Enforcing provisioning and authorization policy in the Antigone system

Prior works in communication security policy have focused on general-purpose policy languages and evaluation algorithms. However, because the supporting frameworks often defer enforcement, the correctness of a realization of these policies in software is limited by the quality of domain-specific implementations. This paper introduces the Antigone communication security policy enforcement framework. The Antigone framework fills the gap between representations and enforcement by implementing and integrating the diverse security services needed by policy. Policy is enforced by the run-time composition, configuration, and regulation of security services. We present the Antigone architecture, and demonstrate non-trivial applications and policies. A profile of policy enforcement performance is developed, and key architectural enhancements identified. We also consider the advantages and disadvantages of alternative software architectures appropriate for policy enforcement.

[1]  Jim Waldo,et al.  The Jini architecture for network-centric computing , 1999, CACM.

[2]  John McLean,et al.  The specification and modeling of computer security , 1990, Computer.

[3]  Angelos D. Keromytis,et al.  Fileteller: Paying and Getting Paid for File Storage , 2002, Financial Cryptography.

[4]  Li Gong,et al.  Secure software architectures , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[5]  Henning Schulzrinne,et al.  Dynamic Configuration of Conferencing Applications using Pattern-Matching Multicast , 1995, NOSSDAV.

[6]  James M. Purtilo,et al.  The POLYLITH software bus , 1994, TOPL.

[7]  Atul Prakash,et al.  Methods and limitations of security policy reconciliation , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[8]  Peter S. Kruus,et al.  A Survey of Multicast Security Issues and Architectures , 1998 .

[9]  Douglas C. Schmidt,et al.  ADAPTIVE: A dynamically assembled protocol transformation, integration and evaluation environment , 1993, Concurr. Pract. Exp..

[10]  B. Clifford Neuman,et al.  The specification and enforcement of advanced security policies , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[11]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, CRYPTO.

[12]  Pekka Nikander,et al.  A Java Beans Component Architecture for Cryptographic Protocols , 1998, USENIX Security Symposium.

[13]  Angelos D. Keromytis,et al.  Implementing a distributed firewall , 2000, CCS.

[14]  Kirk L. Johnson,et al.  Overcast: reliable multicasting with on overlay network , 2000, OSDI.

[15]  Simon S. Lam,et al.  Authorizations in Distributed Systems: A New Approach , 1993, J. Comput. Secur..

[16]  M. Condell,et al.  Domain based Internet security policy management , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[17]  Matti A. Hiltunen,et al.  A Configurable Membership Service , 1998, IEEE Trans. Computers.

[18]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Specification , 1997, RFC.

[19]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[20]  Steven McCanne,et al.  A reliable multicast framework for light-weight sessions and application level framing , 1995, SIGCOMM '95.

[21]  Alan T. Sherman,et al.  Key Establishment in Large Dynamic Groups Using One-Way Function Trees , 2003, IEEE Trans. Software Eng..

[22]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[23]  Tatu Ylonen,et al.  SSH: secure login connections over the internet , 1996 .

[24]  Jeff Bonwick,et al.  The Slab Allocator: An Object-Caching Kernel Memory Allocator , 1994, USENIX Summer.

[25]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[26]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[27]  Angelos D. Keromytis,et al.  The STRONGMAN architecture , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[28]  Jeff Kramer Configuration programming-a framework for the development of distributable systems , 1990, COMPEURO'90: Proceedings of the 1990 IEEE International Conference on Computer Systems and Software Engineering@m_Systems Engineering Aspects of Complex Computerized Systems.

[29]  Atul Prakash,et al.  *Policy management in secure group communication , 2001 .

[30]  Roger Sessions COM and DCOM - Microsoft's vision for distributed objects , 1997 .

[31]  Atul Prakash,et al.  Flexibly constructing secure groups in Antigone 2.0 , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[32]  Michael K. Reiter,et al.  Secure agreement protocols: reliable and atomic group multicast in rampart , 1994, CCS '94.

[33]  Avishai Wool,et al.  Firmato: a novel firewall management toolkit , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[34]  Yongdae Kim,et al.  Secure group communication in asynchronous networks with failures: integration and experiments , 2000, Proceedings 20th IEEE International Conference on Distributed Computing Systems.

[35]  Larry L. Peterson,et al.  The x-Kernel: An Architecture for Implementing Network Protocols , 1991, IEEE Trans. Software Eng..

[36]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[37]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[38]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[39]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[40]  Atul Prakash,et al.  Antigone: A Flexible Framework for Secure Group Communication , 1999, USENIX Security Symposium.

[41]  Luigi Rizzo,et al.  Effective erasure codes for reliable computer communication protocols , 1997, CCRV.

[42]  Tatyana Ryutov,et al.  Representation and evaluation of security policies for distributed system services , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[43]  Patrick D. McDaniel,et al.  Secure Distributed Virtual Conferencing , 1999, Communications and Multimedia Security.

[44]  Matti A. Hiltunen,et al.  Coyote: a system for constructing fine-grain configurable communication services , 1998, TOCS.

[45]  M. Condell,et al.  Multidimensional security policy management for dynamic coalitions , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[46]  Steve Vinoski,et al.  CORBA: integrating diverse applications within distributed heterogeneous environments , 1997, IEEE Commun. Mag..