Other

OtherDARPA Information Survivability Conference and Exposition, DISCEX 2003
Country/TerritoryUnited States
CityWashington
Period4/22/034/24/03

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems
  • Control and Systems Engineering
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'A flexible architecture for security policy enforcement'. Together they form a unique fingerprint.

Cite this