Title :
A new approach to enforce the security properties of a clustered high-interaction honeypot
Author :
Briffaut, J. ; Rouzaud-Cornabas, J. ; Toinard, C. ; Zemali, Y.
Author_Institution :
ENSI de Bourges, LIFO, Bourges, France
Abstract :
This paper enlarges previous works of the authors related to the security of a high-interaction honeypot. The challenge is to have a Security Property Language (SPL) for defining the required properties for controlling the activities between processes and resources. That language must authorize the definition of security properties related to confidentiality, integrity and availability. Moreover, that SPL must be able to enforce the security of target Operating Systems. It is an open problem not only regarding the security of Operating Systems but also regarding the security of high-interaction honeypots. That paper shows that existing approaches really fail to manage a large range of security properties. The first reason is that a SPL is really missing to express and enforce a large set of security properties. The second reason is that protection and detection approaches fail to manage a large set of security properties. Our paper proposes PIGA-Protect a new approach to control the system calls in order to guarantee the requested security properties.
Keywords :
operating systems (computers); pattern clustering; security of data; clustered high-interaction honeypot; high-interaction honeypot security; operating systems; security enforcement; security property language; Access control; Automatic control; Availability; Control systems; Information analysis; Information security; Linux; Operating systems; Protection; Security Properties; high-interaction honeypot.; security of Operating Systems; security of a honeypot;
Conference_Titel :
High Performance Computing & Simulation, 2009. HPCS '09. International Conference on
Conference_Location :
Leipzig
Print_ISBN :
978-1-4244-4906-4
Electronic_ISBN :
978-1-4244-4907-1
DOI :
10.1109/HPCSIM.2009.5194832
