Previous section.

Common Security: CDSA and CSSM
Copyright © 1997 The Open Group

Screening Requests Based on Complex Policies

Not all policies can be served by the simple CSSM screening mechanisms described in the previous section. Complex policy definitions represent a challenge to clever systems designers. In response, these designers are building more complex protocols and mechanisms to provide applications with a broader range of security services while still complying with stated policies.

Complex Policies

A policy is deemed complex if policy conformance and evaluation requires any of the following:

Elective service modules and CSSM support for module manager communications can be used to support evaluation of this type of policy statement.

Evaluation of a Sequence of Events

When a policy definition requires checking a sequence of application operations, state must be maintained in or by the module managers of CSSM. Using information sharing, as described in the Common Data Security Architecture (CDSA) Specification, module managers can work together to maintain information on an application's sequence of requests. These same information-sharing mechanisms are used by elective module managers and basic module managers alike. This design approach allows a module manager to screen application requests by accumulating the required state information and evaluating compliance when the request is made, as if all of the required status information were simply available now, rather than having been collected over a period of time.

Services that Establish Pre-Conditions

Using the elective module manager features of CDSA, it is possible to define a new category of security service for mechanisms whose service it is to establish all pre-conditions required to use some other security service. This type of service is called a Service Enabler. Key Recovery is an example of a service enabler.

Some governmental entities are considering requiring the implementation and use of certain key recovery schemes as a pre-condition for granting an export, import, or use permit for certain encryption-based products. Private business entities may also use key-recovery schemes to ensure that their enterprise can recover confidential information important to the enterprise's operation. Key encapsulation and key escrow are two mechanisms that implement this new category of service.

As an elective module manager within CSSM, the Key Recovery Module Manager (KRMM) defines an API for use by applications. Applications must make explicit calls to the key recovery API to establish the pre-conditions required to perform strong encryption within the constraints of the policy. The CSSM Key Recovery APIs are specified in the CSSM Key Recovery API Specification. Users requiring these services should consult that specification.

Applications establish the conditions required for policy compliance by making explicit calls to the service-enabling APIs. To verify that the required state has been achieved (that is, to determine that the appropriate service-enabling functions have been invoked in the proper order), appropriate module managers must share state information about the sequence of operations requested by the application. In the example of key recovery, the KRMM and the Cryptographic module manager must share state information about whether the application has enabled key recovery for a key that will be used to encrypt a communication message.

In summary, the enhanced services provided by CSSM to support system-wide policy compliance include:

Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.
You should also read the legal notice explaining the terms and conditions relating to the CDSA documentation.

Contents Next section Index