A Configurable Security Architecture Prototype

  • Alexandre Hardy
  • Martin S Olivier
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 73)


Traditional security systems are integrated closely with the applications that they protect or they are a separate component that provides system protection. As a separate component, the security system may be configurable and support various security models. The component does not directly support the application. Instead, operating system objects (such as files) are protected. Security systems that are integrated with the applications that they protect avoid this shortcoming, but are usually not configurable. They also cannot provide the same level of protection that a system provided security component can enforce, as the application does not have access to the hardware that supports these features. The Configurable Security Architecture (ConSA [1]) defines an architecture that provides the flexibility of a system security component while still supporting application security. Such an architecture provides obvious benefits. Security policies can be constructed from off-the-shelf components, supporting a diverse array of security needs. Before this or a similar architecture can be accepted by the industry, the concept must be proven to work theoretically and practically. Olivier [1] has developed the theoretical model and illustrates its usefulness. This paper describes an implementation of ConSA and in so doing, proves that ConSA can be implemented in practice.


Access Control Security Security Model Prototype 


  1. [1]
    M. S. Olivier, Towards a Configurable Security Architecture, Data & Knowledge Engineering, To appearGoogle Scholar
  2. [2]
    A. Hardy, An Implementation and Analysis of the Configurable Security Architecture, Masters dissertation, Rand Afrikaans University, 1999Google Scholar
  3. [3]
    S. H. von Solms and J. H, P. Eloff, Information Security, Rand Afrikaans University, 1998Google Scholar
  4. [4]
    D. E. Bell and L. J. LaPadula, “Secure computer system: unified exposition and Multics interpretation” Rep. ESD-TR-75-306, March 1976, MITRE CorporationGoogle Scholar
  5. [5]
    D. E. Bell and L. J. LaPadula, “Secure Computer Systems: Mathematical Foundations” Secure Computer Systems: Mathematical Foundations (Mitre technical Report 2547, Volume I), March 1973, MITRE CorporationGoogle Scholar
  6. [6]
    D. E. Bell and L. J. LaPadula, “Secure Computer Systems: A Mathematical Model” Secure Computer Systems: Mathematical Foundations (Mitre technical Report 2547, Volume II), May 1973, MITRE CorporationGoogle Scholar
  7. [7]
    L. Gong and X. Qian, “Enriching the Expressive power of Security Labels” IEEE Transactions on Knowledge and Data Engineering, 7(5), October 1995Google Scholar
  8. [8]
    S. N. Foley, L. Gong and X. Qian, “A Security Model of Dynamic Labeling Providing a Tiered Approach to Verification” Technical Report SRI-CSL-95-15, SRI International, 1995Google Scholar
  9. [9]
    The Single UNIXR Specification, Version 2, The Open Group, 1997, www.opengroup.orgGoogle Scholar
  10. [10]
    Andrew G. Morgan, The Linux-PAM System Administrators’ Guide, (Distributed with the PAM software package), 1998Google Scholar
  11. [11]
    Chris Hare, Emmett Dunlaney, George Eckel, Steven Lee, Lee Ray, Inside Unix, New Riders Publishing, 1994Google Scholar

Copyright information

© Kluwer Academic Publishers 2002

Authors and Affiliations

  • Alexandre Hardy
    • 1
  • Martin S Olivier
    • 1
  1. 1.Department of Computer ScienceRand Afrikaans UniversityAuckland Park, JohannesburgSouth Africa

Personalised recommendations