Security policy consistency and distributed evaluation in heterogeneous environments
Modern computing environments involve a multitude of components working in concert to provide services to users. Computer elements, network elements, operating systems, applications, users, etc. must to be constantly managed and controlled to prevent unintended or illegal accesses that could compromise the system. Such systems rely on a security policy, namely a set of rules that define what actions are allowed and disallowed to be performed in the system, defined by policy makers to control its behavior. To avoid failures (i) information about the state of the system must be readily available to the enforcement elements, for them to make decisions according to the specified security policy, and at the same time (ii) the security policy itself must be maintained in a consistent state across the multitude of system elements. This dissertation addresses the problem of security policy consistency in decentralized heterogeneous systems. We present two novel ways for maintaining consistency in this type of environments. First, by using both static (compile time) and dynamic (run time) techniques, in which security policies are examined against each other and possible inconsistencies are identified. Second, we demonstrate how it is possible for multiple security elements to dynamically share and exchange state information, to consistently enforce security policies that span multiple access control nodes.
Ioannidis, Sotiris, "Security policy consistency and distributed evaluation in heterogeneous environments" (2005). Dissertations available from ProQuest. AAI3179751.