Distributed control enabling consistent MAC policies and IDS based on a meta-policy approach

Distributed control enabling consistent MAC policies and IDS based on a meta-policy approach. Blanc, M., Briffaut, J., Lalande, J., & Toinard, C. In Seventh IEEE International Workshop on Policies for Distributed Systems and Networks, pages 153–156, University of Western Ontario, London Canada, jun, 2006. IEEE Computer Society.

Paper doi abstract bibtex

This paper presents a new framework based on a meta-policy linked to a new intrusion detection approach. It deploys a MAC kernel within a distributed system while guaranteeing the consistency of the security policy, preventing any accidental or malicious update of the local policies of each host. Access control decisions are resolved locally in accordance with a meta-policy. At the same time, the framework allows the evolution of the distributed policy without any network communication, and also guarantees that it satisfies the global security properties defined in the meta-policy. The combined policy and IDS approach relies on Trusted Operating Systems integrating MAC and RBAC. The proposed architecture controls a wider set of attacks and provides increased fault-tolerance, compared to other existing distributed access control approaches and policy-based IDS techniques. Details are given about languages used for the meta-policy, and implementation of the framework.

@inproceedings{BLANC:2006:HAL-00082278:1,
abstract = {This paper presents a new framework based on a meta-policy linked to a new intrusion detection approach. It deploys a MAC kernel within a distributed system while guaranteeing the consistency of the security policy, preventing any accidental or malicious update of the local policies of each host. Access control decisions are resolved locally in accordance with a meta-policy. At the same time, the framework allows the evolution of the distributed policy without any network communication, and also guarantees that it satisfies the global security properties defined in the meta-policy. The combined policy and IDS approach relies on Trusted Operating Systems integrating MAC and RBAC. The proposed architecture controls a wider set of attacks and provides increased fault-tolerance, compared to other existing distributed access control approaches and policy-based IDS techniques. Details are given about languages used for the meta-policy, and implementation of the framework.},
address = {University of Western Ontario, London Canada},
annote = {Publication supported by ACI SATIN and Commissariat {\`{a}} l'Energie Atomique.},
author = {Blanc, Mathieu and Briffaut, J{\'{e}}r{\'{e}}my and Lalande, Jean-Fran{\c{c}}ois and Toinard, Christian},
booktitle = {Seventh IEEE International Workshop on Policies for Distributed Systems and Networks},
doi = {10.1109/POLICY.2006.15},
howpublished = {POLICY 2006},
isbn = {0-7695-2598-9},
month = {jun},
pages = {153--156},
publisher = {IEEE Computer Society},
shorttitle = {Acceptance rate: 30{\%}},
title = {{Distributed control enabling consistent MAC policies and IDS based on a meta-policy approach}},
url = {http://dx.doi.org/10.1109/POLICY.2006.15},
year = {2006}
}

