Antigone: Security Policy Management in Group Communication

Patrick McDaniel, University of Michigan

Location: Policy is increasingly used as a means for constructing flexible and secure communication services. However, the application of existing policy frameworks to group communication is difficult. This difficulty is largely due to size, lifetime, and dynamic nature of group sessions. This talk presents Antigone, a communication architecture and policy language in which the diverse and dynamic security requirements of group sessions can be identified and enforced. An Antigone policy defines the requirements of the dependent issues of group access control and security mechanism provisioning. The policy governing each session is the result of the reconciliation policies of all participants. The mechanisms and configuration of the communication service supporting the application is constructed from the reconciled policy. Several non-trivial application policies are identified, and their use and enforcement is discussed.