"Static computer security policies may sometimes be inadequate for two reasons: (1) the high-level objectives of the security policy, and the approach to enforcing that policy, may change over time; and (2) the computer system itself may change its structure or configuration. The goal of this project was to study dynamic security that takes into account these two kinds of changes. The report gives the results of our study of these issues. We address the fundamental conflict between functionality and security that arises when the security policy must change dynamically. We suggest mechanisms for implementing dynamic security policies, and methods for analyzing the consequences (dynamic lattices). We introduce task-based dynamic policies. We present a foundational model of need-to-know. For systems that must adapt and change their configurations dynamically, we identify a way of decomposing an adaptive system that provides a systematic way of analyzing its security and ensuring that security is maintained after and during adaptations. We describe a method for performing security risk analysis of an adaptive system. We sketch a way of providing tool support for the risk analysis."
Defense Technical Information Center (DTIC): http://www.dtic.mil/dtic/