Skip to main content
SpringerLink
Log in

Specifying Intrusion Detection and Reaction Policies: An Application of Deontic Logic

  • Conference paper
Deontic Logic in Computer Science (DEON 2008)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 5076))

Included in the following conference series:

Abstract

The security policy of an information system may include a wide range of different requirements. The literature has primarily focused on access and information flow control requirements and more recently on authentication and usage control requirements. Specifying administration and delegation policies is also an important issue, especially in the context of pervasive distributed systems. In this paper, we are investigating the new issue of modelling intrusion detection and reaction policies and study the appropriateness of using deontic logic for this purpose. We analyze how intrusion detection requirements may be specified to face known intrusions but also new intrusions. In the case of new intrusions, we suggest using the bring it about modality and specifying requirements as prohibitions to bring it about that some security objectives are violated. When some intrusions occur, the security policy to be complete should specify what happens in this case. This is what we call a reaction policy. The paper shows that this part of the policy corresponds to contrary to duty requirements and suggests an approach based on assigning priority to activation contexts of security requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 74.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: 4th IEEE Policy (June 2003)

    Google Scholar 

  2. Ayed, S., Cuppens-Boulahia, N., Cuppens, F.: An Integrated Model for Access Control and Information Flow Requirements. In: Cervesato, I. (ed.) ASIAN 2007. LNCS, vol. 4846, pp. 111–125. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  3. Bell, D., LaPadula, L.: Secure Computer Systems: Unified Exposition and Multics Interpretation. Technical Report ESD-TR-75-306, MTR-2997, MITRE, Bedford, Mass (1975)

    Google Scholar 

  4. Benferhat, S., El Baida, R., Cuppens, F.: A Stratification-Based Approach for Handling Conflicts in Access Control. In: 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), Lake Come, Italy (June 2003)

    Google Scholar 

  5. Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal role-based access control model. ACM TISSEC 4(3), 191–233 (2001)

    Article  Google Scholar 

  6. Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: Geo-rbac: a spatially aware rbac. In: 10th ACM SACMAT, June 1-3 (2005)

    Google Scholar 

  7. Broersen, J., Dignum, F., Meyer, J.-J., Dignum, V.: Designing a Deontic Logic of Deadlines. In: Lomuscio, A., Nute, D. (eds.) DEON 2004. LNCS (LNAI), vol. 3065. Springer, Heidelberg (2004)

    Google Scholar 

  8. Brunel, J., Bodeveix, J.-P., Filali, M.: A State/Event Temporal Deontic Logic. In: Goble, L., Meyer, J.-J.C. (eds.) DEON 2006. LNCS (LNAI), vol. 4048, pp. 85–100. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  9. Cholvy, L., Cuppens, F.: Reasoning about norms provided by conflicting regulations. In: McNamara, P., Prakken, H. (eds.) Fourth International Workshop on Deontic Logic in Computer Science, Bologna, Italy (1998)

    Google Scholar 

  10. Cuppens, F.: Roles and Deontic Logic. In: Second International Workshop on Deontic Logic in Computer Science, Oslo, Norway (1994)

    Google Scholar 

  11. Cuppens, F., Autrel, F., Miège, A., Benferhat, S.: Recognizing Malicious Intention in an Intrusion Detection Process. In: HIS, Santiago, Chili (2002)

    Google Scholar 

  12. Cuppens, F., Cuppens-Boulahia, N., Ben Ghorbel, M.: High Level Conflict Management Strategies in Advanced Access Control Models. Electronic Notes in Theoretical Computer Science 186, 3–26 (2007)

    Article  Google Scholar 

  13. Cuppens, F., Cuppens-Boulahia, N., Sans, T.: Nomad: A Security Model with Non Atomic Actions and Deadlines. In: 18th IEEE CSFW, pp. 186–196 (2005)

    Google Scholar 

  14. Cuppens, F., Miège, A.: Modelling Contexts in the Or-BAC Model. In: ACSAC (2003)

    Google Scholar 

  15. Cuppens, F., Miège, A.: Administration Model for Or-BAC. In: Computer Systems Science and Engineering (CSSE 2004), vol. 19 (May 2004)

