Towards policy-based security architectures (abstract)
Nowadays security managers can choose from many tools to build the protection architecture for their information system: firewalls, PKI and IDS are only some examples. However, as the protected system increases in size, a problem becomes more and more evident: management of a large and complex security architecture is a non-trivial task, that is usually performed largely manually by human beings. Therefore mistakes are possible in the implementation, configuration and day-by-day operation. To avoid - or at least mitigate - these problems we need a formal framework to specify the security requirements for the protected system and to automatically verify that they are respected.
To reach this target, this talk will build on the concept of a "security policy", used to formally specify the required security properties. The policy can then later be used for several purposes, such as:
- to check that a given security architecture satisfies the requirements
- to automatically derive configurations for security elements (routers, firewalls, gateways, applications) and verify that those configurations are not accidentally or intentionally mangled
- to monitor in real time compliance of the system behaviour with the policy.
Current efforts in the policy-based security area will be surveyed and a path towards full implementation of these concepts will be traced.
Back to CMS 2002 schedule.
|