The Community for Technology Leaders
RSS Icon
Subscribe
London, Ont.
June 5, 2006 to June 7, 2006
ISBN: 0-7695-2598-9
pp: 153-156
Mathieu Blanc , Commissariat ? l?Energie Atomique, France
J?r?my Briffaut , Laboratoire d?Informatique Fondamentale d?Orl?ans, France
Jean-Fran?ois Lalande , Laboratoire d?Informatique Fondamentale d?Orl?an, France
Christian Toinard , Laboratoire d?Informatique Fondamentale d?Orl?ans, France
ABSTRACT
This paper presents a new framework based on a metapolicy linked to a new intrusion detection approach. It deploys a MAC kernel within a distributed system1 while guaranteeing the consistency of the security policy, preventing any accidental or malicious update of the local policies of each host. Access control decisions are resolved locally in accordance with a meta-policy^2. At the same time, the framework allows the evolution of the distributed policy without any network communication, and also guarantees that it satisfies the global security properties defined in the meta-policy. The combined policy and IDS approach relies on Trusted Operating Systems integrating MAC and RBAC. The proposed architecture controls a wider set of attacks and provides increased fault-tolerance, compared to other existing distributed access control approaches and policy-based IDS techniques. Details are given about languages used for the meta-policy, and implementation of the framework.
INDEX TERMS
null
CITATION
Mathieu Blanc, J?r?my Briffaut, Jean-Fran?ois Lalande, Christian Toinard, "Distributed Control Enabling Consistent MAC Policies and IDS Based on a Meta-Policy Approach", POLICY, 2006, Proceedings. Seventh IEEE International Workshop on Policies for Distributed Systems and Networks, Proceedings. Seventh IEEE International Workshop on Policies for Distributed Systems and Networks 2006, pp. 153-156, doi:10.1109/POLICY.2006.15
29 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool