Policy Specification and Enforcement for Detection of Security Violations in a Mail Service

Abstract

The paper presents a policy-based approach to detect security violations by enforcing security policy at run-time for providing secure email service. As email service usage is increasing day by day, hackers or attackers are also playing a vital role to destruct email service and even to crash the email server. Due to this, it is a challenging task today to the system administrators to provide secure email service. In this paper, security policy is defined at operating system level, mail application level and network infrastructure level. A policy at system level specifies mandatory usage profile, usages of system sensitive resources such as file system objects, processes, system memory and inter process communication objects. Policies for mail application are defined with sensitive files/directories and parameters, which have impact in delivering a service. Policies for network are defined for controlling inbound and outbound traffic, specifying demilitarized zone, denying misuse of public IP and detecting suspicious network activity. The proposed system architecture supports the layered approach in policy enforcement, proactive defensive mechanism against security violations and scope for new policy discovery. The approach is prototyped on Linux-2.4.21-4 and have built rules for squirrel mail version 1.4.5 to detect security violations in a mail service at run-time.