The Community for Technology Leaders
Policies for Distributed Systems and Networks, IEEE International Workshop on (2006)
London, Ontario, Canada
June 5, 2006 to June 7, 2006
ISBN: 0-7695-2598-9
pp: 153-156
Mathieu Blanc , Commissariat ? l?Energie Atomique, France
Jean-Fran?ois Lalande , Laboratoire d?Informatique Fondamentale d?Orl?an, France
Christian Toinard , Laboratoire d?Informatique Fondamentale d?Orl?ans, France
J?r?my Briffaut , Laboratoire d?Informatique Fondamentale d?Orl?ans, France
ABSTRACT
This paper presents a new framework based on a metapolicy linked to a new intrusion detection approach. It deploys a MAC kernel within a distributed system1 while guaranteeing the consistency of the security policy, preventing any accidental or malicious update of the local policies of each host. Access control decisions are resolved locally in accordance with a meta-policy^2. At the same time, the framework allows the evolution of the distributed policy without any network communication, and also guarantees that it satisfies the global security properties defined in the meta-policy. The combined policy and IDS approach relies on Trusted Operating Systems integrating MAC and RBAC. The proposed architecture controls a wider set of attacks and provides increased fault-tolerance, compared to other existing distributed access control approaches and policy-based IDS techniques. Details are given about languages used for the meta-policy, and implementation of the framework.
INDEX TERMS
null
CITATION
Mathieu Blanc, Jean-Fran?ois Lalande, Christian Toinard, J?r?my Briffaut, "Distributed Control Enabling Consistent MAC Policies and IDS Based on a Meta-Policy Approach", Policies for Distributed Systems and Networks, IEEE International Workshop on, vol. 00, no. , pp. 153-156, 2006, doi:10.1109/POLICY.2006.15
83 ms
(Ver )