Distributed control enabling consistent MAC policies and IDS based on a meta-policy approach

This paper presents a new framework based on a meta-policy linked to a new intrusion detection approach. It deploys a MAC kernel within a distributed system while guaranteeing the consistency of the security policy, preventing any accidental or malicious update of the local policies of each host. Access control decisions are resolved locally in accordance with a meta-policy. At the same time, the framework allows the evolution of the distributed policy without any network communication, and also guarantees that it satisfies the global security properties defined in the meta-policy. The combined policy and IDS approach relies on trusted operating systems integrating MAC and RBAC. The proposed architecture controls a wider set of attacks and provides increased fault-tolerance, compared to other existing distributed access control approaches and policy-based IDS techniques. Details are given about languages used for the meta-policy, and implementation of the framework