Downloads: 0

{"_id":{"_str":"51f5986128e84a503b000320"},"__v":32,"authorIDs":["545727632abc8e9f370000fe","5457eff52abc8e9f370008d8","5476c4c8cb4bf04e39001435"],"author_short":["Blanc, M.","Briffaut, J.","Lalande, J.","Toinard, C."],"bibbaseid":"blanc-briffaut-lalande-toinard-distributedcontrolenablingconsistentmacpoliciesandidsbasedonametapolicyapproach-2006","bibdata":{"bibtype":"inproceedings","type":"inproceedings","abstract":"This paper presents a new framework based on a meta-policy linked to a new intrusion detection approach. It deploys a MAC kernel within a distributed system while guaranteeing the consistency of the security policy, preventing any accidental or malicious update of the local policies of each host. Access control decisions are resolved locally in accordance with a meta-policy. At the same time, the framework allows the evolution of the distributed policy without any network communication, and also guarantees that it satisfies the global security properties defined in the meta-policy. The combined policy and IDS approach relies on Trusted Operating Systems integrating MAC and RBAC. The proposed architecture controls a wider set of attacks and provides increased fault-tolerance, compared to other existing distributed access control approaches and policy-based IDS techniques. Details are given about languages used for the meta-policy, and implementation of the framework.","address":"University of Western Ontario, London Canada","annote":"Publication supported by ACI SATIN and Commissariat à l'Energie Atomique.","author":[{"propositions":[],"lastnames":["Blanc"],"firstnames":["Mathieu"],"suffixes":[]},{"propositions":[],"lastnames":["Briffaut"],"firstnames":["Jérémy"],"suffixes":[]},{"propositions":[],"lastnames":["Lalande"],"firstnames":["Jean-François"],"suffixes":[]},{"propositions":[],"lastnames":["Toinard"],"firstnames":["Christian"],"suffixes":[]}],"booktitle":"Seventh IEEE International Workshop on Policies for Distributed Systems and Networks","doi":"10.1109/POLICY.2006.15","howpublished":"POLICY 2006","isbn":"0-7695-2598-9","month":"jun","pages":"153–156","publisher":"IEEE Computer Society","shorttitle":"Acceptance rate: 30%","title":"Distributed control enabling consistent MAC policies and IDS based on a meta-policy approach","url":"http://dx.doi.org/10.1109/POLICY.2006.15","year":"2006","bibtex":"@inproceedings{BLANC:2006:HAL-00082278:1,\nabstract = {This paper presents a new framework based on a meta-policy linked to a new intrusion detection approach. It deploys a MAC kernel within a distributed system while guaranteeing the consistency of the security policy, preventing any accidental or malicious update of the local policies of each host. Access control decisions are resolved locally in accordance with a meta-policy. At the same time, the framework allows the evolution of the distributed policy without any network communication, and also guarantees that it satisfies the global security properties defined in the meta-policy. The combined policy and IDS approach relies on Trusted Operating Systems integrating MAC and RBAC. The proposed architecture controls a wider set of attacks and provides increased fault-tolerance, compared to other existing distributed access control approaches and policy-based IDS techniques. Details are given about languages used for the meta-policy, and implementation of the framework.},\naddress = {University of Western Ontario, London Canada},\nannote = {Publication supported by ACI SATIN and Commissariat {\\`{a}} l'Energie Atomique.},\nauthor = {Blanc, Mathieu and Briffaut, J{\\'{e}}r{\\'{e}}my and Lalande, Jean-Fran{\\c{c}}ois and Toinard, Christian},\nbooktitle = {Seventh IEEE International Workshop on Policies for Distributed Systems and Networks},\ndoi = {10.1109/POLICY.2006.15},\nhowpublished = {POLICY 2006},\nisbn = {0-7695-2598-9},\nmonth = {jun},\npages = {153--156},\npublisher = {IEEE Computer Society},\nshorttitle = {Acceptance rate: 30{\\%}},\ntitle = {{Distributed control enabling consistent MAC policies and IDS based on a meta-policy approach}},\nurl = {http://dx.doi.org/10.1109/POLICY.2006.15},\nyear = {2006}\n}\n","author_short":["Blanc, M.","Briffaut, J.","Lalande, J.","Toinard, C."],"key":"BLANC:2006:HAL-00082278:1","id":"BLANC:2006:HAL-00082278:1","bibbaseid":"blanc-briffaut-lalande-toinard-distributedcontrolenablingconsistentmacpoliciesandidsbasedonametapolicyapproach-2006","role":"author","urls":{"Paper":"http://dx.doi.org/10.1109/POLICY.2006.15"},"downloads":0,"html":""},"bibtype":"inproceedings","biburl":"http://www.univ-orleans.fr/lifo/Members/Jean-Francois.Lalande/jf.bib","downloads":0,"keywords":[],"search_terms":["distributed","control","enabling","consistent","mac","policies","ids","based","meta","policy","approach","blanc","briffaut","lalande","toinard"],"title":"Distributed control enabling consistent MAC policies and IDS based on a meta-policy approach","title_words":["distributed","control","enabling","consistent","mac","policies","ids","based","meta","policy","approach"],"year":2006,"dataSources":["YwymHcwEcgbgGS84Z"]}