1. Field of the Invention
The present invention relates to distributed systems. More specifically, the present invention relates to a method and an apparatus for securely and dynamically modifying security policy configurations in distributed systems.
2. Related Art
The recent explosion of distributed computing systems and their attendant problems have led to many innovative solutions to ensure commonality, interoperability, and standardization.
In order to both provide authorized access and prevent unwanted access, security administrators establish security policies for distributed computing systems under their control. These security policies include firewall policies, file access policies, application access policies, encryption policies, audit trail policies, activity logging policies, and the like. Collectively, these policies can be referred to as access control policies or security policies.
Access control policies are provided to the computers within the distributed computing system. The computer and the applications running on the computer then control access to the system resources based on the access control policies.
One problem associated with distributed computing systems is providing access control policies under varying conditions. A distributed system may be under attack by an adversary and may need to change security policies quickly to prevent unwanted access. Security specialists in the military have developed an information condition (INFOCON) system similar to the well-known defense condition (DEFCON) system so that an administrator can quickly establish a different security policy in response to a specific threat level. We have broadened INFOCON to “security posture” to indicate a particular stance the system should take to a given threat condition.
Distribution of these different security policies can be difficult, however. The distribution may require considerable data to be transferred to computers within the distributed system at a time when bandwidth among the computers is severely restricted by an attack. Therefore, the cause of a new security posture can prevent the timely distribution of the new security policy in response to the new security posture.
What is needed is a method and an apparatus for distributing security policies in a distributed system that can be effectively used in response to a change in security posture.