Title :
Enforcing messaging security policies
Author :
Likavec, Jaromir ; Wolthusen, Stephen D.
Author_Institution :
Fraunhofer-IGD, Darmstadt, Germany
Abstract :
A system for enforcing messaging security policies for both store and forward and streaming messaging protocols on COTS operating system platforms is described. Messaging protocols are subjected to interception, transformation, and filtering based on dynamically configurable security policies. Transformations include the automatic policy-based application of cryptographic confidentiality, integrity, and authenticity mechanisms and filtering primarily based on Bayesian analysis. The system provides a low cost, fine granularity compartmentalization mechanism for secure environments as well as for sensitive but unclassified environments using COTS operating systems and application programs without affecting user or application behavior in which the mediation of access to key material and messaging provides protection against malware and insider attacks.
Keywords :
Bayes methods; authorisation; cryptography; data privacy; message authentication; message passing; operating systems (computers); protocols; Bayesian analysis; COTS operating system; access mediation; authenticity mechanisms; compartmentalization; cryptographic confidentiality; cryptographic integrity; dynamically configurable security policies; filtering; forward messaging protocols; insider attacks; interception; malware; messaging security policies; streaming messaging protocols; transformation; Costs; Cryptographic protocols; Cryptography; Digital signatures; Filtering; Guidelines; Operating systems; Performance analysis; Public key; Security;
Conference_Titel :
Information Assurance, 2005. Proceedings. Third IEEE International Workshop on
Print_ISBN :
0-7695-2317-X
DOI :
10.1109/IWIA.2005.7
