An implementation and analysis of the configurable security architecture

M.Sc. / The Configurable Security Architecture (ConSA) describes an architecture that may be used to implement a wide variety of security policies. The architecture supports application and system security, unlike traditional security systems. ConSA allows for various degrees of security and efficiency determined by the implementation of the system. Arbitrary security policies may be implemented and possibly changed even if the system is running. If such an architecture were adopted by the industry, a wide variety of security policies could be assembled with off the shelf components. Such a situation is clearly desirable. This text describes the implementation of a ConSA prototype system. The prototype demonstrates that a configurable security system is possible and that the goals specified above can be met. The prototype is implemented in the Linux operating system due to the large number of UNIX based machines used by corporations. To begin a discussion of a security architecture, classic security models must be revisited. Chapter 2 introduces these models. Chapter 4 describes Linux security features, and how classical security models may be implemented in Linux. As well as an introduction to the environment of the prototype, these chapters will also serve to highlight the abilities of the ConSA model. Various obstacles are encountered in the implementation of a new security architecture. An implementation must strive to support existing applications (with little or no modification to the application) while supporting new features that increase the value of the system. The obstacles that are encountered in the implementation of a ConSA system are investigated and solutions for these obstacles are presented. The ConSA architecture is revised to provide a specification that supports the implementation of the architecture, and specifies the operation of each of the ConSA components sufficiently for an implementation on various platforms. The prototype supports three different implementations of ConSA that demonstrate the ease with which the system can be moved to different architectures, operating environments or security requirements. There have been several extensions to the UNIX security model. Many of these are implemented in the Linux operating system. The ConSA system must improve on these extensions to be a viable security alternative for Linux. Chapter 15 introduces a few of these extensions, many of which provide innovative approaches to security not present in classical models. The implementation of these extensions in the ConSA architecture is provided theoretically to illustrate that ConSA can indeed fulfil the role of these extensions. A prototype must be evaluated to determine if the system is of value. The final chapter investigates the shortcomings of the prototype and together with chapter 4 illustrates the benefits of the ConSA architecture.

Identiferoai:union.ndltd.org:netd.ac.za/oai:union.ndltd.org:uj/uj:9910
Date10 September 2012
CreatorsHardy, Alexandre
Source SetsSouth African National ETD Portal
Detected LanguageEnglish
TypeThesis

Page generated in 0.0019 seconds