A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Protection in operating systems
Communications of the ACM
Mining intrusion detection alarms for actionable knowledge
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Noninterference and Intrusion Detection
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
An Intrusion Alert Correlator Based on Prerequisites of Intrusions
An Intrusion Alert Correlator Based on Prerequisites of Intrusions
| Hi-index | 0.00 |
This paper presents a novel intrusion detection approach and a new infrastructure to enforce the security policy within a distributed system 1. The solution guaranties the consistency of the security policy and prevents any accidental or malicious update (of the local policies). The control is carried out locally (in each host) in accordance with a meta-policy2 that enables a distributed control to update a global security policy while satisfying global security properties. The solution is more robust in terms offaulttolerance and resists to denial of service attacks since the solutions carries out all the control locally. Two levels of intrusion detection are proposed to guaranty the integrity and the consistency of the distributed policy. The first level (meta-level, or administration level) guarantees that each local policy evolves according to the global security properties. This level detects attacks trying inadequate alterations of the local security policies. The second level corresponds to a classical intrusion detection system. But, it can take advantages of the local policy to detect attacks that violate the security objectives. That second level enables to integrate and to adjust various classical IDS. Our approach enforces the security of large scale systems.