Policy-based intrusion detection in Web applications by monitoring Java information flows

This article focuses on intrusion detection in systems using Web applications and COTS. We present a solution that combines policy-based intrusion detection and information flow control. We describe JBlare, an inline Java monitor that tracks inter-method flows in Java applications. This monitor collaborates with Blare, a monitor that tracks information flow in the whole system at the OS-level. The combination of these two detectors constitutes a policy-based Intrusion Detection System that can address a wide range of attacks.

[1]  Andrew S. Tanenbaum,et al.  A Virtual Machine Based Information Flow Control System for Policy Enforcement , 2008, Electron. Notes Theor. Comput. Sci..

[2]  Christophe Bidan,et al.  Experimenting with a policy-based HIDS based on an information flow control model , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[3]  Michael Franz,et al.  Dynamic taint propagation for Java , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[4]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[5]  Alley Stoughton Access Flow: A Protection Model which Integrates Access Control and Information Flow , 1981, 1981 IEEE Symposium on Security and Privacy.

[6]  Steve Zdancewic,et al.  Challenges for Information-flow Security , 2004 .

[7]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[8]  Michiharu Kudo,et al.  Dynamic Information Flow Control Architecture for Web Applications , 2007, ESORICS.

[9]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[10]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[11]  Christophe Bidan,et al.  An Improved Reference Flow Control Model for Policy-Based Intrusion Detection , 2003, ESORICS.

[12]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[13]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[14]  Michael Franz,et al.  Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[15]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[16]  Guilherme Ottoni,et al.  RIFLE: An Architectural Framework for User-Centric Information-Flow Security , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[17]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[18]  Christophe Bidan,et al.  Introducing Reference Flow Control for Detecting Intrusion Symptoms at the OS Level , 2002, RAID.

[19]  M. Franz,et al.  Practical , Dynamic Information-flow for Virtual Machines , 2005 .

[20]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.