Abstract
The security policy of an information system may include a wide range of different requirements. The literature has primarily focused on access and information flow control requirements and more recently on authentication and usage control requirements. Specifying administration and delegation policies is also an important issue, especially in the context of pervasive distributed systems. In this paper, we are investigating the new issue of modelling intrusion detection and reaction policies and study the appropriateness of using deontic logic for this purpose. We analyze how intrusion detection requirements may be specified to face known intrusions but also new intrusions. In the case of new intrusions, we suggest using the bring it about modality and specifying requirements as prohibitions to bring it about that some security objectives are violated. When some intrusions occur, the security policy to be complete should specify what happens in this case. This is what we call a reaction policy. The paper shows that this part of the policy corresponds to contrary to duty requirements and suggests an approach based on assigning priority to activation contexts of security requirements.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: 4th IEEE Policy (June 2003)
Ayed, S., Cuppens-Boulahia, N., Cuppens, F.: An Integrated Model for Access Control and Information Flow Requirements. In: Cervesato, I. (ed.) ASIAN 2007. LNCS, vol. 4846, pp. 111–125. Springer, Heidelberg (2007)
Bell, D., LaPadula, L.: Secure Computer Systems: Unified Exposition and Multics Interpretation. Technical Report ESD-TR-75-306, MTR-2997, MITRE, Bedford, Mass (1975)
Benferhat, S., El Baida, R., Cuppens, F.: A Stratification-Based Approach for Handling Conflicts in Access Control. In: 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), Lake Come, Italy (June 2003)
Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal role-based access control model. ACM TISSEC 4(3), 191–233 (2001)
Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: Geo-rbac: a spatially aware rbac. In: 10th ACM SACMAT, June 1-3 (2005)
Broersen, J., Dignum, F., Meyer, J.-J., Dignum, V.: Designing a Deontic Logic of Deadlines. In: Lomuscio, A., Nute, D. (eds.) DEON 2004. LNCS (LNAI), vol. 3065. Springer, Heidelberg (2004)
Brunel, J., Bodeveix, J.-P., Filali, M.: A State/Event Temporal Deontic Logic. In: Goble, L., Meyer, J.-J.C. (eds.) DEON 2006. LNCS (LNAI), vol. 4048, pp. 85–100. Springer, Heidelberg (2006)
Cholvy, L., Cuppens, F.: Reasoning about norms provided by conflicting regulations. In: McNamara, P., Prakken, H. (eds.) Fourth International Workshop on Deontic Logic in Computer Science, Bologna, Italy (1998)
Cuppens, F.: Roles and Deontic Logic. In: Second International Workshop on Deontic Logic in Computer Science, Oslo, Norway (1994)
Cuppens, F., Autrel, F., Miège, A., Benferhat, S.: Recognizing Malicious Intention in an Intrusion Detection Process. In: HIS, Santiago, Chili (2002)
Cuppens, F., Cuppens-Boulahia, N., Ben Ghorbel, M.: High Level Conflict Management Strategies in Advanced Access Control Models. Electronic Notes in Theoretical Computer Science 186, 3–26 (2007)
Cuppens, F., Cuppens-Boulahia, N., Sans, T.: Nomad: A Security Model with Non Atomic Actions and Deadlines. In: 18th IEEE CSFW, pp. 186–196 (2005)
Cuppens, F., Miège, A.: Modelling Contexts in the Or-BAC Model. In: ACSAC (2003)
Cuppens, F., Miège, A.: Administration Model for Or-BAC. In: Computer Systems Science and Engineering (CSSE 2004), vol. 19 (May 2004)
Debar, H., Thomas, Y., Boulahia-Cuppens, N., Cuppens, F.: Using Contextual Security Policies for Threat Response. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064. Springer, Heidelberg (2006)
Demolombe, R., Bretier, P., Louis, V.: Norms with Deadlines in Dynamic Deontic Logic. In: ECAI, Riva del Garda, Italy (September 2006)
Demolombe, R., Louis, V.: Norms, Institutional Power and Roles: Towards a Logical Framework. In: Esposito, F., Raś, Z.W., Malerba, D., Semeraro, G. (eds.) ISMIS 2006. LNCS (LNAI), vol. 4203, pp. 514–523. Springer, Heidelberg (2006)
Demolombe, R., Louis, V.: Speech Acts with Institutional Effects in Agent Societies. In: Goble, L., Meyer, J.-J.C. (eds.) DEON 2006. LNCS (LNAI), vol. 4048, pp. 101–114. Springer, Heidelberg (2006)
Ben Ghorbel, M., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A.: Managing Delegation in Access Control Models. In: 15th ADCOM (2007)
Goguen, J., Meseguer, J.: Unwinding and Inference Control. In: IEEE Symposium on Security and Privacy, Oakland (1984)
Harrington, J.: Network Security: A Practical Approach. TheKaufmann Series in Networking (2005)
Harrison, M., Ruzzo, W., Ullman, J.: Protection in operating systems. CACM 19(8), 461–471 (1976)
Hilty, M., Pretschner, A., Basin, D.A., Schaefer, C., Walter, T.: A Policy Language for Distributed Usage Control. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 531–546. Springer, Heidelberg (2007)
Meyer, J.-J.: A different approach to deontic logic: deontic logic viewed as a variant of dynamic logic. Notre Dame Journal of Formal Logic 29(1), 109–136 (1988)
Morin, B., Debar, H.: Correlation of Intrusion Symptoms: An Application of Chronicles. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 94–112. Springer, Heidelberg (2003)
Pacheco, O., Carmo, J.: A Role Based Model for the Normative Specification of Organized Collective Agency and Agents Interaction. Autonomous Agents and Multi-Agent Systems 6(3), 145–184 (2003)
Park, J., Sandhu, R.S.: The UCONABC usage control model. ACM Trans. Information and System Security 7(1) (2004)
Pörn, I.: Action Theory and Social Science; Some Formal Models. Synthese Library, vol. 120. D. Reidel, Dordrecht (1977)
Prakken, H., Sergot, M.: Contrary-to-duty obligations. Studia Logica 57(1), 91–115 (1996)
Preda, S., Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J., Toutain, L.: Reliable Process for Security Policy Deployment. In: International Conference on Security and Cryptography (Secrypt 2007), Barcelona, Spain (July 2007)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. Computer 29(2), 38–47 (1996)
van der Torre, L.W.N.: Violated Obligations in a Defeasible Deontic Logic. In: ECAI, Amsterdam, The Netherlands (1994)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cuppens-Boulahia, N., Cuppens, F. (2008). Specifying Intrusion Detection and Reaction Policies: An Application of Deontic Logic. In: van der Meyden, R., van der Torre, L. (eds) Deontic Logic in Computer Science. DEON 2008. Lecture Notes in Computer Science(), vol 5076. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70525-3_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-70525-3_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70524-6
Online ISBN: 978-3-540-70525-3
eBook Packages: Computer ScienceComputer Science (R0)