Arachne: Integrated Enterprise Security Management

Security policies are a key component in protecting enterprise networks. There are many defensive options available to these policies, but current mechanically-enforced security policies are limited to traditional admission-based access control. There are defensive capabilities available that include logging, firewalls, honeypots, rollback/recovery, and intrusion detection systems, but policy enforcement is essentially limited to allow/deny semantics. Furthermore, access-control mechanisms operate independently on each service, which often leads to inconsistent or incorrect application of the intended system-wide policy. To begin to solve these problems, we propose a new system for defense-in-depth using global security policies. Under a global security policy, every policy decision is made with near-global knowledge, and re-evaluated as global knowledge changes, given an initial configuration provided by the administrator. Using a variety of actuators, we make the full array of defensive capabilities available to the global policy. We outline our proposal for enterprise-wide security policies, explore the design space, and discuss Arachne, our prototype implementation.