Enforcing provisioning and authorization policy in the Antigone system

Patrick McDaniel; Atul Prakash

doi:10.3233/JCS-2006-14601

Enforcing provisioning and authorization policy in the Antigone system

Patrick McDaniel, Atul Prakash

Research output: Contribution to journal › Article › peer-review

4 Scopus citations

Abstract

Prior works in communication security policy have focused on general-purpose policy languages and evaluation algorithms. However, because the supporting frameworks often defer enforcement, the correctness of a realization of these policies in software is limited by the quality of domain-specific implementations. This paper introduces the Antigone communication security policy enforcement framework. The Antigone framework fills the gap between representations and enforcement by implementing and integrating the diverse security services needed by policy. Policy is enforced by the run-time composition, configuration, and regulation of security services. We present the Antigone architecture, and demonstrate non-trivial applications and policies. A profile of policy enforcement performance is developed, and key architectural enhancements identified. We also consider the advantages and disadvantages of alternative software architectures appropriate for policy enforcement.

Original language	English (US)
Pages (from-to)	483-511
Number of pages	29
Journal	Journal of Computer Security
Volume	14
Issue number	6
DOIs	https://doi.org/10.3233/JCS-2006-14601
State	Published - 2006

All Science Journal Classification (ASJC) codes

Software
Safety, Risk, Reliability and Quality
Hardware and Architecture
Computer Networks and Communications

Access to Document

10.3233/JCS-2006-14601

Cite this

@article{7ac13cfb9bb6495491be297fa3876bd1,

title = "Enforcing provisioning and authorization policy in the Antigone system",

abstract = "Prior works in communication security policy have focused on general-purpose policy languages and evaluation algorithms. However, because the supporting frameworks often defer enforcement, the correctness of a realization of these policies in software is limited by the quality of domain-specific implementations. This paper introduces the Antigone communication security policy enforcement framework. The Antigone framework fills the gap between representations and enforcement by implementing and integrating the diverse security services needed by policy. Policy is enforced by the run-time composition, configuration, and regulation of security services. We present the Antigone architecture, and demonstrate non-trivial applications and policies. A profile of policy enforcement performance is developed, and key architectural enhancements identified. We also consider the advantages and disadvantages of alternative software architectures appropriate for policy enforcement.",

author = "Patrick McDaniel and Atul Prakash",

year = "2006",

doi = "10.3233/JCS-2006-14601",

language = "English (US)",

volume = "14",

pages = "483--511",

journal = "Journal of Computer Security",

issn = "0926-227X",

publisher = "SAGE Publications Ltd",

number = "6",

}

TY - JOUR

T1 - Enforcing provisioning and authorization policy in the Antigone system

AU - McDaniel, Patrick

AU - Prakash, Atul

PY - 2006

Y1 - 2006

N2 - Prior works in communication security policy have focused on general-purpose policy languages and evaluation algorithms. However, because the supporting frameworks often defer enforcement, the correctness of a realization of these policies in software is limited by the quality of domain-specific implementations. This paper introduces the Antigone communication security policy enforcement framework. The Antigone framework fills the gap between representations and enforcement by implementing and integrating the diverse security services needed by policy. Policy is enforced by the run-time composition, configuration, and regulation of security services. We present the Antigone architecture, and demonstrate non-trivial applications and policies. A profile of policy enforcement performance is developed, and key architectural enhancements identified. We also consider the advantages and disadvantages of alternative software architectures appropriate for policy enforcement.

AB - Prior works in communication security policy have focused on general-purpose policy languages and evaluation algorithms. However, because the supporting frameworks often defer enforcement, the correctness of a realization of these policies in software is limited by the quality of domain-specific implementations. This paper introduces the Antigone communication security policy enforcement framework. The Antigone framework fills the gap between representations and enforcement by implementing and integrating the diverse security services needed by policy. Policy is enforced by the run-time composition, configuration, and regulation of security services. We present the Antigone architecture, and demonstrate non-trivial applications and policies. A profile of policy enforcement performance is developed, and key architectural enhancements identified. We also consider the advantages and disadvantages of alternative software architectures appropriate for policy enforcement.

UR - http://www.scopus.com/inward/record.url?scp=33845195316&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33845195316&partnerID=8YFLogxK

U2 - 10.3233/JCS-2006-14601

DO - 10.3233/JCS-2006-14601

M3 - Article

AN - SCOPUS:33845195316

SN - 0926-227X

VL - 14

SP - 483

EP - 511

JO - Journal of Computer Security

JF - Journal of Computer Security

IS - 6

ER -

Enforcing provisioning and authorization policy in the Antigone system

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this