Title :
Ensuring continuity during dynamic security policy reconfiguration in DTE
Author :
Fraser, Timothy ; Badger, Lee
Author_Institution :
Trusted Inf. Syst. Inc., Glenwood, MD, USA
Abstract :
Operating system kernels capable of simultaneously enforcing multiple security policies provide economic benefits over those that cannot: they allow a single kernel to concurrently provide its costly or unique resources to a number of projects, each with its own individual security requirements. The additional ability to dynamically reconfigure its policy during run time allows a kernel to take on new projects and their policies and to remove old ones without disturbing those that remain. Unfortunately, the policy added to govern a new project may conflict with the kernel´s existing policy components, invalidating their security properties and negating the protection they pro vide. This danger is an obstacle to the practical operation of these kernels. The paper describes how the Domain and Type Enforcement (DTE) prototype kernel implements automatic safeguards to reject policy extensions which would invalidate BLP, Ring, Strict Integrity, Clark-Wilson, and Assured Pipeline security properties of its existing policy
Keywords :
configuration management; operating system kernels; protocols; security of data; Assured Pipeline security properties; BLP; Clark-Wilson; DTE; Domain and Type Enforcement prototype kernel; Strict Integrity; automatic safeguards; continuity; dynamic security policy reconfiguration; economic benefits; multiple security policies; operating system kernels; policy components; policy extensions; security properties; security requirements; unique resources; Collaboration; Information security; Information systems; Kernel; Operating systems; Pipelines; Protection; Prototypes; Runtime; Trademarks;
Conference_Titel :
Security and Privacy, 1998. Proceedings. 1998 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-8386-4
DOI :
10.1109/SECPRI.1998.674820
