Generating policies for defense in depth

Author

Rubel, Paul ; Ihde, Michael ; Harp, Steven ; Payne, Charles

Author_Institution

BBN Technol., Cambridge, MA

fYear

2005

fDate

5-9 Dec. 2005

Lastpage

514

Abstract

Coordinating multiple overlapping defense mechanisms, at differing levels of abstraction, is fraught with the potential for misconfiguration, so there is strong motivation to generate policies for those mechanisms from a single specification in order to avoid that risk. This paper presents our experience and the lessons learned as we developed, validated and coordinated network communication security policies for a defense-in-depth enabled system that withstood sustained red team attack. Network communication was mediated by host-based firewalls, process domain mechanisms and application-level security policies enforced by the Java virtual machine. We coordinated the policies across the layers using a variety of tools, but we discovered that, at least for defense-in-depth enabled systems, constructing a single specification from which to derive all policies is probably neither practical nor even desirable

Keywords

Java; authorisation; telecommunication security; virtual machines; Java virtual machine; application-level security policy; defense-in-depth enabled system; host-based firewall; multiple overlapping defense mechanism; network communication security policy; process domain mechanism; red team attack; Application software; Communication system security; Computer security; Contracts; Java; Software tools; Virtual machining;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 21st Annual

Conference_Location

Tucson, AZ

ISSN

1063-9527

Print_ISBN

0-7695-2461-3

Type

conf

DOI

10.1109/CSAC.2005.26

Filename

1565277