Using contextual security policies for threat response

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4064 LNCS, Issue , 2006, Pages 109-128

  Debar, Hervé ^a   Thomas, Yohann ^a   Boulahia Cuppens, Nora ^b   Cuppens, Frédéric ^b  

^a ORANGE LABS   (France)

^b ECOLE DES MINES DE NANTES   (France)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER CRIME; COMPUTER NETWORKS; CONSTRAINT THEORY; INFORMATION RETRIEVAL;

COMPREHENSIVE APPROACH; CONTEXTUAL SECURITY POLICIES; RESPONSE MECHANISMS; THREAT RESPONSE;

SECURITY OF DATA;

EID: 33746455182     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11790754_7     Document Type: Conference Paper

References (21)

1. Brackney, R.: Cyber-intrusion response. In: Proceedings of the 17th IEEE Symposium on Reliable Distributed Systems, West Lafayette, IN (1998) 413
2. Toth, T., Kruegel, C.: Evaluating the impact of automated intrusion response mechanisms. In: Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC), Las Vegas, NV, IEEE Computer Society Press (2002)
3. Petkac, M., Badger, L.: Security agility in response to intrusion detection. In: 16th Annual Computer Security Applications Conference (ACSAC'00), New Orleans, LO (2000) 11
4. rfc3360: Inappropriate tcp resets considered harmful. RFC 3360 (2002) http://www.ietf.org/rfc/rfc3360.txt.
5. Cuppens, F., Gombault, S., Sans, T.: Selecting Appropriate Counter-Measures in an Intrusion Detection Framework. In: 17th IEEE Computer Security Foundations Workshop (CSFW), Pacific Grove, CA (2004)
6. Mounji, A., Charlier, B.L.: Continuous assessment of a unix configuration integrating intrusion detection and configuration analysis (1997)
7. Ragsdale, D., Carver, C., Humphries, J., Pooch, U.: Adaptation techniques for intrusion detection and intrusion response system. In: Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics, Nashville, TN, IEEE Computer Society Press (2000) 2344-2349
8. Carver, C., Hill, J., Pooch, U.: Limiting uncertainty in intrusion response. In: Proceedings of the 2001 IEEE workshop on Information Assurance and Security, United States Military Academy, West Point, NY (2001)
9. Harrison, M.A., Ruzzo, W.L, Ullman, J.D.; Protection in Operating Systems. Communication of the ACM 19(8) (1976) 461-471
10. Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2) (1996) 38-47
11. Kudo, M., Hada, S.: XML document security based on provisional authorization. In: CCS '00: Proceedings of the 7th ACM conference on Computer and communications security, ACM Press (2000) 87-96
12. Miège, A.: Definition of a formal framework for specifying security policies. The Or-BAC model and extensions. PhD thesis, ENST (2005)
13. Cuppens, F., Cuppens-Boulahia, N., Miège, A.: Inheritance hierarchies in the Or-BAC Model and application in a network environment. In: Second Foundations of Computer Security Workshop (FCS'04), Turku, Finland (2004)
14. Ullman, J.D.: Principles of Database and Knowledge Base Systems. Computer Science Press (1989)
15. Cuppens, F., Cuppens-Boulahia, N., Sans, T., Miège, A.: A Formal Approach to Specify and Deploy a Network Security Policy. In: Formal Aspects of Security and Trust (FAST), Toulouse, France (2004)
16. Debar, H., Curry, D., Feinstein, B.: The intrusion detection message exchange format. Internet Draft (2005) Work in progress, expires July 31st, 2005.
17. Cuppens, F., Miège, A.: Alert Correlation in a Cooperative Intrusion Detection Framework. In: Proceedings of the IEEE Symposium on Security and Privacy. (2002)
18. Dain, O., Cunningham, R.: Fusing a Heterogeneous Alert Stream into Scenarios. In: Proceedings of the 2001 ACM Workshop on Data Mining for Security Applications. (2001) 1-13
19. Morin, B., Mé, L., Debar, H., Ducassé, M.: M2D2: A Formal Data Model for IDS Alert Correlation. In: Proceedings of the Fifth International Symposium on Recent Advances in Intrusion Detection (RAID). (2002)
20. Ning, P., Cui, Y., Reeves, D.S.: Constructing Attack Scenarios Through Correlation of Intrusion Alerts. In: Proceedings of the 9th Conference on Computer and Communication Security. (2002)
21. Cuppens, F., Miège, A.: Administration Model for Or-BAC. In: International Federated Conferences (OTM'03), Workshop on Metadata for Security, Catania, Sicily, Italy (2003)