Celestial security management system

There has been a vast amount of research and development effort aimed at providing solutions and products that address the security needs in the information age. Each solution tends to address only a particular facet of the security problem and only accessible to limited protocols or applications. Moreover, ad hoc deployment of some solutions (e.g., firewalls and IPsec) can hinder our ability to collaborate across networks. A very important question is how any application can discover policy restrictions brought about by these solutions/mechanisms, and make efficient use of them to satisfy the application's security goals. The Celestial project addresses this question by developing a security management architecture that can (1) automatically discover effective security policies and mechanisms along any network path, (2) dynamically configure security mechanisms across protocol layers and across the network, (3) adaptively re-configure these mechanisms to maintain certain levels of security services when the network is under stress. This paper describes the Celestial system design and implementation, and reports the current status of the project.