Self-protection for distributed component-based applications

Authors:
Benoit Claudel;Noël De Palma;Renaud Lachaize;Daniel Hagimont
Affiliations:
Institut National Polytechnique de Grenoble, France;Institut National Polytechnique de Grenoble, France;Université Joseph Fourier, Grenoble, France;Institut National Polytechnique de Toulouse, France
Venue:
SSS'06 Proceedings of the 8th international conference on Stabilization, safety, and security of distributed systems
Year:
2006

Citing 5
Cited 3

Towards a taxonomy of intrusion-detection systems

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
An introduction to intrusion detection

Crossroads - Special issue on computer security
The dawning of the autonomic computing era

IBM Systems Journal
Vigilante: end-to-end containment of internet worms

Proceedings of the twentieth ACM symposium on Operating systems principles
The taser intrusion recovery system

Proceedings of the twentieth ACM symposium on Operating systems principles

Applying component-based design to self-protection of ubiquitous systems

Proceedings of the 3rd ACM workshop on Software engineering for pervasive services
A DSL for specifying autonomic security management strategies

DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
A component-based middleware platform for reconfigurable service-oriented architectures

Software—Practice & Experience

Quantified Score

Hi-index	0.00

Visualization

Abstract

The complexity of today's distributed computing environments is such that the presence of bugs and security holes is statistically unavoidable. A very promising approach to this issue is to implement a self-protected system, similarly to a natural immune system which has the ability to detect the intrusion of foreign elements and react while it is still in progress. This paper describes an approach relying on component-based software engineering to ease the protection of distributed systems. The knowledge of the application architecture is used to detect foreign activities and to trigger counter measures. We focus on a mean to recognize known and unknown attacks independently from legacy software and avoiding false positives. Hence, the scope of the detected attacks is, for the moment, limited to the detection of illegal communications. We describe how this approach can be applied to provide self-protection for clustered J2ee applications with a very low overhead.