Hybrid Monitoring of Attacker Knowledge

International audienceEnforcement of noninterference requires proving that an attacker's knowledge about the initial state remains the same after observing a program's public output. We propose a hybrid monitoring mechanism which dynamically evaluates the knowledge that is contained in program variables. To get a precise estimate of the knowledge, the monitor statically analyses non-executed branches. We show that our knowledge-based monitor can be combined with existing dynamic monitors for non-interference. A distinguishing feature of such a combination is that the combined monitor is provably more permissive than each mechanism taken separately. We demonstrate this by proposing a knowledge-enhanced version of a no-sensitive-upgrade (NSU) monitor. The monitor and its static analysis have been formalized and proved correct within the Coq proof assistant

On the tradeoff between privacy and energy in wireless sensor networks

Source location privacy is becoming an increasingly important property of some wireless sensor network applica- tions. The fake source technique has been proposed as an approach for handling the source location privacy problem in these situations. However, whilst the efficiency of the fake source techniques is well documented, there are several factors that limit the usefulness of current results: (i) the assumption that fake sources are known a priori, (ii) the selection of fake sources based on an prohibitively expensive pre-configuration phase and (iii) the lack of a commonly adopted attacker model. In this paper we address these limitations by investigating the efficiency of the fake source technique with respect to possible implementations, configurations and extensions that do not require a pre-configuration phase or a priori knowledge of fake sources. The results presented demonstrate that one possible implementation, in presence of a single attacker, can lead to a decrease in capture ratio of up to 60% when compared with a flooding baseline. In the presence of multiple attackers, the same implementation yields only a 30% decrease in capture ratio with respect to the same baseline. To address this problem we investigate a hybrid technique, known as phantom routing with fake sources, which achieves a corresponding 50% reduction in capture ratio

A survey of intrusion detection techniques in Cloud

Cloud computing provides scalable, virtualized on-demand services to the end users with greater flexibility and lesser infrastructural investment. These services are provided over the Internet using known networking protocols, standards and formats under the supervision of different managements. Existing bugs and vulnerabilities in underlying technologies and legacy protocols tend to open doors for intrusion. This paper, surveys different intrusions affecting availability, confidentiality and integrity of Cloud resources and services. It examines proposals incorporating Intrusion Detection Systems (IDS) in Cloud and discusses various types and techniques of IDS and Intrusion Prevention Systems (IPS), and recommends IDS/IPS positioning in Cloud architecture to achieve desired security in the next generation networks

DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments

With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers. © 2011 ICST