Dynamic Negotiation of Security Parameters
Presenter
Alwyn Goodloe, Penn State University
Time
Session IV - 3:45am - 5:00pm
Abstract
The proliferation of security enforcement mechanisms presents an administrator with a number of challenges. A complex configuration process typically overwhelms the administrator. This confusion is often compounded by the gap between the low-level policies that the mechanism enforces and the high-level organizational polices guiding the administrator. The use of either a default configuration or a rich configuration interface can result in a configuration that is brittle - requiring manual intervention to react to change. On the other hand, users are also often bewildered by complex and seemingly contradictory instructions on how to configure their systems. We focus on the example of VPN configuration that exemplifies these issues. It is claimed that dynamic negotiation mechanisms similar to routing protocols can ease the burden of configuration. While automation increases usability by hiding details, it adds complexity to the implementation. This added complexity makes it harder to design protocols with good assurance properties. Hence, we argue that such mechanisms require a more formal treatment than configuration issues are often afforded.
Presentation
Download (PPT, 2.0 MB)