LEADER 00000nam  2200313   4500 
001    AAI3136818 
005    20051017073522.5 
008    051017s2003                        eng d 
020    0496840142 
035    (UnM)AAI3136818 
040    UnM|cUnM 
100 1  Gehani, Ashish 
245 10 Support for automated passive host-based intrusion 
       response 
300    155 p 
500    Source: Dissertation Abstracts International, Volume: 65-
       06, Section: B, page: 2998 
500    Supervisor: Gershon Kedem 
502    Thesis (Ph.D.)--Duke University, 2003 
520    Vulnerabilities continue to be discovered with high 
       frequency. Threats that exploit them can be recognized by 
       intrusion detectors. Manual response, however, is becoming
       decreasingly tenable. We introduce a model for automatic 
       real-time mitigation of the risk posed to a host. The 
       model is derived from an extant risk analysis framework 
       used by the information assurance community, applying it 
       to the operating system paradigm. We describe runtime 
       support for implementing the scheme 
520    SADDLE provides an auditing architecture that allows high 
       fidelity auditing for intrusion detection with limited 
       computational load and storage requirements. ARM modifies 
       the reference monitor to dynamically constrain permissions
       to control the probability of exposing threatened 
       resources. RICE allows guarantees to be made about the 
       confidentiality, integrity and availability of data after 
       a penetration occurs. NOSCAM provides a service for pro-
       active gathering of forensic evidence for postmortem 
       analysis of an attack. These systems are combined through 
       a prototype response engine, RheoStat, whose utility is 
       demonstrated using a set of synthetic attacks 
590    School code: 0066 
590    DDC 
650  4 Computer Science 
690    0984 
710 20 Duke University 
773 0  |tDissertation Abstracts International|g65-06B 
856 40 |uhttp://pqdd.sinica.edu.tw/twdaoapp/servlet/
       advanced?query=3136818