Enabling automated threat response through the use of a dynamic security policy

Debar, Hervé; Thomas, Yohann; Cuppens, Frédéric; Cuppens-Boulahia, Nora

doi:10.1007/s11416-007-0039-z

Cited by 39 publications

(39 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Tarek Bouyahia etl [21], proposed also a context aware intrusion response based on argumentation logic. Herve Debar elt [22], proposed an advanced security policy formalism, to define a contextual security policy that will be applied to the information system.…”

Section: Related Work and Motivationmentioning

confidence: 99%

An adaptive and smart security architecture for Web Service SmartWSSec Architecture

Houssain¹,

Diouri²

2016

Fifth International Conference on Advances in Computing, Control and Networking - ACCN 2016

View full text Add to dashboard Cite

-Vulnerabilities in Web based applications will always be present. Several measures were taken to extenuate the effects of this reality but with limited success. In fact, we are bombarded by new technologies to harden systems and monitor and respond to threats, like firewalls, IDS (intrusion detection system) and IPS (Intrusion Prevention System). However, the flow of attacks and threats is so important to the point that the configuration and reconfiguration of these tools becomes difficult to insure in time. In this paper we introduce "a framework for dynamic security Policy for Web services" called SmartWSSec. The main goal of our architecture is to guarantee better security for web services based on adaptive security models. It aims to identify the appropriate actions that must be taken when a zero day attack occurred resulting on a smart protection for web service in a self-adaptive manner. The proposed architecture uses a knowledge based mechanism to learn and adjust the system when new notknown before attack appears. The proposed architecture also includes an isolation faculty to protect the system when selfadaptation fails, which will notify and involve a system administrator. We have included on this paper also the design, the components, models and concepts of adaptive security architecture, and finally gives insights on a possible implementation by providing a POC applied to different use cases.

show abstract

Section: Related Work and Motivationmentioning

confidence: 99%

An adaptive and smart security architecture for Web Service SmartWSSec Architecture

Houssain¹,

Diouri²

2016

Fifth International Conference on Advances in Computing, Control and Networking - ACCN 2016

View full text Add to dashboard Cite

show abstract

“…Declarative languages are also widely used for specifying and maintaining security policies [3,8,7]. Debar et al [7] describes an architecture for specifying generic security policies in Datalog.…”

Section: Using Declarative Languagesmentioning

confidence: 99%

“…Debar et al [7] describes an architecture for specifying generic security policies in Datalog. Whenever new threats are detected, the policies may react to the threat and enable security rules such as prohibiting TCP/IP traffic for its web servers when syn-flooding attack occurs.…”

Section: Using Declarative Languagesmentioning

confidence: 99%

Robust Consistency Checking for Modern Filesystems

Sun

Fryer

Dai

et al. 2014

Runtime Verification

View full text Add to dashboard Cite

A runtime file system checker protects file-system metadata integrity. It checks the consistency of file system update operations before they are committed to disk, thus preventing corrupted updates from reaching the disk. In this thesis, we describe our experiences with building Brunch, a runtime checker for an emerging Linux file system called Btrfs. Btrfs supports many modern file-system features that pose challenges in designing a robust checker. We find that the runtime consistency checks need to be expressed clearly so that they can be reasoned about and implemented reliably, and thus we propose writing the checks declaratively. This approach reduces the complexity of the checks, ensures their independence, and helps identify the correct abstractions in the checker. It also shows how the checker can be designed to handle arbitrary file system corruption. Our results show that runtime consistency checking is still viable for complex, modern file systems.ii

show abstract

“…Proposals like [18] and [19] deal with the deployment of reactive policies to neutralize security threats. In [19], the threats are modeled as contexts.…”

Section: Policy Based Network Managementmentioning

confidence: 99%

“…Then, standard IDMEF alerts are mapped to the contexts. In [18], not only contexts but new policy instances are derived as a result of an alert. The authors discuss about context lifetime, according to the impact severity and type of an alert.…”

Section: Policy Based Network Managementmentioning

confidence: 99%