ACM Transactions on Information and System Security (TISSEC)
Experiences with Specification-Based Intrusion Detection
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Noninterference and Intrusion Detection
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Experimenting with a Policy-Based HIDS Based on an Information Flow Control Model
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
NVisionCC: a visualization framework for high performance cluster security
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Clusters and security: distributed security for distributed systems
CCGRID '05 Proceedings of the Fifth IEEE International Symposium on Cluster Computing and the Grid - Volume 01
Introducing reference flow control for detecting intrusion symptoms at the OS level
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
ACM Computing Surveys (CSUR)
On distributed intrusion detection systems design for high speed networks
ISPACT'10 Proceedings of the 9th WSEAS international conference on Advances in e-activities, information security and privacy
Hi-index | 0.00 |
We present in this paper the investigation of a noninterference-based, policy-based intrusion detection system to detect security policy violations in clusters. The Reference Flow Control model has been proposed as a host-based approach for detecting security policy violations. We extend its design to deal with security policies applicable to cluster or grid applications.To achieve distributed intrusion detection, a host-based Reference Flow Control-based intrusion detection system is deployed on all nodes of a cluster. Messaging between the nodes is instrumented in order to enclose the actual message payloads with a small amount of meta-information used for communication between the local IDSes. Finally, we describe a proof-of-concept implementation on Linux/MPICH.