NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Survivability Architecture of a Mission Critical System: The DPASA Example
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
On the trail of intrusions into information systems
IEEE Spectrum
Hi-index | 0.00 |
Defending a computer system against malicious attack depends on making many different defense mechanisms work together. In addition to protecting against intrusions, these mechanisms should provide intrusion detection and response. The semantics of input and output for these mechanisms -- what the alert from an intrusion detector means, and the implications of issuing a command in response -- can vary greatly from one mechanism to another. In this paper, we discuss the abstract interface we have developed for integrating various defense mechanisms to defend a distributed application. Our interface is more than an API: it defines not only the syntax of communication with defense mechanisms but also its meaning, thus allowing us to reason systematically about the state of attack and defense. We briefly describe our current work toward automating that reasoning and thus toward applications that defend themselves intelligently and automatically. We also argue that reasoning about attack and defense at an abstract level allows one to model and analyze whether the defense is effective.