Dynamic parameterization of IPSEC
Loading...
Authors
Agar, Christopher D.
Subjects
Advisors
Irvine, Cynthia E.
Date of Issue
2001-12
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
The Internet has become the medium of choice for communications between most Government and Military organizations. Unfortunately the key Internet protocols were not designed to provide security and their security vulnerabilities have become apparent. IPsec was developed to provide users with a range of security services, for both confidentiality and integrity, enabling them to securely pass information across networks. Automated security mechanisms are typically designed and/or calibrated to meet an organizationαs security policy. However, once the mechanism is in operation the implemented policy is in a static state, and cannot be adjusted according to dynamic environmental conditions. This means that security mechanisms fail to reflect the policy that is appropriate for the changing contexts. Dynamic parameterization enables security mechanisms to adjust the level of security service 'on-the- fly' to respond to changing conditions (i.e. INFOCON, THREATCON). This work includes the extension of the attributes encoded by the KeyNote Trust Management System and modification of the IPsec mechanism to incorporate dynamic parameters into the security service selection mechanism, and the construction of a graphical user interface, for demonstrating 'proofof- concept' of Dynamic Parameterization of OpenBSD 2.8 IPsec.
Type
Thesis
Description
Series/Report No
Department
Computer Science
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
xvi, 316 p. ;
Citation
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.