Securing Security Policies in Autonomic Computing Systems

Protecting valuable enterprise assets, such as data, computer systems, and networks is becoming increasingly complex especially in autonomic computing systems due to their reduced reliance on human intervention and verification, and increased reliance on the ability of the system to make business or strategic decisions. This naturally makes the system extremely vulnerable to security breaches and malicious attacks. Successfully mitigating security threats in autonomic systems requires a twopronged approach that ensures solid and continuous protection. First, it requires that defense mechanisms be made an integral and inseparable part of the system to be protected. Second, it requires that the defense mechanisms themselves be secure to ensure uninterrupted protection. In addition, these defense mechanisms must be flexible, extensible, and scalable enough to adapt to changing threats and be effective in neutralizing them. This paper presents a framework for addressing the protection of the security policies of autonomic systems. The security policies are partitioned into several layers in a way that significantly increases the difficulty of attacking the system.