The Experts below are selected from a list of 10446 Experts worldwide ranked by ideXlab platform
Johnny Wong - One of the best experts on this subject based on the ideXlab platform.
-
towards cost sensitive assessment of Intrusion Response selection
Journal of Computer Security, 2012Co-Authors: Natalia Stakhanova, Samik Basu, Chris Strasburg, Johnny WongAbstract:In recent years, cost-sensitive Intrusion Response has gained significant interest mainly due to its emphasis on the balance between potential damage incurred by the Intrusion and cost of the Response. However, one of the challenges in applying this approach is defining consistent and adaptable measurements of these cost factors on the basis of requirements and policy of the system being protected against Intrusions.In this paper we present a framework for the cost-sensitive selection of Intrusion Response. Specifically, we introduce a set of measurements that characterize potential costs associated with the Intrusion handling process and propose evaluation method of Intrusion Response with respect to the risk of potential Intrusion damage, effectiveness of Response action and Response cost for a system. We provide an implementation of the proposed solution as a plugin tool for Snort IDS and demonstrate its advantages on DARPA data set and real network traffic.
-
A Pragmatic Approach to Intrusion Response Metrics
Threats Countermeasures and Advances in Applied Information Security, 2012Co-Authors: Chris Strasburg, Johnny WongAbstract:The arms race between cyber attackers and defenders has evolved to the point where an effective counter-measure strategy requires the use of an automated, distributed, and coordinated Response. A key difficulty in achieving this goal lies in providing reliable measures by which to select appropriate Responses to a wide variety of potential Intrusions in a diverse population of network environments. In this chapter, the authors provide an analysis of the current state of automated Intrusion Response metrics from a pragmatic perspective. This analysis includes a review of the current state of the art as well as descriptions of the steps required to implement current work in production environments. The authors also discuss the research gaps that must be filled to improve security professionals’ ability to implement an automated Intrusion Response capability.
-
a framework for cost sensitive assessment of Intrusion Response selection
Computer Software and Applications Conference, 2009Co-Authors: Chris Strasburg, Natalia Stakhanova, Samik Basu, Johnny WongAbstract:In recent years, cost-sensitive Intrusion Response has gained significant interest, mainly due to its emphasis on the balance between potential damage incurred by the Intrusion and cost of the Response. However, one of the challenges in applying this approach is defining a consistent and adaptable measurement of these cost factors on the basis of system requirements and policy. In this paper,we present a host-based framework for the cost-sensitive assessment and selection of Intrusion Response. Specifically,we introduce a set of measurements that characterize the potential costs associated with the Intrusion handling process, and propose an Intrusion Response evaluation method with respect to the risk of potential Intrusion damage, the effectiveness of the Response action and the Response cost for a system. We provide an implementation of the proposed solution as an IDS-independent plugin tool and demonstrate its advantages on the several attack examples.
-
Intrusion Response cost assessment methodology
Computer and Communications Security, 2009Co-Authors: Chris Strasburg, Natalia Stakhanova, Samik Basu, Johnny WongAbstract:In this paper we present a structured methodology for evaluating cost of Responses based on three factors: the Response operational cost associated with the daily maintenance of the Response, the Response goodness that measures the applicability of the selected Response for a detected Intrusion and the Response impact on the system that refers to the possible Response effect on the system functionality. The proposed approach provides a consistent basis for Response evaluation across different systems while incorporating security policy and properties of the specific system environment.
-
AsiaCCS - Intrusion Response cost assessment methodology
Proceedings of the 4th International Symposium on Information Computer and Communications Security - ASIACCS '09, 2009Co-Authors: Chris Strasburg, Natalia Stakhanova, Samik Basu, Johnny WongAbstract:In this paper we present a structured methodology for evaluating cost of Responses based on three factors: the Response operational cost associated with the daily maintenance of the Response, the Response goodness that measures the applicability of the selected Response for a detected Intrusion and the Response impact on the system that refers to the possible Response effect on the system functionality. The proposed approach provides a consistent basis for Response evaluation across different systems while incorporating security policy and properties of the specific system environment.
Elisa Bertino - One of the best experts on this subject based on the ideXlab platform.
