    			Position Paper for the 
>                  1998 CORBA Security Workshop
> 
>             Security Policy Definition and Management
>                      in Distributed Systems
>              Polar Humenn, Fred Dushin, Ender Ozcan
>                    BlackWatch Technology, Inc.
>                           Syracuse, NY
>
>In this position statement we present an approach for defining security
>policy in a distributed system, and we present the mechanisms that apply
>security policy to security unaware applications in a distributed
>environment.
>
>In a distributed system, policies apply to actions performed between
>entities.  A definition of security policy must be able to describe not
>only the mechanisms or decisions  used, but identify the entities between
>which they apply. A high level language is needed to describe security
>policy that can be enforced.
>
>In a distributed system, enforcing security policy is a complex task. No
>longer are there reference monitor architectures such as single computers
>where everything is controlled and monitored from one entity, such as an
>operating system. Issues of scale come into play when there can be
>potentially thousands of computers linked together in a network performing
>cooperative tasks. Security policy can be managed centrally to be
>comprehensive, yet it should not be enforced centrally. An example of
>central enforcement is a firewall. Central enforcement of this nature
>causes bottlenecks in performance.
>
>The approach BlackWatch takes to handle the problem of security policy
>definition and enforcement starts with modelling. In order to make a set
>of distributed objects "secure" in the comprehensive tasks they perform,
>they must designed in an architecture such that they can be made secure.
>The functional aspects of the application can be designed with such well
>known techniques as separation of duty, type enforcement, and least
>privilege use in mind. Also, separating components into logical domains
>can yield a  simpler description of a security policy.
>
>After system modelling is complete and the design of the system is nearly
>complete, one can start writing security policies between the components
>and the domains in which the components are said to belong. BlackWatch
>created a simple, yet powerful language to describe security policy,
>called CPL, Caribou Policy Language. This language is integrated with the
>Caribou Enterprise Security Policy Enforcement System to enforce security
>policy.
>
>The Caribou Enterprise Security Policy Enforcement System enforces
>security policy by using CORBA interceptor technology to enforce security
>policy for security unaware applications. We plan to present the modeling
>GUI tool, the language, policy development tools, and the enforcement
>system using a small understandable example and demonstration.
>
>
>-------------------------------------------------------------------
>Polar Humenn                  BlackWatch Technology, Inc.
>Chief Science Officer         2-212 Center for Science & Technology
>mailto:polar@blackwatch.com   CASE Center/Syracuse University 
>Phone: 315-443-3171           Syracuse, NY 13244-4100
>Fax:   315-443-4745           http://www.blackwatch.com
>