Generated Fri Oct 22 07:12:53 PDT 1999 by

  • [Cohen99-1] F. Cohen, At the Intersection of Security, Networking, and Management, awaiting approval for submission to Computers and Security, 1999. [Executive Summary:

    There are two pressing issues at the intersection of networking, security, and management. One is the issue of what to do, and the other is the issue of how to do it. While we have progressed significantly in the development of techniques and systems to implement technical controls when we know what they should be, we have fallen far short of developing the necessary understandings and technologies to determine what those controls should be. As a result, we have increasingly efficient and cost effective methods for doing things like setting access controls, authenticating keys and control of keys, and granting or denying authority - but little understanding of how those access controls should be set, the risk management value of authenticating control over keys, or what authorities to grant to what individuals and systems. What we cannot do today, and what little work appears to be underway to resolve, is to figure out optimal protection settings.

    It appears that the primary motivation for using the tools available today is cost reduction and increased reliability. In effect, the task of systems and network administration has become so critical to business function and so expensive in terms of personnel time, that economic pressures justify automation. In this economy of scale, a single administrator sets control values that may effect hundreds, thousands, or in extreme cases, hundreds of thousands of systems. From a standpoint of risk management this is inherently dangerous, and none of today's widely used systems really address this multi-user control challenge, but this would not be a difficult challenge to meet and there is a theoretical basis in place for meeting the need.

    We know from experience that no individual is capable of even setting all of the access control bits in a single computer system correctly (in the sense of allowing only the necessary and sufficient accesses). And yet we now have individuals making control decisions for large masses of computer systems from a central control point. Just as every good decision made centrally propagates throughout an organization quickly and efficiently, every poor decision is multiplied in its effect. Mistakes by those tasked with critical control functions have become increasingly expensive and difficult to detect and repair.

    There are significant unanswered questions and little effort appears to be underway to address these questions. Perhaps the most important of these questions relates to sensitivity. In essence, we have to know how close to optimal we have to get before improvement is no longer needed in a particular environment. In order to address this question, it would seem apparent that we need some sort of metrics, something we lack in the information protection arena today.

    While it appears that we have a long way to go before the majority of networks and networked systems are properly controlled, it also appears that the technology to control them has advanced to the point where it is useful, efficient, cost effective, and being widely adopted. In the near future, we will likely see significant advances, increased automation of the decision processes, improvements in validating control decisions against policies, and an ever-increasing control purview. The future is indeed bright for this technology.]

    Drill Down