Abstract
This paper illustrates an approach to add security policies to a component-based system. We consider black-box-components-based applications, where each component can run concurrently in a different domain. The problem we want to face is to detect at run time that a component might start interacting with the other components in an anomalous way trying to subvert the application. This problem cannot be identified statically because we must take into account the fact that a component can be modified for malicious purposes at run time once deployed. We propose a specification-based approach to detect intrusions at architectural level. The approach is decentralized, that is given a global policy for the whole system, i.e. a set of admissible behaviors, we automatically generate a monitoring filter for each component that looks at local information of interest. Filters then suitably communicate in order to carry on cooperatively the validation of the global policy. With respect to centralized monitors, this approach increases performance, security and reliability and allows the supervision of complex applications where no centralized point of information flow exists or can be introduced.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Eckmann, S.T., Vigna, G., Kemmer, R.A.: Statl: An attack language for state-based intrusion detection. Journal of Computer Security 10, 71–104 (2002)
Javitz, H.S., Valdes, A.: The nides statistical component description and justification. Technical report - Columbia University (1994)
Vaccaro, H., Liepins, G.: Detection of anomalous computer session activity. In: Proc. of the 1989 Synopsium on Security and privacy, pp. 280–289 (1989)
Stillerman, M., Marceau, C., Stillman, M.: Intrusion detection for distributed applications. Communications of the ACM (1999)
Ko, C., Ruschitza, M., Levitt, K.: Execution monitoring of security-critical programs in distribute system: A specification-based approach. IEEE, Los Alamitos (1997)
Aucsmith, D.: Tamper resistant software: An implementation. LNCS. Springer, Heidelberg (1997)
Vigna, G., Kemmer, R.A.: Netstat: A network-based intrusion detection system. In: Proc. of the 14th Annual Computer Security Applications Conf. (1998)
Porras, P.A., Neumann, P.G.: Event monitoring enabling responses to anomolous live disturbances. In: Proc. of 20th NIS Security Conference (1997)
Snapp, S.R., Dias, J.B.G.V., Goan, T., Heberlein, L.T., Ho, C., Levitt, K.N., Mukherjee, B., Smaha, S.E., Grance, T., Teal, D.M., Mansur, D.: Dids (distributed intrusion detection system) - motivation architecture and early prototype. In: Proc. 14th National Security Conference, vol. 1, pp. 361–370 (1996)
White, G.B., Fisch, E.A., Pooch, U.W.: Cooperating security managers: A peer-based intrusion detectionn system. IEEE Network, 20–30 (1996)
Sen, K., Vardhan, A., Agha, G., Rosu, G.: Effecient decentralized monitoring of safety in distributed system. In: ICSE (2004)
Dulay, N., Lupu, E., Sloman, M., Damianou, N.: A policy deployment model for the ponder language. In: IM 2001, Seattle. IEEE Press, Los Alamitos (2001)
Schneider, F.B.: Enforceable security policies. ACM Trans. on Information and System Security 3, 30–50 (2000)
Lamport, L.: Time, clocks, and the ordering of events in a distributed system. Communications of the ACM 21, 558–565 (1978)
Mostarda, L., Inverardi, P.: Distributed detection system for secure software architectures (desert) - a peer-to-peer tool for intrusion detection (2004), http://www.di.univaq.it/mostarda/sito/default.php
Mostarda, L., Inverardi, P.: A distributed intrusion detection approach for secure software architecture - extended version. Technical report (2005), http://www.di.univaq.it/mostarda/sito/default.php
Inverardi, P., Mostarda, L., Tivoli, M., Autili, M.: Automatic synthesis of distributed adaptors for component-based system. Submitted for publication (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Inverardi, P., Mostarda, L. (2005). A Distributed Intrusion Detection Approach for Secure Software Architecture. In: Morrison, R., Oquendo, F. (eds) Software Architecture. EWSA 2005. Lecture Notes in Computer Science, vol 3527. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11494713_12
Download citation
DOI: https://doi.org/10.1007/11494713_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26275-6
Online ISBN: 978-3-540-32268-9
eBook Packages: Computer ScienceComputer Science (R0)