It is recognized that security services in information-processing systems require access to finite resources in the execution of their duties. In response to the changing threats faced by a system and/or the availability of system resources, it is desired that the system be able to adjust its operational security policies automatically while continuing to function under an acceptable global security policy. This work involves the analysis and integration of a dynamic security service (DSS)-enabled IPsec implementation into a form ready for installation into the MYSEA environment. The feasibility of dynamic security services is demonstrated with support for secrecy and/or integrity protection of MLS server-to-end-user communication via a Trusted Path Extension. This is accomplished through the modulation of the IPsec security associations to adapt to operational needs. The result of this research is beneficial to Homeland Security, the Department of Defense, and the intelligence community by enabling remote distributed computing clients to operate in a secure manner that remains flexible to adapt to changing requirements of protection on the network and the availability of resources on terminating hosts. Furthermore, these methods can aid the realization of high-assurance edge-client connectivity in the creation and extension of the Global Information Grid (GIG).
| Identifer | oai:union.ndltd.org:nps.edu/oai:calhoun.nps.edu:10945/2134 |
| Date | 06 1900 |
| Creators | Horn, John F. |
| Contributors | Irvine, Cynthia E., Nguyen, Thuy D., Naval Postgraduate School (U.S.)., Computer Science |
| Publisher | Monterey, California. Naval Postgraduate School |
| Source Sets | Naval Postgraduate School |
| Detected Language | English |
| Type | Thesis |
| Format | xvi, 114 p. : ill. (chiefly col.) ;, application/pdf |
| Rights | Approved for public release, distribution unlimited |
Page generated in 0.0616 seconds