Towards Secure Virtual Directories: A Risk Analysis Framework

Claycomb, William R.; Shin, Dongwan

doi:10.1109/compsac.2010.10

Cited by 3 publications

(2 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their names are self‐explanatory in terms of the functionality provided by each of them. For more details on the components, please refer to existing literature . Common virtual directory providers include Radiant Logic RadiantOne , Oracle Virtual Directory Service , and Symlabs Virtual Directory Service .…”

Section: Background and Related Workmentioning

confidence: 99%

“…Attacks on directory services and virtual directory services can take several forms and may originate from outside an organization, or inside an organization, by regular users, or even administrators. These attacks range from simply stealing information from a directory, either using existing security loopholes or by gaining administrative access to the host machine and taking data directly from the source, to more complicated attacks involving spoofing, data redirection, data manipulation, and others .…”

Section: Background and Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Enhancing directory virtualization to detect insider activity

Claycomb

Shin

Ahn

2011

Security Comm Networks

Self Cite

View full text Add to dashboard Cite

One of the critical yet lingering issues in computer security is insider threat, and it often takes advantage of some security services based on directory services such as authentication and access control. Detecting these threats is quite challenging because malicious users with the technical ability to leverage these services often have sufficient knowledge and expertise to conceal unauthorized activity. In this article, we present an approach using directory virtualization to monitor various systems across an enterprise for the purpose of detecting malicious insider activity. Specifically, a policy engine that leverages directory virtualization services is proposed to enhance monitoring and detecting capabilities by allowing greater flexibility in analyzing changes for malicious intent. The resulting architecture is a system-based approach, where the relationships and dependencies between data sources and directory services are used to detect an insider threat, rather than simply relying on point solutions. This paper presents such an architecture in detail, including a description of implementation results.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Section: Background and Related Workmentioning

confidence: 99%