A distributed intrusion detection approach for secure software architecture.
Full text is not in this repository.
This paper illustrates an approach to add security policies to a component-based system. We consider black-box-components-based applications, where each component can run concurrently in a different domain. The problem we want to face is to detect at run time that a component might start interacting with the other components in an anomalous way trying to subvert the application. This problem cannot be identified statically because we must take into account the fact that a component can be modified for malicious purposes at run time once deployed. We propose a specification-based approach to detect intrusions at architectural level. The approach is decentralized, that is given a global policy for the whole system, i.e. a set of admissible behaviors, we automatically generate a monitoring filter for each component that looks at local information of interest. Filters then suitably communicate in order to carry on cooperatively the validation of the global policy. With respect to centralized monitors, this approach increases performance, security and reliability and allows the supervision of complex applications where no centralized point of information flow exists or can be introduced.
|Additional Information:||Conference details: Software Architecture: 2nd European Workshop, EWSA 2005. Held in Pisa, Italy, June 13-14, 2005.|
|Research Areas:||A. > School of Science and Technology > Computer Science > Intelligent Environments Research Group
A. > School of Science and Technology > Computer Science > SensoLab group
A. > School of Science and Technology > Computer and Communications Engineering
|Depositing User:||Dr Leonardo Mostarda|
|Date Deposited:||30 Mar 2011 14:06|
|Last Modified:||17 Dec 2015 13:35|
Actions (login required)