Integrated access control and intrusion detection for Web Servers

Current intrusion detection systems work in isolation front access control for the application the systems aim to protect. The lack of coordination and inter-operation between these components prevents detecting and responding to ongoing attacks in real time, before they cause damage. To address this, we apply dynamic authorization techniques to support fine-grained access control and application level intrusion detection and response capabilities. This paper describes our experience with integration of the Generic Authorization and Access Control API (GAA-API) to provide dynamic intrusion detection and response for the Apache Web Server The GAA-API is a generic interface which may be used to enable such dynamic authorization and intrusion response capabilities for many applications.

[1]  B. Clifford Neuman,et al.  The Set and Function Approach to Modeling Authorization in Distributed Systems , 2001, MMM-ACNS.

[2]  L. F. Wilson,et al.  Analysis of distributed intrusion detection systems using Bayesian methods , 2002, Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference (Cat. No.02CH37326).

[3]  Peter Mell,et al.  NIST Special Publication on Intrusion Detection Systems , 2001 .

[4]  B. Clifford Neuman,et al.  The specification and enforcement of advanced security policies , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[5]  Robert Thau Design Considerations for the Apache Server API , 1996, Comput. Networks.

[6]  Marc Dacier,et al.  A Lightweight Tool for Detecting Web Server Attacks , 2000, NDSS.

[7]  Peter Mell,et al.  Intrusion Detection Systems , 2001 .

[8]  Magnus Almgren,et al.  Application-Integrated Data Collection for Security Monitoring , 2001, Recent Advances in Intrusion Detection.