A Comparison of Methods for Implementing Adaptive Security Policies
The security policies for computing resources must match the security policies of the organizations that use them; therefore, computer security policies must be adaptive to meet the changing security environment of their user-base. This paper presents four methods for implementing adaptive security policies for architectures which separate the definition of the policy in a Security Server from the enforcement which is done by the kernel. The four methods discussed include
- reloading a new security database for the Security Server,
- expanding the state and security database of the Security Server to include more than one mode of operation,
- implementing another Security Server and handing off control for security computations, and
- implementing multiple, concurrent Security Servers each controlling a subset of processes.
Each of these methods comes with a set of trade-offs: policy flexibility, functional flexibility, security, reliability, and performance. This paper evaluates each of the implementations with respect to each of these criteria. Although the methods described in this paper were implemented for the Distributed Trusted Operating System (DTOS) prototype, this paper describes general research, and the conclusions drawn from this work need not be limited to that development platform.