The Community for Technology Leaders
DARPA Information Survivability Conference and Exposition, (2003)
Washington, DC
Apr. 22, 2003 to Apr. 24, 2003
ISSN: 2003102155
ISBN: 0-7695-1897-4
pp: 234
Patrick McDaniel , AT&T Labs - Research
Atul Prakash , University of Michigan
ABSTRACT
Significant progress has been made on the design of security policy representations for complex communication systems. A significant problem however remains - how to design software architectures that enforce ever- changing security policy requirements efficiently. This research summary describes the security policy enforcement architecture of the Antigone 2.0 the group communication system. The architecture is designed to be flexible: new security mechanism modules are added as needed to support emerging policy requirements. Such mechanisms regulate the processing of system and network events as directed by the policy and enforce fine- grained control over sensitive data. A software bus is used coordinate the delivery of these events to mechanisms within each process. We summarize an analysis of the performance of the architecture and show that the overheads are modest for typical environments.
INDEX TERMS
null
CITATION
Patrick McDaniel, Atul Prakash, "A Flexible Architecture for Security Policy Enforcement", DARPA Information Survivability Conference and Exposition,, vol. 02, no. , pp. 234, 2003, doi:10.1109/DISCEX.2003.1194971
92 ms
(Ver 3.3 (11022016))