-
Design and Implementation of an Intrusion Response System for Relational Databases
IEEE Transactions on Knowledge and Data Engineering, 2011Co-Authors: Ashish Kamra, Elisa BertinoAbstract:The Intrusion Response component of an overall Intrusion detection system is responsible for issuing a suitable Response to an anomalous request. We propose the notion of database Response policies to support our Intrusion Response system tailored for a DBMS. Our interactive Response policy language makes it very easy for the database administrators to specify appropriate Response actions for different circumstances depending upon the nature of the anomalous request. The two main issues that we address in context of such Response policies are that of policy matching, and policy administration. For the policy matching problem, we propose two algorithms that efficiently search the policy database for policies that match an anomalous request. We also extend the PostgreSQL DBMS with our policy matching mechanism, and report experimental results. The experimental evaluation shows that our techniques are very efficient. The other issue that we address is that of administration of Response policies to prevent malicious modifications to policy objects from legitimate users. We propose a novel Joint Threshold Administration Model (JTAM) that is based on the principle of separation of duty. The key idea in JTAM is that a policy object is jointly administered by at least k database administrator (DBAs), that is, any modification made to a policy object will be invalid unless it has been authorized by at least k DBAs. We present design details of JTAM which is based on a cryptographic threshold signature scheme, and show how JTAM prevents malicious modifications to policy objects from authorized users. We also implement JTAM in the PostgreSQL DBMS, and report experimental results on the efficiency of our techniques.
-
privilege states based access control for fine grained Intrusion Response
Recent Advances in Intrusion Detection, 2010Co-Authors: Ashish Kamra, Elisa BertinoAbstract:We propose an access control model specifically developed to support fine-grained Response actions, such as request suspension and request tainting, in the context of an anomaly detection system for databases. To achieve such Response semantics, the model introduces the concept of privilege states and orientation modes in the context of a role-based access control system. The central idea in our model is that privileges, assigned to a user or role, have a state attached to them, thereby resulting in a privilege states based access control (PSAC) system. In this paper, we present the design details and a formal model of PSAC tailored to database management systems (DBMSs). PSAC has been designed to also take into account role hierarchies that are often present in the access control models of current DBMSs. We have implemented PSAC in the PostgreSQL DBMS and in the paper, we discuss relevant implementation issues. We also report experimental results concerning the overhead of the access control enforcement in PSAC. Such results confirm that our design and algorithms are very efficient.
-
RAID - Privilege states based access control for fine-grained Intrusion Response
Lecture Notes in Computer Science, 2010Co-Authors: Ashish Kamra, Elisa BertinoAbstract:We propose an access control model specifically developed to support fine-grained Response actions, such as request suspension and request tainting, in the context of an anomaly detection system for databases. To achieve such Response semantics, the model introduces the concept of privilege states and orientation modes in the context of a role-based access control system. The central idea in our model is that privileges, assigned to a user or role, have a state attached to them, thereby resulting in a privilege states based access control (PSAC) system. In this paper, we present the design details and a formal model of PSAC tailored to database management systems (DBMSs). PSAC has been designed to also take into account role hierarchies that are often present in the access control models of current DBMSs. We have implemented PSAC in the PostgreSQL DBMS and in the paper, we discuss relevant implementation issues. We also report experimental results concerning the overhead of the access control enforcement in PSAC. Such results confirm that our design and algorithms are very efficient
Chris Strasburg - One of the best experts on this subject based on the ideXlab platform.
-
towards cost sensitive assessment of Intrusion Response selection
Journal of Computer Security, 2012Co-Authors: Natalia Stakhanova, Samik Basu, Chris Strasburg, Johnny WongAbstract:In recent years, cost-sensitive Intrusion Response has gained significant interest mainly due to its emphasis on the balance between potential damage incurred by the Intrusion and cost of the Response. However, one of the challenges in applying this approach is defining consistent and adaptable measurements of these cost factors on the basis of requirements and policy of the system being protected against Intrusions.In this paper we present a framework for the cost-sensitive selection of Intrusion Response. Specifically, we introduce a set of measurements that characterize potential costs associated with the Intrusion handling process and propose evaluation method of Intrusion Response with respect to the risk of potential Intrusion damage, effectiveness of Response action and Response cost for a system. We provide an implementation of the proposed solution as a plugin tool for Snort IDS and demonstrate its advantages on DARPA data set and real network traffic.
-
A Pragmatic Approach to Intrusion Response Metrics
Threats Countermeasures and Advances in Applied Information Security, 2012Co-Authors: Chris Strasburg, Johnny WongAbstract:The arms race between cyber attackers and defenders has evolved to the point where an effective counter-measure strategy requires the use of an automated, distributed, and coordinated Response. A key difficulty in achieving this goal lies in providing reliable measures by which to select appropriate Responses to a wide variety of potential Intrusions in a diverse population of network environments. In this chapter, the authors provide an analysis of the current state of automated Intrusion Response metrics from a pragmatic perspective. This analysis includes a review of the current state of the art as well as descriptions of the steps required to implement current work in production environments. The authors also discuss the research gaps that must be filled to improve security professionals’ ability to implement an automated Intrusion Response capability.
