The evolution of dynamic execution environments increasingly requires security policies that are also dynamic in nature to address such events as process migration, changes in personnel, shifts in alliances, and detected intrusion that cannot be well anticipated or addressed by static policies. However, traditional software components designed without (dynamic) security in mind may fail in various degrees when a policy change takes place, including termination of critical processes. This paper reports on techniques developed by the Security Agility for Dynamic Execution Environments project1 that are encapsulated in a prototype toolkit for integration with software components so they may junction effectively in a dynamic security environment. These techniques include methods for making software components aware of their dynamic security policy environment, helping components adapt to policy changes, and adding security policy enforcement mechanisms to software components to mediate client actions when the underlying system software cannot.
展开▼
