Integrated access control and intrusion detection for Web servers

Authors:
T. Ryutov;C. Neuman;Kim. Dongho;Zhou. Li
Affiliations:
USC Information Sciences Institute;-;-;-
Venue:
IEEE Transactions on Parallel and Distributed Systems
Year:
2003

Citing 0
Cited 12

Reversible sketches for efficient and accurate change detection over network data streams

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Adaptive trust negotiation and access control

Proceedings of the tenth ACM symposium on Access control models and technologies
Enforcing provisioning and authorization policy in the Antigone system

Journal of Computer Security
Adaptive Trust Negotiation and Access Control for Grids

GRID '05 Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing
HiFIND: A high-speed flow-level intrusion detection approach with DoS resiliency

Computer Networks: The International Journal of Computer and Telecommunications Networking
Initial trust formation in Virtual Organisations

International Journal of Internet Technology and Secured Transactions
Security enhancement of smart phones for enterprises by applying mobile VPN technologies

ICCSA'11 Proceedings of the 2011 international conference on Computational science and its applications - Volume Part III
Intrusion detection system for securing geographical information system web servers

W2GIS'04 Proceedings of the 4th international conference on Web and Wireless Geographical Information Systems
D_DIPS: an intrusion prevention system for database security

ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
An anomaly-based detection in ubiquitous network using the equilibrium state of the catastrophe theory

The Journal of Supercomputing
Semantic security against web application attacks

Information Sciences: an International Journal
Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communications

Information Sciences: an International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

Current intrusion detection systems work in isolation from access control for the application the systems aim to protect. The lack of coordination and interoperation between these components prevents detecting and responding to ongoing attacks in real-time before they cause damage. To address this, we apply dynamic authorization techniques to support fine-grained access control and application level intrusion detection and response capabilities. This paper describes our experience with integration of the Generic Authorization and Access Control API (GAA-API) to provide dynamic intrusion detection and response for the Apache Web server. The GAA-API is a generic interface which may be used to enable such dynamic authorization and intrusion response capabilities for many applications.