A distributed intrusion detection approach for secure software architecture.
Full text is not in this repository.
Official URL: http://www.springerlink.com/content/megff5hahrkb7v...
This item is available in the Library Catalogue
This paper illustrates an approach to add security policies to a component-based system. We consider black-box-components-based applications, where each component can run concurrently in a different domain. The problem we want to face is to detect at run time that a component might start interacting with the other components in an anomalous way trying to subvert the application. This problem cannot be identified statically because we must take into account the fact that a component can be modified for malicious purposes at run time once deployed. We propose a specification-based approach to detect intrusions at architectural level. The approach is decentralized, that is given a global policy for the whole system, i.e. a set of admissible behaviors, we automatically generate a monitoring filter for each component that looks at local information of interest. Filters then suitably communicate in order to carry on cooperatively the validation of the global policy. With respect to centralized monitors, this approach increases performance, security and reliability and allows the supervision of complex applications where no centralized point of information flow exists or can be introduced.
Conference details: Software Architecture: 2nd European Workshop, EWSA 2005. Held in Pisa, Italy, June 13-14, 2005.
|Research Areas:||Science & Technology > Science & Technology|
|Citations on ISI Web of Science:||3|
|Deposited On:||30 Mar 2011 14:06|
|Last Modified:||09 Oct 2013 11:17|
Repository Staff Only: item control page
Downloads per month over past year