CT-ISG: Integrated Enterprise Security Management

CT-ISG：集成企业安全管理

• 批准号: 0714647
• 负责人: Angelos Keromytis
• 金额: $ 28.65万
• 依托单位: Columbia University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2007
• 资助国家: 美国
• 起止时间: 2007-08-01 至 2010-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0714647&HistoricalAwards=false
• 关键词: CT; ISG; Integrated; Enterprise; Security

The complexity of modern large-scale systems has caused a transitionfrom a purely perimeter-based defensive model to one where securitymechanisms pervade the infrastructure. However, there has not been acorresponding evolution in the model under which security policyoperates in such environments: policies must still make independentdecisions using only partial information: just what is known by thatcomponent at the time the decision is made. Thus, security policy mustoperate under certain assumptions that often cannot be validated. Suchunchecked assumptions offer a way for attackers to bypass security byexploiting unforeseen loopholes. Consequently, administrators oftenuse additional security mechanisms, such as intrusion-detectionsystems, that are poorly integrated with each other and with theexplicit system access-control policy.This project is exploring the use of coordinated security policymechanisms in heterogeneous, large-scale distributed environments. Theassumptions on which security policy decisions are based are alwayschecked against current facts. Changes of these facts are signaled byevents propagated to other security-critical elements. Securitymechanisms become dynamic, allowing for coordinated and continuouspolicy re-evaluation throughout the duration of an entity'sinteractions with the various components of the system. This modelnaturally integrates access control, intrusion detection and otherdefensive mechanisms, allowing for the unification of protection andreaction under the auspices of a common security policy. The result isa more reliable and robust computing infrastructure that is resilientto new threats and attacks, and bridge the gap between thecapabilities offered by advanced defense mechanisms and the inabilityof security policy to take advantage of them in a coherent,coordinated manner.

现代大规模系统的复杂性导致了从纯粹基于边界的防御模型到安全机制遍布基础设施的模型的转变。然而，在这种环境下，安全策略的运行模式并没有相应的演变：策略仍然必须仅使用部分信息来做出独立的决策：仅使用决策时该组件所知道的信息。因此，安全策略必须在某些通常无法验证的假设下运行。这些未经检验的假设为攻击者提供了一种通过利用不可预见的漏洞绕过安全性的方法。因此，管理员经常使用额外的安全机制，如入侵检测系统，这些机制彼此之间以及与显式系统访问控制策略的集成很差。本项目正在探索在异构的大规模分布式环境中使用协调的安全策略机制。安全政策决策所基于的假设总是根据当前的事实进行检查。这些事实的变化通过传播到其他安全关键元素的事件来通知。安全机制变得动态，允许在实体与系统的各个组件交互的整个期间进行协调和持续的政策重新评估。该模型自然地集成了访问控制、入侵检测和其他防御机制，允许在共同的安全策略的主持下统一保护和反应。其结果伊萨更可靠、更强大的计算基础设施，能够抵御新的威胁和攻击，并弥合高级防御机制提供的能力与安全策略无法以一致、协调的方式利用它们之间的差距。