Title :
Risk-Aware Framework for Activating and Deactivating Policy-Based Response
Author :
Kanoun, Wael ; Cuppens-Boulahia, Nora ; Cuppens, Frédéric ; Dubus, Samuel
Abstract :
With the growth of modern systems and infrastructures, automated and intelligent response systems become the holy grail of the security community. An interesting approach proposes to use dynamic access control policies to specify response policies for such systems. These policies should been forced when an ongoing attack, that threatens the monitored system, is detected. However, existing work do not present a clear methodology to specify the Response policies. In particular, the deactivation issue is not yet tackled. In this paper, we first present how to specify response policies. Second, a risk-aware framework is proposed to activate and deactivate response policies. Hence, the success likelihood of the threat, and the cumulative impact of both of the threat and the response, are all considered.
Keywords :
authorisation; risk analysis; dynamic access control policy; intelligent response system; risk aware framework; Availability; Context; Monitoring; Organizations; Security; Servers; Taxonomy; Response policy; activation/deactivation; cumulative impact; success likelihood; threat and response contexts;
Conference_Titel :
Network and System Security (NSS), 2010 4th International Conference on
Conference_Location :
Melbourne, VIC
Print_ISBN :
978-1-4244-8484-3
Electronic_ISBN :
978-0-7695-4159-4
DOI :
10.1109/NSS.2010.80
