Intrusion detection for distributed applications
Communications of the ACM
ACM Transactions on Information and System Security (TISSEC)
Time, clocks, and the ordering of events in a distributed system
Communications of the ACM
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
NetSTAT: A Network-Based Intrusion Detection Approach
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Efficient Decentralized Monitoring of Safety in Distributed Systems
Proceedings of the 26th International Conference on Software Engineering
Cooperating security managers: a peer-based intrusion detection system
IEEE Network: The Magazine of Global Internetworking
Synthesis of correct and distributed adaptors for component-based systems: an automatic approach
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
DESERT: a decentralized monitoring tool generator
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Distributed Intrusion Detection Systems for Enhancing Security in Mobile Wireless Sensor Networks
International Journal of Distributed Sensor Networks - Advances on Heterogeneous Wireless Sensor Networks
A distributed monitoring system for enhancing security and dependability at architectural level
Architecting dependable systems IV
| Hi-index | 0.00 |
This paper illustrates an approach to add security policies to a component-based system. We consider black-box-components-based applications, where each component can run concurrently in a different domain. The problem we want to face is to detect at run time that a component might start interacting with the other components in an anomalous way trying to subvert the application. This problem cannot be identified statically because we must take into account the fact that a component can be modified for malicious purposes at run time once deployed. We propose a specification-based approach to detect intrusions at architectural level. The approach is decentralized, that is given a global policy for the whole system, i.e. a set of admissible behaviors, we automatically generate a monitoring filter for each component that looks at local information of interest. Filters then suitably communicate in order to carry on cooperatively the validation of the global policy. With respect to centralized monitors, this approach increases performance, security and reliability and allows the supervision of complex applications where no centralized point of information flow exists or can be introduced.