    Google Scholar 

  16. Debar, H., Thomas, Y., Boulahia-Cuppens, N., Cuppens, F.: Using Contextual Security Policies for Threat Response. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Demolombe, R., Bretier, P., Louis, V.: Norms with Deadlines in Dynamic Deontic Logic. In: ECAI, Riva del Garda, Italy (September 2006)

    Google Scholar 

  18. Demolombe, R., Louis, V.: Norms, Institutional Power and Roles: Towards a Logical Framework. In: Esposito, F., Raś, Z.W., Malerba, D., Semeraro, G. (eds.) ISMIS 2006. LNCS (LNAI), vol. 4203, pp. 514–523. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  19. Demolombe, R., Louis, V.: Speech Acts with Institutional Effects in Agent Societies. In: Goble, L., Meyer, J.-J.C. (eds.) DEON 2006. LNCS (LNAI), vol. 4048, pp. 101–114. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  20. Ben Ghorbel, M., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A.: Managing Delegation in Access Control Models. In: 15th ADCOM (2007)

    Google Scholar 

  21. Goguen, J., Meseguer, J.: Unwinding and Inference Control. In: IEEE Symposium on Security and Privacy, Oakland (1984)

    Google Scholar 

  22. Harrington, J.: Network Security: A Practical Approach. TheKaufmann Series in Networking (2005)

    Google Scholar 

  23. Harrison, M., Ruzzo, W., Ullman, J.: Protection in operating systems. CACM 19(8), 461–471 (1976)

    MathSciNet  MATH  Google Scholar 

  24. Hilty, M., Pretschner, A., Basin, D.A., Schaefer, C., Walter, T.: A Policy Language for Distributed Usage Control. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 531–546. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  25. Meyer, J.-J.: A different approach to deontic logic: deontic logic viewed as a variant of dynamic logic. Notre Dame Journal of Formal Logic 29(1), 109–136 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  26. Morin, B., Debar, H.: Correlation of Intrusion Symptoms: An Application of Chronicles. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 94–112. Springer, Heidelberg (2003)

    Google Scholar 

  27. Pacheco, O., Carmo, J.: A Role Based Model for the Normative Specification of Organized Collective Agency and Agents Interaction. Autonomous Agents and Multi-Agent Systems 6(3), 145–184 (2003)

    Article  Google Scholar 

  28. Park, J., Sandhu, R.S.: The UCONABC usage control model. ACM Trans. Information and System Security 7(1) (2004)

    Google Scholar 

  29. Pörn, I.: Action Theory and Social Science; Some Formal Models. Synthese Library, vol. 120. D. Reidel, Dordrecht (1977)

    MATH  Google Scholar 

  30. Prakken, H., Sergot, M.: Contrary-to-duty obligations. Studia Logica 57(1), 91–115 (1996)

    Article  MathSciNet  MATH  Google Scholar 

  31. Preda, S., Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J., Toutain, L.: Reliable Process for Security Policy Deployment. In: International Conference on Security and Cryptography (Secrypt 2007), Barcelona, Spain (July 2007)

    Google Scholar 

  32. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  33. van der Torre, L.W.N.: Violated Obligations in a Defeasible Deontic Logic. In: ECAI, Amsterdam, The Netherlands (1994)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. TELECOM Bretagne, 2 rue de la châtaigneraie, 35512, Cesson Sévigné Cedex, France

    Nora Cuppens-Boulahia & Frédéric Cuppens

Authors
  1. Nora Cuppens-Boulahia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Frédéric Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Ron van der Meyden Leendert van der Torre

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cuppens-Boulahia, N., Cuppens, F. (2008). Specifying Intrusion Detection and Reaction Policies: An Application of Deontic Logic. In: van der Meyden, R., van der Torre, L. (eds) Deontic Logic in Computer Science. DEON 2008. Lecture Notes in Computer Science(), vol 5076. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70525-3_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-70525-3_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-70524-6

  • Online ISBN: 978-3-540-70525-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation