A Configurable Security Architecture Prototype

Martin S Olivier & Alexandre Hardy

2001

[Citation information] [Abstract] [Keywords] [BibTeX entry] [Full text]
[Return to publications]

Citation information

A Hardy and MS Olivier, "A Configurable Security Architecture Prototype," in B Thuraisingham, RP van de Riet, KR Dittrich and Z Tari (eds), Data and Applications Security - Developments and Directions, 51-62, Kluwer, 2001

Abstract

Traditional security systems are integrated closely with the applications that they protect or are a separate component that provides system protection. As a separate component, the security system may be configurable and support various security models. The component does not directly support the application. Instead, operating system objects (such as files) are protected. Security systems that are integrated with the applications that they protect avoid this shortcoming, but are usually not configurable. They also cannot provide the same level of protection that a system provided security component can enforce, as the application does not have access to the hardware that supports these features. The Configurable Security Architecture (ConSA [1]) defines an architecture that provides the flexibility of a system security component while still supporting application security. Such an architecture provides obvious benefits. Security policies can be constructed from off-the-shelf components, supporting a diverse array of security needs. Before this or a similar architecture can be accepted by the industry, the concept must be proven to work theoretically and practically. Olivier [1] has developed the theoretical model and illustrates its usefulness. This paper describes an implementation of ConSA and in so doing, proves that ConSA can be implemented in practice.

Keywords

Access Control, Security, Security Model, Prototype

BibTeX entry

@INPROCEEDINGS(protcons,
  AUTHOR={Alexandre Hardy and Martin S Olivier},
  TITLE={A Configurable Security Architecture Prototype},
  EDITOR={Bhavani Thuraisingham and Reind P van de Riet and Klaus R
      Dittrich and Zahir Tari},
  BOOKTITLE={Data and Applications Security --- Developments and
      Directions},
  PAGES={51--62},
  PUBLISHER={Kluwer},
  YEAR={2001} )

Full text

The full text may be downloaded from http://mo.co.za/ask/protcons.pdf (PDF, 164K) (©IFIP).

Note that a username and password are required to download the full text. (Why?) Please e-mail me and I will send you a username and password.

[Publications] [Home]
Page maintained by Martin Olivier
Last update: February 5, 2002