Algorithmic aspects of risk management
Formal modeling
Analytical models for risk-based intrusion response
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
Vulnerabilities continue to be discovered with high frequency. Threats that exploit them can be recognized by intrusion detectors. Manual response, however, is becoming decreasingly tenable. We introduce a model for automatic real-time mitigation of the risk posed to a host. The model is derived from an extant risk analysis framework used by the information assurance community, applying it to the operating system paradigm. We describe runtime support for implementing the scheme. SADDLE provides an auditing architecture that allows high fidelity auditing for intrusion detection with limited computational load and storage requirements. ARM modifies the reference monitor to dynamically constrain permissions to control the probability of exposing threatened resources. RICE allows guarantees to be made about the confidentiality, integrity and availability of data after a penetration occurs. NOSCAM provides a service for pro-active gathering of forensic evidence for postmortem analysis of an attack. These systems are combined through a prototype response engine, RheoStat, whose utility is demonstrated using a set of synthetic attacks.