Distributed management by delegation
Distributed management by delegation
The base-rate fallacy and its implications for the difficulty of intrusion detection
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Target Naming and Service Apoptosis
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Using Reflection as a Mechanism for Enforcing Security Policies in Mobile Code
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
LOMAC: Low Water-Mark Integrity Protection for COTS Environments
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Anomaly intrusion detection in dynamic execution environments
Proceedings of the 2002 workshop on New security paradigms
Architecture for data collection in database intrusion detection systems
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
Enhancing the accuracy of network-based intrusion detection with host-based context
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
| Hi-index | 0.00 |
In this paper we describe an interface between intrusion detection systems and trusted system components. The approach presented differs from conventional intrusion detection systems which are only loosely coupled to the components which they protect. We argue that a tighter coupling makes an IDS less vulnerable to desynchronization attacks, furnishes it with higher quality information and makes immediate and more fine grained responses feasible. Preliminary results show that this can be achieved through an external, nonspecific, voluntary reference monitor accessible to applications through a simple API. Reasonable performance can be maintained by moving most of the IDS functionality into the context of the trusted application.