Sciweavers

RAID
2001
Springer

Interfacing Trusted Applications with Intrusion Detection Systems

14 years 5 months ago
Interfacing Trusted Applications with Intrusion Detection Systems
Abstract. In this paper we describe an interface between intrusion detection systems and trusted system components. The approach presented differs from conventional intrusion detection systems which are only loosely coupled to the components which they protect. We argue that a tighter coupling makes an IDS less vulnerable to desynchronization attacks, furnishes it with higher quality information and makes immediate and more fine grained responses feasible. Preliminary results show that this can be achieved through an external, nonspecific, voluntary reference monitor accessible to applications through a simple API. Reasonable performance can be maintained by moving most of the IDS functionality into the context of the trusted application.
Marc G. Welz, Andrew Hutchison
Added 30 Jul 2010
Updated 30 Jul 2010
Type Conference
Year 2001
Where RAID
Authors Marc G. Welz, Andrew Hutchison
Comments (0)