Distributed intrusion detection in clusters based on non-interference

Authors:
Jacob Zimmermann;George Mohay
Affiliations:
Information Security Institute, Queensland University of Technology, Brisbane, QLD, Australia;Information Security Institute, Queensland University of Technology, Brisbane, QLD, Australia
Venue:
ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
Year:
2006

Citing 8
Cited 2

Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
Experiences with Specification-Based Intrusion Detection

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Noninterference and Intrusion Detection

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions

SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Experimenting with a Policy-Based HIDS Based on an Information Flow Control Model

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
NVisionCC: a visualization framework for high performance cluster security

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Clusters and security: distributed security for distributed systems

CCGRID '05 Proceedings of the Fifth IEEE International Symposium on Cluster Computing and the Grid - Volume 01
Introducing reference flow control for detecting intrusion symptoms at the OS level

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection

Anomaly detection: A survey

ACM Computing Surveys (CSUR)
On distributed intrusion detection systems design for high speed networks

ISPACT'10 Proceedings of the 9th WSEAS international conference on Advances in e-activities, information security and privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present in this paper the investigation of a noninterference-based, policy-based intrusion detection system to detect security policy violations in clusters. The Reference Flow Control model has been proposed as a host-based approach for detecting security policy violations. We extend its design to deal with security policies applicable to cluster or grid applications.To achieve distributed intrusion detection, a host-based Reference Flow Control-based intrusion detection system is deployed on all nodes of a cluster. Messaging between the nodes is instrumented in order to enclose the actual message payloads with a small amount of meta-information used for communication between the local IDSes. Finally, we describe a proof-of-concept implementation on Linux/MPICH.