Abstract
In this work we present the DESERT tool that allows the automatic generation of distributed monitoring systems for enhancing security and dependability of a component-based application at architectural level. The DESERT language permits to specify both the components interfaces and interaction properties in term of correct components communications. DESERT uses these specifications to generate one filter for each component. Each filter locally detects when its component communications violate the property and can undertake a set of reaction policies. DESERT allows the definition of different reaction policies to enhance system security and dependability. DESERT has been used to monitor applications running on both mobile and wired infrastructures.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Inverardi, P., Mostarda, L., Navarra, A.: Distributed IDSs for enhancing security in mobile wireless sensor networks. In: IEEE PCAC 2006. IEEE International Workshop on Pervasive Computing and Ad Hoc Communications, IEEE Computer Society Press, Los Alamitos (2006)
Inverardi, P., Mostarda, L., Tivoli, M., Autili, M.: Automatic synthesis of distributed adaptors for component-based system. In: ASE 2005. Proceedings of the 21st Automated Software Engineering Conference (2005)
Lindqvist, U., Jonsson, E.: A map of security risks associated with using cots. Computer 31, 60–66 (1998)
Orset, J.M., Alcalde, B., Cavalli, A.: An EFSM-based intrusion detection system for ad hoc networks. In: Peled, D.A., Tsay, Y.-K. (eds.) ATVA 2005. LNCS, vol. 3707, Springer, Heidelberg (2005)
Ko, C., Ruschitza, M., Levitt, K.: Execution monitoring of security-critical programs in distribute system: A specification-based approach. IEEE (1997)
White, G.B., Fisch, E.A., Pooch, U.W.: Cooperating security managers: A peer-based intrusion detectionn system. IEEE Network (1996)
Stillerman, M., Marceau, C., Stillman, M.: Intrusion detection for distributed applications. Communications of the ACM (1999)
Eckmann, S.T., Vigna, G., Kemmer, R.A.: Statl: An attack language for state-based intrusion detection. Journal of Computer Security 10, 71–104 (2002)
de Lemos, R., Gacek, C., Romanovsky, A.: Architectural Mismatch Tolerance. In: Architecting Dependable Systems. LNCS, vol. 2677, pp. 175–196. Springer, Heidelberg (2003)
Avizienis, A., Laprie, J., Randell, B., Landwehr, C.: Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Transaction on Dependableand Secure Computing 1, 11–33 (2004)
Delgado, N., Gates, A.Q., Roach, S.: A Taxonomy and Catalog of Runtime Software-Fault Monitoring Tools. IEEE Transactions on Software Engineering 30, 859–871 (2004)
Inverardi, P., Mostarda, L.: A distributed intrusion detection approach for secure software architecture. In: Morrison, R., Oquendo, F. (eds.) EWSA 2005. LNCS, vol. 3527, pp. 168–184. Springer, Heidelberg (2005)
Mostarda, L.: Distributed detection systems for secure software architectures, Ph.D, Thesis in computer Science, University of L’Aquila (2006)
Porras, P.A., Neumann, G.P.: Event monitoring enabling responses to anomolous live disturbances. Proc. of 20th NIS Security Conference (1997)
Snapp, S.R., Dias, J.B.G.V., Goan, T., Heberlein, L.T., Ho, C., Levitt, K.N., Mukherjee, B., Smaha, S.E., Grance, T., Teal, D.M., Mansur, D.: Dids (distributed intrusion detection system) - motivation architecture and early prototype. In: Proc. 14th National Security Conference vol. 1, pp. 361–370 (1997)
Vigna, G., Kemmerer, R.A.: Netstat: a network-based intrusion detection system. Journal Computer Security 7, 37–71 (1999)
Javitz, H.S., Valdes, A.: The nides statistical component description and justification. Technical report - Columbia University (1994)
Vaccaro, H., Liepins, G.: Detection of anomalous computer session activity. In: Proc. of the 1989 Synopsium on Security and privacy, pp. 280–289 (1989)
Sen, K., Vardhan, A., Agha, G., Rosu, G.: Effecient decentralized monitoring of safety in distributed system. In: ICSE (2004)
Schneider, F.B.: Enforceable security policies. ACM Trans. on Information and System Security 3, 30–50 (2000)
European Commision 6th Framework Program - 2nd Call Galileo Joint Undertaking: Cultural Heritage Space Identification System (CUSPIS), http://www.cuspisproject.info
Crnkovic, I., Larsson, M.: Building reliable component-based Software Systems. Artech House, Boston, London (2002)
Szyperski, C.: Component Software: Beyond Object-Oriented Programming. Addison-Wesley, Reading (2004)
McCann, J.A., Navarra, A., Papadopoulos, A.A.: Connectionless Probabilistic (CoP) routing: an efficient protocol for Mobile Wireless Ad-Hoc Sensor Networks. In: IPCCC (2005)
Perrig, A., Stankovic, J., Wagner, D.: Security in wireless sensor networks. Commun. ACM 47, 53–57 (2004)
Heinzelman, W., Chandrakasan, A., Balakrishnan, H.: Energy-Efficient Communication Protocols for Wireless Microsensor Networks. In: Proc. of the Hawaiian Int. Conf. on Systems Science (2000)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Inverardi, P., Mostarda, L. (2007). A Distributed Monitoring System for Enhancing Security and Dependability at Architectural Level. In: de Lemos, R., Gacek, C., Romanovsky, A. (eds) Architecting Dependable Systems IV. Lecture Notes in Computer Science, vol 4615. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74035-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-74035-3_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74033-9
Online ISBN: 978-3-540-74035-3
eBook Packages: Computer ScienceComputer Science (R0)