Autonomic protection system using adaptive security policy

Abstract

There are various techniques to safeguard computer systems and networks against illegal actions. Secure OS based on Role Based Access Control (RBAC) is one of the systems that reflect these techniques. The RBAC system controls access to system resources based on roles. Recently, many systems employ more fine-grained access control on system resources to enhance system security. However, this approach in access control level may cause unexpected problems, since most systems acquire system resources through system call that is hooked on kernel. In this paper, we propose a novel approach to Intrusion Detection System (IDS). The proposed Autonomic Protection System (APS) supports fine-grained intrusion detection. It resides above Secure OS based on RBAC that provides general-grained access control. The system detects intrusions using security policy based on RBAC model. The system performs double checking for intrusions using positive and negative intrusion detection policy. Additionally, as one of active responses, the system supports the self-adaptation of security policy depending on various computing environments. Therefore, the system can detect intrusions more accurately and respond to the attacks actively and appropriately. © Springer-Verlag Berlin Heidelberg 2004.