Composing Security Policies

The research proposed herein in intended to solve two problems, namely (1) to define a specification framework for access control policies that enables policy composition for both centralized and distributed systems in a precise and systematic manner, and (2) to explore the impact of different security architectures on policy composition. Although most commercial systems support applications that implement their own security policies that are composed with base system policies, the result of such composition is generally unknown and can often lead to security exposures. To date, the precise and systematic characterization of centralized and distributed security policies, which is composed on independently specified policies, remains an elusive goal. Furthermore, a precise analysis of the relative advantages of different system architectures in the policy composition area has not been available to date; e.g., none of the commercially available microkernel-based operating systems implement security policies in a modular manner that would facilitate policy composition. The overall objective of this project is to develop a security policy specification method and tools that would enable the precise definition and composition of different security policies for commercial products using different security architectures.