2007 Articles
Arachne: Integrated Enterprise Security Management
Security policies are a key component in protecting enterprise networks. There are many defensive options available to these policies, but current mechanically-enforced security policies are limited to traditional admission-based access control. There are defensive capabilities available that include logging, firewalls, honeypots, rollback/recovery, and intrusion detection systems, but policy enforcement is essentially limited to allow/deny semantics. Furthermore, access-control mechanisms operate independently on each service, which often leads to inconsistent or incorrect application of the intended system-wide policy. To begin to solve these problems, we propose a new system for defense-in-depth using global security policies. Under a global security policy, every policy decision is made with near-global knowledge, and re-evaluated as global knowledge changes, given an initial configuration provided by the administrator. Using a variety of actuators, we make the full array of defensive capabilities available to the global policy. We outline our proposal for enterprise-wide security policies, explore the design space, and discuss Arachne, our prototype implementation.
Subjects
Files
- arachne.pdf application/pdf 168 KB Download File
Also Published In
- Title
- IEEE SMC Information Assurance and Security Workshop 2007: IAW '07: 20-22 June 2007, United States Military Academy, West Point, New York
- Publisher
- IEEE
- DOI
- https://doi.org/10.1109/IAW.2007.381935
More About This Work
- Academic Units
- Computer Science
- Published Here
- July 11, 2012