DocumentCode
2025560
Title
Expression and Deployment of Reaction Policies
Author
Cuppens, Frédðric ; Cuppens-Boulahia, Nora ; Bouzida, Yacine ; Kanoun, Wael ; Croissant, Aurélien
Author_Institution
TELECOM Bretagne, France
fYear
2008
fDate
Nov. 30 2008-Dec. 3 2008
Firstpage
118
Lastpage
127
Abstract
Current prevention techniques provide restrictive responses that may take a local reaction in a limited information system infrastructure. In this paper, an in depth and comprehensive approach is introduced for responding to intrusions in an efficient way. This approach considers not only the threat and the architecture of the monitored information system, but also the security policy. The proposed reaction workflow links the lowest level of the information system corresponding to intrusion detection mechanisms,including misuse and anomaly techniques, and access control techniques with the higher level of the security policy. This reaction workflow evaluates the intrusion alerts at three different levels, it then reacts against threats with appropriate counter measures in each level accordingly.
Keywords
authorisation; access control techniques; information system infrastructure; intrusion detection; prevention techniques; reaction policies; security policy; Access control; Costs; Counting circuits; Information security; Information systems; Intrusion detection; Monitoring; Permission; Scalability; Taxonomy; Access Control Policy; Intrusion Detection; OrBAC; Reaction;
fLanguage
English
Publisher
ieee
Conference_Titel
Signal Image Technology and Internet Based Systems, 2008. SITIS '08. IEEE International Conference on
Conference_Location
Bali
Print_ISBN
978-0-7695-3493-0
Type
conf
DOI
10.1109/SITIS.2008.96
Filename
4725795
Link To Document