Symantec's Host Security Metasystem

The past week, Symantec has published the first excerpt of a draft describing an abstract security metasystem, complemented by laws of host security. Symantec's initiative did not target Microsoft explicitly, but the controversy created by PatchGuard, the Kernel Patch Protection in 64-bit Vista was at the basis of the host security metasystem.

And while in the previous entry, the Cupertino based security outfit presented the sensor and effector instrumentation laws for what it calls an "appropriate kernel security instrumentation," this article will deal with the security and policy component laws.

"Symantec posted a draft proposal on an abstract host security metasystem and the laws of host security in order to gain discussion and suggested improvements from interested parties in the security industry. Symantec posted this draft to openly solicit constructive comments and helpful suggestions for draft refinements. The intent is to reach industry consensus on an architectural framework to guide designers of future host security subsystems and supporting instrumentation," revealed Al Hartmann, Symantec Security Response Researcher.

Symantec's initiative moves toward building an abstract architecture and guiding principles of introducing competitive host security services into the operating system. Symantect emphasized the fact that, in doing so, no specific features or implementations will be referenced. In the end, the policy, security and instrumentation components of the Host Security Metasystem will serve to establish an open security market in opposition to a universal security monoculture.

3. Security component laws

3.1 The security component shall implement security policy
3.1.1 Valid security policy shall be enforced by the security component
3.1.2 The security component shall enforce only valid security policy
3.2 The security component shall be unobtrusive and performant
3.3 The security component shall be "unspoofable"
3.3.1 Security sensor instrumentation shall deliver readings to the security component and only to the security component
3.3.2 Security effector instrumentation shall accept control actions from the security component and only from the security component
3.4 Security component actions shall be traceable to security policy
3.Security component operation shall be securely loggable and auditable

4. Policy component laws

4.1 The security policy shall be governed by the system owner
4.2 The security policy shall be comprehensive and dynamic
4.3 The security policy shall be "unspoofable"
4.3.1 All policy rules shall be authentic
4.3.2 Rule access by the security component shall not be impeded