Some Reflections on Defining Security Policy

Oct 10, 1997

Abstract

The notion of "Computer Policy" is fundamental to the study of computer security models, the analysis of computer vulnerabilities, the development of intrusion detection tools, and the development of misuse detection tools. Security only makes sense, as a mater of fact, in relation of a security policy that specifies what is being protected, how it must be protected, who has access to what is being protected, etc. Policies are, however, difficult to write, normally ambiguous, and difficult to understand. Unfortunately then, much of computer security analysis is also ambiguous and difficult.

Humans can deal well with fuzzy and ambiguous definitions because they apply common sense and intuition to resolve conflicts that arise from the inherent ambiguities of the problem domain. Policies of the type presented in this section may be (and frequently are) appropriate for system administrators but they are not adequate for the development of computer based analysis tools that require to identify actions, for example, that result in a violation of policy. Misuse detection, for example, is one of these areas. The computer must be able to accurately pinpoint the violation of policies and for this needs a precise, unambiguous, deterministic, and objective definition.

In this seminar Ivan Krsul and Tugkan Tuglular will show what are some of the problems with traditional policy models, that these are really inadequate for COTS operating systems (like Unix or NT) and will present a model they are working on that allows them to specify realistic and practical policies by using a system based on value.