Abstract
Traditional security systems are integrated closely with the applications that they protect or they are a separate component that provides system protection. As a separate component, the security system may be configurable and support various security models. The component does not directly support the application. Instead, operating system objects (such as files) are protected. Security systems that are integrated with the applications that they protect avoid this shortcoming, but are usually not configurable. They also cannot provide the same level of protection that a system provided security component can enforce, as the application does not have access to the hardware that supports these features. The Configurable Security Architecture (ConSA [1]) defines an architecture that provides the flexibility of a system security component while still supporting application security. Such an architecture provides obvious benefits. Security policies can be constructed from off-the-shelf components, supporting a diverse array of security needs. Before this or a similar architecture can be accepted by the industry, the concept must be proven to work theoretically and practically. Olivier [1] has developed the theoretical model and illustrates its usefulness. This paper describes an implementation of ConSA and in so doing, proves that ConSA can be implemented in practice.
Chapter PDF
References
M. S. Olivier, Towards a Configurable Security Architecture, Data & Knowledge Engineering, To appear
A. Hardy, An Implementation and Analysis of the Configurable Security Architecture, Masters dissertation, Rand Afrikaans University, 1999
S. H. von Solms and J. H, P. Eloff, Information Security, Rand Afrikaans University, 1998
D. E. Bell and L. J. LaPadula, “Secure computer system: unified exposition and Multics interpretation” Rep. ESD-TR-75-306, March 1976, MITRE Corporation
D. E. Bell and L. J. LaPadula, “Secure Computer Systems: Mathematical Foundations” Secure Computer Systems: Mathematical Foundations (Mitre technical Report 2547, Volume I), March 1973, MITRE Corporation
D. E. Bell and L. J. LaPadula, “Secure Computer Systems: A Mathematical Model” Secure Computer Systems: Mathematical Foundations (Mitre technical Report 2547, Volume II), May 1973, MITRE Corporation
L. Gong and X. Qian, “Enriching the Expressive power of Security Labels” IEEE Transactions on Knowledge and Data Engineering, 7(5), October 1995
S. N. Foley, L. Gong and X. Qian, “A Security Model of Dynamic Labeling Providing a Tiered Approach to Verification” Technical Report SRI-CSL-95-15, SRI International, 1995
The Single UNIXR Specification, Version 2, The Open Group, 1997, www.opengroup.org
Andrew G. Morgan, The Linux-PAM System Administrators’ Guide, (Distributed with the PAM software package), 1998
Chris Hare, Emmett Dunlaney, George Eckel, Steven Lee, Lee Ray, Inside Unix, New Riders Publishing, 1994
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Kluwer Academic Publishers
About this chapter
Cite this chapter
Hardy, A., Olivier, M.S. (2002). A Configurable Security Architecture Prototype. In: Thuraisingham, B., van de Riet, R., Dittrich, K.R., Tari, Z. (eds) Data and Application Security. IFIP International Federation for Information Processing, vol 73. Springer, Boston, MA. https://doi.org/10.1007/0-306-47008-X_5
Download citation
DOI: https://doi.org/10.1007/0-306-47008-X_5
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-7923-7514-2
Online ISBN: 978-0-306-47008-0
eBook Packages: Springer Book Archive