Specifying Intrusion Detection and Reaction Policies: An Application of Deontic Logic

  • Nora Cuppens-Boulahia
  • Frédéric Cuppens
Conference paper

DOI: 10.1007/978-3-540-70525-3_7

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5076)
Cite this paper as:
Cuppens-Boulahia N., Cuppens F. (2008) Specifying Intrusion Detection and Reaction Policies: An Application of Deontic Logic. In: van der Meyden R., van der Torre L. (eds) Deontic Logic in Computer Science. DEON 2008. Lecture Notes in Computer Science, vol 5076. Springer, Berlin, Heidelberg

Abstract

The security policy of an information system may include a wide range of different requirements. The literature has primarily focused on access and information flow control requirements and more recently on authentication and usage control requirements. Specifying administration and delegation policies is also an important issue, especially in the context of pervasive distributed systems. In this paper, we are investigating the new issue of modelling intrusion detection and reaction policies and study the appropriateness of using deontic logic for this purpose. We analyze how intrusion detection requirements may be specified to face known intrusions but also new intrusions. In the case of new intrusions, we suggest using the bring it about modality and specifying requirements as prohibitions to bring it about that some security objectives are violated. When some intrusions occur, the security policy to be complete should specify what happens in this case. This is what we call a reaction policy. The paper shows that this part of the policy corresponds to contrary to duty requirements and suggests an approach based on assigning priority to activation contexts of security requirements.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Nora Cuppens-Boulahia
    • 1
  • Frédéric Cuppens
    • 1
  1. 1.TELECOM BretagneCesson Sévigné CedexFrance

Personalised recommendations