Dynamic authorization and intrusion response in distributed systems

This paper presents an authorization framework for supporting fine-grained access control policies enhanced with light-weight intrusion/misuse detectors and response capabilities. The framework intercepts and analyzes access requests and dynamically adjusts security policies to prevent attackers from exploiting application level vulnerabilities. We present a practical, flexible implementation of the framework based on the Generic Authorization and Access Control API (GAA-API) that provides dynamic authorization and intrusion response capabilities for many applications. To evaluate our approach, we integrated the API with several applications, including the Apache Web server, sshd and FreeS/WAN IPsec for Linux. This paper demonstrates the integration of the GAA-API into ssh daemon. By integrating the GAA-API into the sshd, the ssh server can support fine-grained authorization policies, dynamic policy update, and application level intrusion detection and response. The server can also enforce policies with additional functionality, e.g., time- and location-based controls. Our experiments showed that the required integration effort was moderate, and that the performance impact on the ssh server was reasonable.