Finished Projects
Secure Execution Environments
Agility - Current Status
The three phases of the project have been completed. The first phase of this research explored general security agility requirements by examined shortcomings of Domain and Type Enforcement (DTE) UNIX system components caused by security policy changes during a component's lifecycle and developed hand-coded techniques to address their limitations. It also developed an initial DTE-based application-level policy model, the Access Decision Function (ADF), for server software to mediate client requests in the absence of additional policy models, such as DTE. The second phase of the project encapsulated and expanded the phase one techniques in a Security Agility Toolkit that runs on the DTE UNIX system base to construct agile components at a reduced cost using both the DTE and ADF policy models. The ADF policy model was also ported to the Windows NT 4.0 environment and demonstrated with the Apache web server. Since DTE was hosted on the proprietary and aging BSD/OS 2.1 operating system, the initial public release of the toolkit was based on a brute-force port of the DTE toolkit to the FreeBSD 3.x operating system making exclusive use of the ADF policy model. The final phase of this research initially explored the creation of toolkits for both UNIX and Windows operating systems. Although a Windows-based toolkit was not completed due to time constraints, the exploration and initial development performed on the platform indicates that it could certainly be concluded.
In phase three of this research, the toolkit was redesigned to be more generically applicable to today's commonly employed UNIX-based operating system environments. By taking advantage of the dynamic linking features offered by the Executable and Linking Format (ELF) utilized on these platforms (e.g., FreeBSD, Solaris, Linux), the phase-three toolkit does not require system or process source code availability. ELF features allow the toolkit to be unobtrusively integrated into a host's environment and the toolkit's agility subsystem, which provides the infrastructure for security awareness, enforcement, and adaptation, to be grafted onto components at runtime without any modification, recompilation, or relinking of component source code. Although Red Hat Linux is the phase-three toolkits target host, the toolkit can be readily ported to other environments, including FreeBSD and Solaris, that share the common foundations utilized by Linux (e.g., ELF and standard shared system libraries). The toolkit also can be more readily transitioned for use with future Red Hat releases (or future released of other operating system(s) it may be ported to), since it requires no system source code modification.
Additionally, the final phase of this research produced a formal agile policy representation for more intuitive specification and management as well as enhanced runtime representation. The agile policy consists of the ADF policy and dynamic code extension specifications. The toolkit's ADF application-level security policy model was redesigned to provide general access control for all processes rather than being limited to server components. This was particularly important for the application of agile techniques in environments where DTE, the main policy model of our earlier research, was not present. The dynamic code extension specification and relevant portions of the agility subsystem were also redesigned to transparently implement much of the functionality that was offered through the phase-two subsystem's Application Program Interface (API). This includes automatic ADP policy mediation, resource state tracking, and support to invoke pre and post control transition point dynamic code extensions to add additional security processing or adaptive behaviors in a more natural manner.