Author Gehani, Ashish
Title Support for automated passive host-based intrusion response
book jacket
Descript 155 p
Note Source: Dissertation Abstracts International, Volume: 65-06, Section: B, page: 2998
Supervisor: Gershon Kedem
Thesis (Ph.D.)--Duke University, 2003
Vulnerabilities continue to be discovered with high frequency. Threats that exploit them can be recognized by intrusion detectors. Manual response, however, is becoming decreasingly tenable. We introduce a model for automatic real-time mitigation of the risk posed to a host. The model is derived from an extant risk analysis framework used by the information assurance community, applying it to the operating system paradigm. We describe runtime support for implementing the scheme
SADDLE provides an auditing architecture that allows high fidelity auditing for intrusion detection with limited computational load and storage requirements. ARM modifies the reference monitor to dynamically constrain permissions to control the probability of exposing threatened resources. RICE allows guarantees to be made about the confidentiality, integrity and availability of data after a penetration occurs. NOSCAM provides a service for pro-active gathering of forensic evidence for postmortem analysis of an attack. These systems are combined through a prototype response engine, RheoStat, whose utility is demonstrated using a set of synthetic attacks
School code: 0066
Host Item Dissertation Abstracts International 65-06B
Subject Computer Science
Alt Author Duke University