Skip to main content
SpringerLink
Log in

Interfacing Trusted Applications with Intrusion Detection Systems

  • Conference paper
  • First Online:
Recent Advances in Intrusion Detection (RAID 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2212))

Included in the following conference series:

Abstract

In this paper we describe an interface between intrusion detection systems and trusted system components. The approach presented differs from conventional intrusion detection systems which are only loosely coupled to the components which they protect. We argue that a tighter coupling makes an IDS less vulnerable to desynchronization attacks, furnishes it with higher quality information and makes immediate and more fine grained responses feasible. Preliminary results show that this can be achieved through an external, nonspecific, voluntary reference monitor accessible to applications through a simple API. Reasonable performance can be maintained by moving most of the IDS functionality into the context of the trusted application.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. J. Abela, T. Debeaupuis, and E. Guttman. Universal format for logger messages. http://www.hsc.fr/gulp/, 1997.

  2. S. Axelsson. The base-rate fallacy and its implications for the difficulty of intrusion detection. In Proceedings of the 6th ACM Conference on Computer and Communications security, pages 1–7, November 1999.

    Google Scholar 

  3. J. Balasubramaniyan, J. O. Garcia-Fernandez, E. H. Spafford, and Zamboni D. An architecture for intrusion detection using autonomous agents. Technical report, COAST Laboratory, June 1998.

    Google Scholar 

  4. M. Bishop. A standard audit trail format. In National Information Systems Security Conference, pages 136–145, October 1995.

    Google Scholar 

  5. J. Case, M. Fedor, M. Schoffstall, and J. Davin. A simple network management protocol. http://www.ietf.org/rfc/rfc1157.txt, 1990.

  6. C. Chung, M. Gertz, and K. Levitt. DEMIDS: A misuse detection system for database systems. In Third Annual IFIP TC-11 WG11.5 Working Conference on Integrity and Control in Information Systems, 1999.

    Google Scholar 

  7. M. Erlinger, S. Staniford-Chen, et al. IETF intrusion detection working group. http://www.ietf.org/html.charters/idwg-charter.html, 1999.

  8. T. Fraser. LOMAC: Low water-mark integrity protection for COTS environments. In Proceedings of the IEEE Symposium on Security and Privacy, pages 230–245, May 2000.

    Google Scholar 

  9. I. Goldberg, D. Wagner, R. Thomas, and E. Brewer. A secure environment for untrusted helper applications. In Proceedings of the 6th USENIX Security Symposium, pages 1–13, July 1996.

    Google Scholar 

  10. G. S. Goldszmidt. Distributed Management by Delegation. PhD thesis, Columbia University, 1996.

    Google Scholar 

  11. K. Ilgun. USTAT: A real-time intrusion detection system for unix. Master’s thesis, University of California, July 1992.

    Google Scholar 

  12. F. Kerschbaum, E. H. Spafford, and D. Zamboni. Using embedded sensors for detecting network attacks. In 1st ACM Workshop on Intrusion Detection Systems, November 2000.

    Google Scholar 

  13. M. Kirkwood and I. Lynagh. Firewall kit. http://ferret.lmh.ox.ac.uk/~weejock/fk/, 2000.

  14. W. Lee, S. J. Stolfo, and K. Mok. Mining audit data to build intrusion detection models. In International Conference on Knowledge Discovery and Data Mining, September 1998.

    Google Scholar 

  15. A. Mounji. Languages and Tools for Rule-Based Distributed Intrusion Detection. PhD thesis, Universite de Namur, September 1997.

    Google Scholar 

  16. K. E. Price. Host-based misuse detection and conventional operating systems’ audit data collection. Master’s thesis, Purdue University, December 1997.

    Google Scholar 

  17. T. H. Ptacek and T. N. Newsham. Insertion, evasion and denial of service: Eluding network intrusion detection. Technical report, Secure Networks, 1998.

    Google Scholar 

  18. Rain Forrest Puppy. Whisker. http://www.wiretrip.net/rfp/, 1999.

  19. M. K. Ranum and F. M. Avolio. A toolkit and methods for internet firewalls. In Proceedings of the USENIX Conference, pages 37–44, 1994.

    Google Scholar 

  20. J. Riordan and D. Alessandri. Target naming and service apoptosis. In Proceedings of the 3rd Workshop on Recent Advances in Intrusion Detection, pages 217–225, October 2000.

    Google Scholar 

  21. V. Samar and R. Schemers. Unified login with pluggable authentication modules (PAM), October 1995.

    Google Scholar 

  22. D. Song. Fragrouter. http://www.anzen.com/research/nidsbench/, 1999.

  23. The Open Group. Distributed Audit Service (XDAS) Base. The Open Group, 1997.

    Google Scholar 

  24. The Open Group. Systems Management: Event Management Service. The Open Group, 1997.

    Google Scholar 

  25. W. Venema. TCP wrapper, network monitoring, access control and booby traps. In Proceedings of the 3rd USENIX Security Symposium, pages 85–92, September 1992.

    Google Scholar 

  26. I. Welch and R. Stroud. Reflection as a mechanism for enforcing security policies in mobile code. In Proceedings of the 6th European Symposium on Research in Computer Security, October 2000.

    Google Scholar 

  27. M. Zelem, M. Pikula, and M. Ockajak. Medusa DS9 security system. http://medusa.fornax.sk/, 1999.

Download references

Author information

Authors and Affiliations

  1. Data Network Architectures Laboratory Department of Computer Science, University of Cape Town, Rondebosch, 7701, South Africa

    Marc Welz & Andrew Hutchison

Authors
  1. Marc Welz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrew Hutchison
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Georgia Institute of Technology, College of Computing, 801 Atlantic Drive, Atlanta, Georgia, 30332-0280, USA

    Wenke Lee

  2. SUPELEC, BP 28, 35511, Cesson Sevigne Cedex, France

    Ludovic Mé

  3. IBM Research, Zurich Research Laboratory, Säumerstr. 4, 8803, Rüschlikon, Switzerland

    Andreas Wespi

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Welz, M., Hutchison, A. (2001). Interfacing Trusted Applications with Intrusion Detection Systems. In: Lee, W., Mé, L., Wespi, A. (eds) Recent Advances in Intrusion Detection. RAID 2001. Lecture Notes in Computer Science, vol 2212. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45474-8_3

Download citation

  • DOI: https://doi.org/10.1007/3-540-45474-8_3

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42702-5

  • Online ISBN: 978-3-540-45474-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation