Dynamic authorization and intrusion response in distributed systems

T. Ryutov, C. Neuman, D. Kim
Proceedings DARPA Information Survivability Conference and Exposition  
This paper¢ presents an authorization framework for supporting fine-grained access control policies enhanced with light-weight intrusion/misuse detectors and response capabilities. The framework intercepts and analyzes access requests and dynamically adjusts security policies to prevent attackers from exploiting application level vulnerabilities. We present a practical, flexible implementation of the framework based on the Generic Authorization and Access Control API (GAA-API) that provides
more » ... mic authorization and intrusion response capabilities for many applications. To evaluate our approach, we integrated the API with several applications, including Apache web server [12] , sshd and FreeS/WAN IPsec for Linux. This paper demonstrates the integration of the GAA-API into ssh daemon. By integrating the GAA-API into sshd, the ssh server can support fine-grained authorization policies, dynamic policy update, and application level intrusion detection and response. The server can also enforce policies with additional functionalities, e.g., time-and location-based controls. Our experiments showed that the required integration effort was moderate, and that the performance impact on the ssh server was negligible. the connec-
doi:10.1109/discex.2003.1194872 dblp:conf/discex/RyutovNK03 fatcat:55mqdnfu5vgmlmnrcodsxcjb7i