Providing a flexible security override for trusted systems

Abstract

A definition of security, relaxation security, which is expressed in terms of the guarantees that a trusted system may provide, is presented. Relaxation secure systems permit dynamic, incremental relaxation of security constraints by authorized users. The use of guarantees permits security damage sustained during a period of constraint relaxation to be expressed in terms of guarantees violated; the set of violated guarantees may then be used as input for security recovery. A definition of security using a state machine formulation is presented, the implications of relaxation security for security recovery are discussed, and the utility of the approach is demonstrated using an example application.<>