Managing Security Policy in Distributed Systems
Dr. Tim Moses (Entrust)
ABSTRACT
The security architecture of a modern information system is built from a
broad range of controls that address the integrity and availability of the
system and the accountability of its users. In order to achieve economies
of manufacturing scale, the specific security policy enforced by each
control is commonly configurable. Each type of control has its own
management interface and protocol. So, it is virtually impossible to
achieve a complete and consistent view of the security architecture and the
policies actually in force in an operational system.
One obstacle to achieving a common interface for the management of controls
is the lack of a common language for expressing security policy. This talk
discusses the characteristics required of such a language and examines
candidate languages. It also considers the practicality of translating
statements between different languages.
BIOGRAPHY
Dr. Tim Moses has been actively involved in the field of information
security since 1985. Prior to that time he worked as a design engineer in
the fields of avionics and telecommunications. Since becoming actively
involved in the field, Dr Moses has worked in both a product development and
a consulting capacity, in Europe and in North America. He is currently the
Director of Entrust's Advanced Security Technology group working on research
and standards for emerging IT security architectures.