IPSEC-Based Dynamic Security Services for the MYSEA Environment
Abstract
It is recognized that security services in information-processing systems require access to finite resources in the execution of their duties. In response to the changing threats faced by a system and/or the availability of system resources, it is desired that the system be able to adjust its operational security policies automatically while continuing to function under an acceptable global security policy. This work involves the analysis and integration of a dynamic security service (DSS)-enabled IPsec implementation into a form ready for installation into the MYSEA environment. The feasibility of dynamic security services is demonstrated with support for secrecy and/or integrity protection of MLS server-to-end-user communication via a Trusted Path Extension. This is accomplished through the modulation of the IPsec security associations to adapt to operational needs. The result of this research is beneficial to Homeland Security, the Department of Defense, and the intelligence community by enabling remote distributed computing clients to operate in a secure manner that remains flexible to adapt to changing requirements of protection on the network and the availability of resources on terminating hosts. Furthermore, these methods can aid the realization of high-assurance edge-client connectivity in the creation and extension of the Global Information Grid (GIG).
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2005
- Accession Number
- ADA435523
Entities
People
- John F. Horn
Organizations
- Naval Postgraduate School