Risk-Aware Framework for Activating and Deactivating Policy-Based Response

Wael Kanoun, Nora Cuppens-Boulahia, Frederic Cuppens, Samuel Dubus
2010 2010 Fourth International Conference on Network and System Security  
With the growth of modern systems and infrastructures, automated and intelligent response systems become the holy grail of the security community. An interesting approach proposes to use dynamic access control policies to specify response policies for such systems. These policies should be enforced when an ongoing attack, that threatens the monitored system, is detected. However, existing work do not present a clear methodology to specify the Response policies. In particular, the deactivation
more » ... the deactivation issue is not yet tackled. In this paper, we first present how to specify response policies. Second, a risk-aware framework is proposed to activate and deactivate response policies. Hence, the success likelihood of the threat, and the cumulative impact of both of the threat and the response, are all considered.
doi:10.1109/nss.2010.80 dblp:conf/nss/KanounCCD10 fatcat:nphpgzklkzcb3huotclq3y5ltu