• DocumentCode
    2025560
  • Title

    Expression and Deployment of Reaction Policies

  • Author

    Cuppens, Frédðric ; Cuppens-Boulahia, Nora ; Bouzida, Yacine ; Kanoun, Wael ; Croissant, Aurélien

  • Author_Institution
    TELECOM Bretagne, France
  • fYear
    2008
  • fDate
    Nov. 30 2008-Dec. 3 2008
  • Firstpage
    118
  • Lastpage
    127
  • Abstract
    Current prevention techniques provide restrictive responses that may take a local reaction in a limited information system infrastructure. In this paper, an in depth and comprehensive approach is introduced for responding to intrusions in an efficient way. This approach considers not only the threat and the architecture of the monitored information system, but also the security policy. The proposed reaction workflow links the lowest level of the information system corresponding to intrusion detection mechanisms,including misuse and anomaly techniques, and access control techniques with the higher level of the security policy. This reaction workflow evaluates the intrusion alerts at three different levels, it then reacts against threats with appropriate counter measures in each level accordingly.
  • Keywords
    authorisation; access control techniques; information system infrastructure; intrusion detection; prevention techniques; reaction policies; security policy; Access control; Costs; Counting circuits; Information security; Information systems; Intrusion detection; Monitoring; Permission; Scalability; Taxonomy; Access Control Policy; Intrusion Detection; OrBAC; Reaction;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Signal Image Technology and Internet Based Systems, 2008. SITIS '08. IEEE International Conference on
  • Conference_Location
    Bali
  • Print_ISBN
    978-0-7695-3493-0
  • Type

    conf

  • DOI
    10.1109/SITIS.2008.96
  • Filename
    4725795