• DocumentCode
    3080533
  • Title

    Risk-Aware Framework for Activating and Deactivating Policy-Based Response

  • Author

    Kanoun, Wael ; Cuppens-Boulahia, Nora ; Cuppens, Frédéric ; Dubus, Samuel

  • fYear
    2010
  • fDate
    1-3 Sept. 2010
  • Firstpage
    207
  • Lastpage
    215
  • Abstract
    With the growth of modern systems and infrastructures, automated and intelligent response systems become the holy grail of the security community. An interesting approach proposes to use dynamic access control policies to specify response policies for such systems. These policies should been forced when an ongoing attack, that threatens the monitored system, is detected. However, existing work do not present a clear methodology to specify the Response policies. In particular, the deactivation issue is not yet tackled. In this paper, we first present how to specify response policies. Second, a risk-aware framework is proposed to activate and deactivate response policies. Hence, the success likelihood of the threat, and the cumulative impact of both of the threat and the response, are all considered.
  • Keywords
    authorisation; risk analysis; dynamic access control policy; intelligent response system; risk aware framework; Availability; Context; Monitoring; Organizations; Security; Servers; Taxonomy; Response policy; activation/deactivation; cumulative impact; success likelihood; threat and response contexts;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Network and System Security (NSS), 2010 4th International Conference on
  • Conference_Location
    Melbourne, VIC
  • Print_ISBN
    978-1-4244-8484-3
  • Electronic_ISBN
    978-0-7695-4159-4
  • Type

    conf

  • DOI
    10.1109/NSS.2010.80
  • Filename
    5635515
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3080533