-
a framework for cost sensitive assessment of Intrusion Response selection
Computer Software and Applications Conference, 2009Co-Authors: Chris Strasburg, Natalia Stakhanova, Samik Basu, Johnny WongAbstract:In recent years, cost-sensitive Intrusion Response has gained significant interest, mainly due to its emphasis on the balance between potential damage incurred by the Intrusion and cost of the Response. However, one of the challenges in applying this approach is defining a consistent and adaptable measurement of these cost factors on the basis of system requirements and policy. In this paper,we present a host-based framework for the cost-sensitive assessment and selection of Intrusion Response. Specifically,we introduce a set of measurements that characterize the potential costs associated with the Intrusion handling process, and propose an Intrusion Response evaluation method with respect to the risk of potential Intrusion damage, the effectiveness of the Response action and the Response cost for a system. We provide an implementation of the proposed solution as an IDS-independent plugin tool and demonstrate its advantages on the several attack examples.
-
Intrusion Response cost assessment methodology
Computer and Communications Security, 2009Co-Authors: Chris Strasburg, Natalia Stakhanova, Samik Basu, Johnny WongAbstract:In this paper we present a structured methodology for evaluating cost of Responses based on three factors: the Response operational cost associated with the daily maintenance of the Response, the Response goodness that measures the applicability of the selected Response for a detected Intrusion and the Response impact on the system that refers to the possible Response effect on the system functionality. The proposed approach provides a consistent basis for Response evaluation across different systems while incorporating security policy and properties of the specific system environment.
-
AsiaCCS - Intrusion Response cost assessment methodology
Proceedings of the 4th International Symposium on Information Computer and Communications Security - ASIACCS '09, 2009Co-Authors: Chris Strasburg, Natalia Stakhanova, Samik Basu, Johnny WongAbstract:In this paper we present a structured methodology for evaluating cost of Responses based on three factors: the Response operational cost associated with the daily maintenance of the Response, the Response goodness that measures the applicability of the selected Response for a detected Intrusion and the Response impact on the system that refers to the possible Response effect on the system functionality. The proposed approach provides a consistent basis for Response evaluation across different systems while incorporating security policy and properties of the specific system environment.
Ashish Kamra - One of the best experts on this subject based on the ideXlab platform.
-
Design and Implementation of an Intrusion Response System for Relational Databases
IEEE Transactions on Knowledge and Data Engineering, 2011Co-Authors: Ashish Kamra, Elisa BertinoAbstract:The Intrusion Response component of an overall Intrusion detection system is responsible for issuing a suitable Response to an anomalous request. We propose the notion of database Response policies to support our Intrusion Response system tailored for a DBMS. Our interactive Response policy language makes it very easy for the database administrators to specify appropriate Response actions for different circumstances depending upon the nature of the anomalous request. The two main issues that we address in context of such Response policies are that of policy matching, and policy administration. For the policy matching problem, we propose two algorithms that efficiently search the policy database for policies that match an anomalous request. We also extend the PostgreSQL DBMS with our policy matching mechanism, and report experimental results. The experimental evaluation shows that our techniques are very efficient. The other issue that we address is that of administration of Response policies to prevent malicious modifications to policy objects from legitimate users. We propose a novel Joint Threshold Administration Model (JTAM) that is based on the principle of separation of duty. The key idea in JTAM is that a policy object is jointly administered by at least k database administrator (DBAs), that is, any modification made to a policy object will be invalid unless it has been authorized by at least k DBAs. We present design details of JTAM which is based on a cryptographic threshold signature scheme, and show how JTAM prevents malicious modifications to policy objects from authorized users. We also implement JTAM in the PostgreSQL DBMS, and report experimental results on the efficiency of our techniques.
-
privilege states based access control for fine grained Intrusion Response
Recent Advances in Intrusion Detection, 2010Co-Authors: Ashish Kamra, Elisa BertinoAbstract:We propose an access control model specifically developed to support fine-grained Response actions, such as request suspension and request tainting, in the context of an anomaly detection system for databases. To achieve such Response semantics, the model introduces the concept of privilege states and orientation modes in the context of a role-based access control system. The central idea in our model is that privileges, assigned to a user or role, have a state attached to them, thereby resulting in a privilege states based access control (PSAC) system. In this paper, we present the design details and a formal model of PSAC tailored to database management systems (DBMSs). PSAC has been designed to also take into account role hierarchies that are often present in the access control models of current DBMSs. We have implemented PSAC in the PostgreSQL DBMS and in the paper, we discuss relevant implementation issues. We also report experimental results concerning the overhead of the access control enforcement in PSAC. Such results confirm that our design and algorithms are very efficient.
-
RAID - Privilege states based access control for fine-grained Intrusion Response
Lecture Notes in Computer Science, 2010Co-Authors: Ashish Kamra, Elisa BertinoAbstract:We propose an access control model specifically developed to support fine-grained Response actions, such as request suspension and request tainting, in the context of an anomaly detection system for databases. To achieve such Response semantics, the model introduces the concept of privilege states and orientation modes in the context of a role-based access control system. The central idea in our model is that privileges, assigned to a user or role, have a state attached to them, thereby resulting in a privilege states based access control (PSAC) system. In this paper, we present the design details and a formal model of PSAC tailored to database management systems (DBMSs). PSAC has been designed to also take into account role hierarchies that are often present in the access control models of current DBMSs. We have implemented PSAC in the PostgreSQL DBMS and in the paper, we discuss relevant implementation issues. We also report experimental results concerning the overhead of the access control enforcement in PSAC. Such results confirm that our design and algorithms are very efficient
Natalia Stakhanova - One of the best experts on this subject based on the ideXlab platform.
