You are here

Composing Security Policies

Award Information
Agency: Department of Commerce
Branch: N/A
Contract: N/A
Agency Tracking Number: 37812
Amount: $49,965.00
Phase: Phase I
Program: SBIR
Solicitation Topic Code: N/A
Solicitation Number: N/A
Solicitation Year: N/A
Award Year: 1997
Award Start Date (Proposal Award Date): N/A
Award End Date (Contract End Date): N/A
Small Business Information
6009 Brookside Drive
Chevy Chase, MD 20815
United States
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Serban Gavrila
 () -
Business Contact
Phone: (301) 975-4343
Research Institution

The research proposed herein in intended to solve two problems, namely (1) to define a specification framework for access control policies that enables policy composition for both centralized and distributed systems in a precise and systematic manner, and (2) to explore the impact of different security architectures on policy composition. Although most commercial systems support applications that implement their own security policies that are composed with base system policies, the result of such composition is generally unknown and can often lead to security exposures. To date, the precise and systematic characterization of centralized and distributed security policies, which is composed on independently specified policies, remains an elusive goal. Furthermore, a precise analysis of the relative advantages of different system architectures in the policy composition area has not been available to date; e.g., none of the commercially available microkernel-based operating systems implement security policies in a modular manner that would facilitate policy composition. The overall objective of this project is to develop a security policy specification method and tools that would enable the precise definition and composition of different security policies for commercial products using different security architectures.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government