Abstract
Deploying security services is hard. Security services are more readily integrated when they can be added at a single point in a network or at a single layer in the protocol stack. Most of today’s widely deployed security tools are deployed in this manner. Unfortunately this kind of deployment significantly limits the kinds of security policies that can be enforced.
The end-goal of security is to control access to information. Many applications require that access be controlled to pieces of information that are only delineated at the application layer. Enforcement of these policies requires application cognizance of security, and today this means that applications and application protocols must be modified.
This talk advocates extending authorization policy enforcement mechanisms with a means for integrating security services. A simple API for authorization will be described that allows application developers to focus on only the aspect of security that matters to them - whether access should be granted. This allows security service policies (i.e. which security mechanisms are to be used for authentication, payment, audit, etc.) to be enforced through the API without specific knowledge or understanding by the application programmer. As new security services become available, this also allows the new services to be integrated by changing policy, rather than by rewriting the application.
Dr. Neuman will additionally suggest that the policies themselves adapt to perceived network threat conditions, possibly affected by the receipt of audit data at other processes. The use of such policies can assist in detecting and responding to intrusion and misuse and lead to more efficient utilization of all security services.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Neuman, C. (2001). Condition-Driven Integration of Security Services. In: Varadharajan, V., Mu, Y. (eds) Information Security and Privacy. ACISP 2001. Lecture Notes in Computer Science, vol 2119. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-47719-5_15
Download citation
DOI: https://doi.org/10.1007/3-540-47719-5_15
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42300-3
Online ISBN: 978-3-540-47719-8
eBook Packages: Springer Book Archive