Flexible Security for Real-Time Applications
In many traditional as well as new applications of database and information
systems (e.g., web-based information systems and e-commerce),
information assurance is a critical requirement even in the presence
of degraded capacity. Information assurance is to ensure the safety of
the user and the system by satisfying the requirements of
high reliability, permanent
availability, real-time constraints, security, and fault-tolerance.
Among these, security and real-time performance
are two essential properties that need to be supported.
Information systems maintain sensitive information
to be shared by multiple users/tasks with different security requirements.
Further, access to some of these systems by
intruders is becoming easier, given Internet connectivity and open system
architectures.
For the most part, the notion of security has been considered in
absolute terms, although people began to accept that
absolute (or complete) security is a fallacy.
In some cases, it is critical for a system to have the capability to
provide an acceptable level of security,
based on the notion of flexible security rather than unconditional
absolute security, to satisfy other critical requirements such as
real-time performance.
In that regard, it is important to consider the flexible security services
for time-critical database/information systems applications.
New approaches need to be developed and analyzed for supporting flexible
security policies that address
both requirements of information assurance.
The critical issue is how to make the system acceptably
secure by adapting dynamically to changing situations,
while it remains available and provides time-critical services with
reasonable cost.
With appropriate policies and mechanisms to enforce them in the system,
we can provide increased availability and timeliness in situations
where other systems without such capability may just freeze or stop
operating to ensure the (imaginary) complete security, or just be too
expensive to build.
The objectives of this proposed research are
1) further develop novel ideas regarding new gradual security
scheme that we have devised to support flexible security,
2) develop a set of flexible security policies,
3) analyze flexible security policies using entropy,
4) develop a specification method that uses multiple levels of
detail in describing flexible security policies,
5) develop flexible authentication, encryption, and intrusion
detection paradigm and evaluate their performance, and
6) experiment with flexible security policies to evaluate their
utility in a realistic setting.
The idea is to develop a scientific and quantitative
basis (and mechanisms) for on-line performance-security tradeoffs
as opposed to the ad hoc manner in which such tradeoffs
are made today.
Home Page of Sang H. Son:
Last modified: Fri Oct 13 18:34:05 EDT 2000 [SK]