Managing Security Policy in Distributed Systems

Dr. Tim Moses (Entrust)


ABSTRACT

The security architecture of a modern information system is built from a broad range of controls that address the integrity and availability of the system and the accountability of its users. In order to achieve economies of manufacturing scale, the specific security policy enforced by each control is commonly configurable. Each type of control has its own management interface and protocol. So, it is virtually impossible to achieve a complete and consistent view of the security architecture and the policies actually in force in an operational system. One obstacle to achieving a common interface for the management of controls is the lack of a common language for expressing security policy. This talk discusses the characteristics required of such a language and examines candidate languages. It also considers the practicality of translating statements between different languages.

BIOGRAPHY

Dr. Tim Moses has been actively involved in the field of information security since 1985. Prior to that time he worked as a design engineer in the fields of avionics and telecommunications. Since becoming actively involved in the field, Dr Moses has worked in both a product development and a consulting capacity, in Europe and in North America. He is currently the Director of Entrust's Advanced Security Technology group working on research and standards for emerging IT security architectures.