-
towards cost sensitive assessment of Intrusion Response selection
Journal of Computer Security, 2012Co-Authors: Natalia Stakhanova, Samik Basu, Chris Strasburg, Johnny WongAbstract:In recent years, cost-sensitive Intrusion Response has gained significant interest mainly due to its emphasis on the balance between potential damage incurred by the Intrusion and cost of the Response. However, one of the challenges in applying this approach is defining consistent and adaptable measurements of these cost factors on the basis of requirements and policy of the system being protected against Intrusions.In this paper we present a framework for the cost-sensitive selection of Intrusion Response. Specifically, we introduce a set of measurements that characterize potential costs associated with the Intrusion handling process and propose evaluation method of Intrusion Response with respect to the risk of potential Intrusion damage, effectiveness of Response action and Response cost for a system. We provide an implementation of the proposed solution as a plugin tool for Snort IDS and demonstrate its advantages on DARPA data set and real network traffic.
-
a framework for cost sensitive assessment of Intrusion Response selection
Computer Software and Applications Conference, 2009Co-Authors: Chris Strasburg, Natalia Stakhanova, Samik Basu, Johnny WongAbstract:In recent years, cost-sensitive Intrusion Response has gained significant interest, mainly due to its emphasis on the balance between potential damage incurred by the Intrusion and cost of the Response. However, one of the challenges in applying this approach is defining a consistent and adaptable measurement of these cost factors on the basis of system requirements and policy. In this paper,we present a host-based framework for the cost-sensitive assessment and selection of Intrusion Response. Specifically,we introduce a set of measurements that characterize the potential costs associated with the Intrusion handling process, and propose an Intrusion Response evaluation method with respect to the risk of potential Intrusion damage, the effectiveness of the Response action and the Response cost for a system. We provide an implementation of the proposed solution as an IDS-independent plugin tool and demonstrate its advantages on the several attack examples.
-
Intrusion Response cost assessment methodology
Computer and Communications Security, 2009Co-Authors: Chris Strasburg, Natalia Stakhanova, Samik Basu, Johnny WongAbstract:In this paper we present a structured methodology for evaluating cost of Responses based on three factors: the Response operational cost associated with the daily maintenance of the Response, the Response goodness that measures the applicability of the selected Response for a detected Intrusion and the Response impact on the system that refers to the possible Response effect on the system functionality. The proposed approach provides a consistent basis for Response evaluation across different systems while incorporating security policy and properties of the specific system environment.
-
AsiaCCS - Intrusion Response cost assessment methodology
Proceedings of the 4th International Symposium on Information Computer and Communications Security - ASIACCS '09, 2009Co-Authors: Chris Strasburg, Natalia Stakhanova, Samik Basu, Johnny WongAbstract:In this paper we present a structured methodology for evaluating cost of Responses based on three factors: the Response operational cost associated with the daily maintenance of the Response, the Response goodness that measures the applicability of the selected Response for a detected Intrusion and the Response impact on the system that refers to the possible Response effect on the system functionality. The proposed approach provides a consistent basis for Response evaluation across different systems while incorporating security policy and properties of the specific system environment.
-
The Methodology for Evaluating Response Cost for Intrusion Response Systems
2008Co-Authors: Chris Strasburg, Natalia Stakhanova, Samik Basu, Johnny WongAbstract:Recent advances in the field of Intrusion detection brought new requirements to Intrusion prevention and Response. Traditionally, the Response to the detected attack was selected and deployed manually, in the recent years the focus has shifted towards developing automated and semi-automated methodologies for responding to Intrusions. In this context, the cost-sensitive Intrusion Response models have gained the most interest mainly due to their emphasis on the balance between potential damage incurred by the Intrusion and cost of the Response. However, one of the challenges in applying this approach is defining consistent and adaptable measurement of these cost factors on the basis of requirements and policy of the system being protected against Intrusions. In this paper we present a structured methodology for evaluating cost of Responses based on three factors: the Response operational cost associated with the daily maintenance of the Response, the Response goodness that measures the applicability of the selected Response for a detected Intrusion and the Response impact on the system that refers to the possible Response effect on the system functionality. The proposed approach provides consistent basis for Response evaluation across different systems while incorporating security policy and properties of specific system environment. We demonstrate the advantages of the proposed cost model and evaluate it on the example of three systems.
