Response policies and counter-measure : management of service dependencies and intrusion and reaction impacts

par Nizar Kheir

Thèse de doctorat en Informatique

Sous la direction de Frédéric Cuppens.

  • Titre traduit

    Politiques de réaction et contrmesures : Gestion des dépendances de services et les impacts d'intrusions et des réactions

  • Pas de résumé disponible.

  • Résumé

    Nowadays, intrusion response is challenged by both attack sophistication and the complexity of target systems. In fact, Internet currently provides an exceptional facility to share resources and exploits between novice and skilled attackers. As a matter of fact, simply detecting or locally responding against attacks has proven to be insufficient. On the other hand, in order to keep pace with the growing need for more interactive and dynamic services, information systems are getting increasingly dependent upon modular and interdependent service architectures. In consequence, intrusions and responses often have drastic effects as their impacts spread through service dependencies. We argue in this thesis that service dependencies have multiple security implications. In the context of intrusion response, service dependencies can be used to find the proper enforcement points which are capable to support a specific response strategy. They can be also used in order to compute the impact of such responses in order to select the least costly response. In a first attempt to realize the thesis objectives, we explore graph-based service dependency models. We implement intrusion and response impacts as security flows that propagate within a directed graph. We introduce countermeasures as transformations to the dependency graph, and which have direct implications on the impact flows triggered by an intrusion. In a second step, we replace the analytic graph-based approach with a simulation-based approach using colored Petri nets. We develop for this purpose a new service dependency model that outperforms the initial graph-based models. It represents access permissions that apply to service dependencies. Attacker permissions are also implemented in this model by interfacing with attack graphs. We develop a simulation platform that tracks the propagation of intrusion impacts, response impacts, and the combined impacts for intrusion and response. We define a new response index, the return on response investment (RORI), that we evaluate for each response candidate with the aim to select the one that provides a maximal positive RORI index.

Consulter en bibliothèque

La version de soutenance existe sous forme papier


  • Détails : 1 vol. (216 p.)
  • Notes : Reproduction autorisée par le jury
  • Annexes : Bibliogr. p. 177-185

Où se trouve cette thèse\u00a0?

  • Bibliothèque : Université de Rennes 1. Service commun de la documentation. BU Beaulieu.
  • Disponible pour le PEB
  • Cote : TA RENNES 2010/180
  • Bibliothèque : IMT Atlantique campus de Rennes. Documentation.
  • Disponible pour le PEB
  • Cote : 2.28 KHEI
  • Bibliothèque : IMT Atlantique campus de Rennes. Documentation.
  • Disponible pour le PEB
  • Cote : 2.28 KHEI

Cette version existe également sous forme de microfiche :

  • Bibliothèque : Université de Lille. Service commun de la documentation. Bibliothèque universitaire de Sciences Humaines et Sociales.
  • Non disponible pour le PEB
  • Cote : 2010TELB0162
Voir dans le Sudoc, catalogue collectif des bibliothèques de l'enseignement supérieur et de la recherche.