Enforcing provisioning and authorization policy in the Antigone system

Patrick McDaniel, Atul Prakash

Research output: Contribution to journalArticlepeer-review

4 Scopus citations


Prior works in communication security policy have focused on general-purpose policy languages and evaluation algorithms. However, because the supporting frameworks often defer enforcement, the correctness of a realization of these policies in software is limited by the quality of domain-specific implementations. This paper introduces the Antigone communication security policy enforcement framework. The Antigone framework fills the gap between representations and enforcement by implementing and integrating the diverse security services needed by policy. Policy is enforced by the run-time composition, configuration, and regulation of security services. We present the Antigone architecture, and demonstrate non-trivial applications and policies. A profile of policy enforcement performance is developed, and key architectural enhancements identified. We also consider the advantages and disadvantages of alternative software architectures appropriate for policy enforcement.

Original languageEnglish (US)
Pages (from-to)483-511
Number of pages29
JournalJournal of Computer Security
Issue number6
StatePublished - 2006

All Science Journal Classification (ASJC) codes

  • Software
  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture
  • Computer Networks and Communications


Dive into the research topics of 'Enforcing provisioning and authorization policy in the Antigone system'. Together they form a unique fingerprint.

Cite this