A new approach to enforce the security properties of a clustered high-interaction honeypot

This paper enlarges previous works of the authors related to the security of a high-interaction honeypot. The challenge is to have a Security Property Language (SPL) for defining the required properties for controlling the activities between processes and resources. That language must authorize the definition of security properties related to confidentiality, integrity and availability. Moreover, that SPL must be able to enforce the security of target Operating Systems. It is an open problem not only regarding the security of Operating Systems but also regarding the security of high-interaction honeypots. That paper shows that existing approaches really fail to manage a large range of security properties. The first reason is that a SPL is really missing to express and enforce a large set of security properties. The second reason is that protection and detection approaches fail to manage a large set of security properties. Our paper proposes PIGA-Protect a new approach to control the system calls in order to guarantee the requested security properties.