A higher level of computer security through active policies

This paper views the Reference Monitor in a new framework that makes it possible to generalize from passive to active monitors. It describes a major trend in the evolution of information systems security. The concepts are a practical reflection of real-world needs, expressed in a theoretical framework. The approach of employing active and passive policies provides a higher level of security than would otherwise be possible. The passive traditional Reference Monitor that interprets security policies and permits or prohibits access requests is supplemented by an active monitor to initiate behavior, such as taking positive actions to maintain integrity, taking recovery actions to restore situations after failures, and regularly monitoring the system. This extension to enforcement of various policies supports distributed systems architectures as the appropriate model for thinking about information technology (IT) security.

[1]  John P. L. Woodward Exploiting the Dual Nature of Sensitivity Labels , 1987, 1987 IEEE Symposium on Security and Privacy.

[2]  M. J. Maullo,et al.  Policy management: an architecture and approach , 1993, Proceedings of 1993 IEEE 1st International Workshop on Systems Management.

[3]  Marshall D. Abrams,et al.  New thinking about information technology security , 1995, Comput. Secur..

[4]  Carl E. Landwehr,et al.  Dependable Computing for Critical Applications 4 , 1995, Dependable Computing and Fault-Tolerant Systems.

[5]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[6]  John Quarterman,et al.  The Internet Connection , 1994 .

[7]  G. B. Finelli,et al.  The Infeasibility of Quantifying the Reliability of Life-Critical Real-Time Software , 1993, IEEE Trans. Software Eng..

[8]  Morris Sloman,et al.  Policies Hierarchies for Distributed Systems Management , 1993, IEEE J. Sel. Areas Commun..

[9]  Daniel F. Sterne,et al.  On the buzzword 'security policy' , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  David Lorge Parnas,et al.  Evaluation of safety-critical software , 1990, CACM.

[11]  John A. McDermid,et al.  Issues in developing software for safety critical systems , 1991 .

[12]  Nancy G. Leveson,et al.  An experimental evaluation of the assumption of independence in multiversion programming , 1986, IEEE Transactions on Software Engineering.

[13]  Jonathan K. Millen,et al.  Denial of Service: A Perspective , 1995 .

[14]  Harold Joseph Highland,et al.  The 17th NCSC abstract: Belief in Correctness , 1995 .