A Model-Independent Security Architecture for Distributed Heterogeneous Systems
1st Edition
Published in December 2003
Book
Paperback/Softback
460 pages
978-3-8325-0416-8 (ISBN)
Description
This dissertation shows that information assurance properties can be both
specified within a formal model of systems to which the properties are
applied using the same formal theory for modeling, specification, and
reasoning and enforced in such a way that enforcement is performed
consistently across multiple, heterogeneous nodes and organizational
domains while retaining the semantics of the formal model.
The properties, referred to as security policies, can be specifically
enforced at the operating system level and are constructed in such a way
that automated reasoning mechanisms derive lower abstraction layer
properties from higher semantic levels specified by administrative
personnel based on the formal abstract model and interpretations thereof.
Moreover, operations to be performed are permitted based on proofs
obtained within the formal model while required operations are also
derived within the model.
To permit the consistent enforcement of an arbitrarily large set of
security policies and scalability across large organizations and
networks, externally controlled reference monitors and external reference
monitors are introduced which control layered enforcement mechanisms that
can be implemented both in systems constructed ab initio and as an add-on
to existing, particularly commercially available operating systems even
if no source code is available for modification to ease the transition to
secure systems while permitting mission fulfillment based on legacy
systems. These aspects are demonstrated using the Microsoft Windows 2000
operating system as an example.
Enforcement mechanisms are described using the reference interpretation
including modification and augmentation of file system and network
protocol stack behavior along with the implicit benefits derived from the
use of these enforcement mechanisms. Specifically, the implementation of
dynamic distributed network firewalling and intrusion detection as well
as multilevel security capabilities under the control of consistent
policies are discussed. For this purpose the suitability of the framework
for modeling multisensor data fusion as applied to intrusion detection is
discussed.
To demonstrate the capabilities of the layered enforcement system for
application- -specific domains, the use of visible and invisible labeling
mechanisms for hard copy output is furthermore discussed.
specified within a formal model of systems to which the properties are
applied using the same formal theory for modeling, specification, and
reasoning and enforced in such a way that enforcement is performed
consistently across multiple, heterogeneous nodes and organizational
domains while retaining the semantics of the formal model.
The properties, referred to as security policies, can be specifically
enforced at the operating system level and are constructed in such a way
that automated reasoning mechanisms derive lower abstraction layer
properties from higher semantic levels specified by administrative
personnel based on the formal abstract model and interpretations thereof.
Moreover, operations to be performed are permitted based on proofs
obtained within the formal model while required operations are also
derived within the model.
To permit the consistent enforcement of an arbitrarily large set of
security policies and scalability across large organizations and
networks, externally controlled reference monitors and external reference
monitors are introduced which control layered enforcement mechanisms that
can be implemented both in systems constructed ab initio and as an add-on
to existing, particularly commercially available operating systems even
if no source code is available for modification to ease the transition to
secure systems while permitting mission fulfillment based on legacy
systems. These aspects are demonstrated using the Microsoft Windows 2000
operating system as an example.
Enforcement mechanisms are described using the reference interpretation
including modification and augmentation of file system and network
protocol stack behavior along with the implicit benefits derived from the
use of these enforcement mechanisms. Specifically, the implementation of
dynamic distributed network firewalling and intrusion detection as well
as multilevel security capabilities under the control of consistent
policies are discussed. For this purpose the suitability of the framework
for modeling multisensor data fusion as applied to intrusion detection is
discussed.
To demonstrate the capabilities of the layered enforcement system for
application- -specific domains, the use of visible and invisible labeling
mechanisms for hard copy output is furthermore discussed.