Principles of database and knowledge-base systems, Vol. I
Principles of database and knowledge-base systems, Vol. I
Role-Based Access Control Models
Computer
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
Protection in operating systems
Communications of the ACM
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
Security agility in response to intrusion detection
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Evaluating the Impact of Automated Intrusion Response Mechanisms
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
SNDSS '97 Proceedings of the 1997 Symposium on Network and Distributed System Security
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
SRDS '98 Proceedings of the The 17th IEEE Symposium on Reliable Distributed Systems
Selecting Appropriate Counter-Measures in an Intrusion Detection Framework
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
M2D2: a formal data model for IDS alert correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Specifying Intrusion Detection and Reaction Policies: An Application of Deontic Logic
DEON '08 Proceedings of the 9th international conference on Deontic Logic in Computer Science
Security Functional Components for Building a Secure Network Computing Environment
Information Systems Security
Semantic context aware security policy deployment
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
An ontology-based approach to react to network attacks
International Journal of Information and Computer Security
Multi-agents system service based platform in telecommunication security incident reaction
GIIS'09 Proceedings of the Second international conference on Global Information Infrastructure Symposium
A DSL for specifying autonomic security management strategies
DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
Dynamic deployment of context-aware access control policies for constrained security devices
Journal of Systems and Software
Advanced reaction using risk assessment in intrusion detection systems
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
| Hi-index | 0.00 |
With the apparition of accurate security monitoring tools, the gathered alerts are requiring operators to take action to prevent damage from attackers. Intrusion prevention currently provides isolated response mechanisms that may take a local action upon an attack. While this approach has been taken to enhance the security of particular network access control points, it does not constitute a comprehensive approach to threat response. In this paper, we will examine a new mechanism for adapting the security policy of an information system according to the threat it receives, and hence its behaviour and the services it offers. This mechanism takes into account not only threats, but also legal constraints and other objectives of the organization operating this information system, taking into account multiple security objectives and providing several trade-off options between security objectives, performance objectives, and other operational constraints. The proposed mechanism bridges the gap between preventive security technologies and intrusion detection, and builds upon existing technologies to facilitate formalization on one hand, and deployment on the other hand