Distributed Control Enabling Consistent MAC Policies and IDS Based on a Meta-Policy Approach

London, Ontario, Canada June 05-June 07

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/POLICY.2006.15

Seventh IEEE International Workshop o ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Mathieu Blanc Articles by J?r?my Briffaut Articles by Jean-Fran?ois Lalande Articles by Christian Toinard

	ASCII Text	x
	Mathieu Blanc, J?r?my Briffaut, Jean-Fran?ois Lalande, Christian Toinard, "Distributed Control Enabling Consistent MAC Policies and IDS Based on a Meta-Policy Approach," Policies for Distributed Systems and Networks, IEEE International Workshop on, pp. 153-156, Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06), 2006.

	BibTex	x
	@article{ 10.1109/POLICY.2006.15, author = {Mathieu Blanc and J?r?my Briffaut and Jean-Fran?ois Lalande and Christian Toinard}, title = {Distributed Control Enabling Consistent MAC Policies and IDS Based on a Meta-Policy Approach}, journal ={Policies for Distributed Systems and Networks, IEEE International Workshop on}, volume = {0}, year = {2006}, isbn = {0-7695-2598-9}, pages = {153-156}, doi = {http://doi.ieeecomputersociety.org/10.1109/POLICY.2006.15}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Policies for Distributed Systems and Networks, IEEE International Workshop on TI - Distributed Control Enabling Consistent MAC Policies and IDS Based on a Meta-Policy Approach SN - 0-7695-2598-9 SP153 EP156 A1 - Mathieu Blanc, A1 - J?r?my Briffaut, A1 - Jean-Fran?ois Lalande, A1 - Christian Toinard, PY - 2006 KW - null VL - 0 JA - Policies for Distributed Systems and Networks, IEEE International Workshop on ER -

Mathieu Blanc, Commissariat ? l?Energie Atomique, France

J?r?my Briffaut, Laboratoire d?Informatique Fondamentale d?Orl?ans, France

Jean-Fran?ois Lalande, Laboratoire d?Informatique Fondamentale d?Orl?an, France

Christian Toinard, Laboratoire d?Informatique Fondamentale d?Orl?ans, France

This paper presents a new framework based on a metapolicy linked to a new intrusion detection approach. It deploys a MAC kernel within a distributed system1 while guaranteeing the consistency of the security policy, preventing any accidental or malicious update of the local policies of each host. Access control decisions are resolved locally in accordance with a meta-policy^2. At the same time, the framework allows the evolution of the distributed policy without any network communication, and also guarantees that it satisfies the global security properties defined in the meta-policy. The combined policy and IDS approach relies on Trusted Operating Systems integrating MAC and RBAC. The proposed architecture controls a wider set of attacks and provides increased fault-tolerance, compared to other existing distributed access control approaches and policy-based IDS techniques. Details are given about languages used for the meta-policy, and implementation of the framework.

Citation:

Mathieu Blanc, J?r?my Briffaut, Jean-Fran?ois Lalande, Christian Toinard, "Distributed Control Enabling Consistent MAC Policies and IDS Based on a Meta-Policy Approach," policy, pp.153-156, Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.