An abstract interface for cyber-defense mechanisms
Article No.: 37, Pages 1 - 3
Abstract
Defending a computer system against malicious attack depends on making many different defense mechanisms work together. In addition to protecting against intrusions, these mechanisms should provide intrusion detection and response. The semantics of input and output for these mechanisms -- what the alert from an intrusion detector means, and the implications of issuing a command in response -- can vary greatly from one mechanism to another. In this paper, we discuss the abstract interface we have developed for integrating various defense mechanisms to defend a distributed application. Our interface is more than an API: it defines not only the syntax of communication with defense mechanisms but also its meaning, thus allowing us to reason systematically about the state of attack and defense. We briefly describe our current work toward automating that reasoning and thus toward applications that defend themselves intelligently and automatically. We also argue that reasoning about attack and defense at an abstract level allows one to model and analyze whether the defense is effective.
Supplementary Material
Slide presentation for "An abstract interface for cyber-defense mechanisms"
- Download
- 89.63 KB
References
[1]
B. Blakely. The emperor's old armor. In New Security Paradigms Workshop, pages 2--16, Sept. 1996.
[2]
J. Chong et al. Survivability architecture of a mission-critical system: The DPASA example. In Comp. Security Applications Conf., Dec. 2005.
[3]
S. Kent. On the trail of intrusions into information systems. IEEE Spectrum, Dec. 2000.
[4]
P. G. Neumann and P. A. Porras. Experience with EMERALD to date. In Proc. 1st Usenix Workshop on Intrusion Detection and Network Monitoring, Apr. 1999.
[5]
SourceFire. Snort: the de facto standard for intrusion detection. Internet URL http://snort.org, 2008.
[6]
P. Thagard and K. Verbeurgt. Coherence as constraint satisfaction. Cognitive Science, 22:1--24, 1998.
[7]
F. Webber et al. A model of quarantine in cyber-defense. Technical Report ITUA Validation Report, Chapter 5, F30602-00-C-0172, BBN Technologies, 2004.
[8]
F. Webber, P. Pal, et al. Defense-enabled applications. In DARPA Info. Survivability Conf. and Expo., May 2001.
Index Terms
- An abstract interface for cyber-defense mechanisms
Recommendations
DDoS attacks and defense mechanisms: classification and state-of-the-art
Denial of Service (DoS) attacks constitute one of the major threats and among the hardest security problems in today's Internet. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With ...
Optimizing Active Cyber Defense
GameSec 2013: 4th International Conference on Decision and Game Theory for Security - Volume 8252Active cyber defense is one important defensive method for combating cyber attacks. Unlike traditional defensive methods such as firewall-based filtering and anti-malware tools, active cyber defense is based on spreading "white" or "benign" worms to ...
Active cyber defense dynamics exhibiting rich phenomena
HotSoS '15: Proceedings of the 2015 Symposium and Bootcamp on the Science of SecurityThe Internet is a man-made complex system under constant attacks (e.g., Advanced Persistent Threats and malwares). It is therefore important to understand the phenomena that can be induced by the interaction between cyber attacks and cyber defenses. In ...
Comments
Information & Contributors
Information
Published In
May 2008
470 pages
ISBN:9781605580982
DOI:10.1145/1413140
Copyright © 2008 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 12 May 2008
Check for updates
Qualifiers
- Research-article
Conference
CSIIRW '08
CSIIRW '08: Cyber Security and Information Intelligence Research Workshop
May 12 - 14, 2008
Tennessee, Oak Ridge, USA
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 217Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Reflects downloads up to 12 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in