- Email: [email protected]
Intention modelling: Approximating computer user intentions for detection and prediction of intrusions
Computers & Security, Vol. 15, No. 5
conferencing (Mbone).
over
the
Internet
Multicast
Backbone
computer systems, employing methodologies.
advanced
techniques
and
MoFAC: A Model for Fine-grained Access Control
An Attack Detection System for Secure Computer Systems -Design of the ADS
J.S. von Solms, M.S. Olivier and S. H. von Solms, Department of Computer Science, Rand Afrikaans University, Johannesburg, South Africa.
I. Kantzavelou and A. Patel, Department of Computer Science, University College Dublin Belfired, Dublin, Ireland.
Access control in Information Technology (IT) systems, also known as Authorization, is one of the cornerstones of any Information Security Policy. The granularity of such access control can be on different levels, for example on volume (disc pack) leveLdatabase level,table level, and even on individual record (or tuple) and data field level. Although very fine-grained access control, for example on record level, is often required, in most systems access control on table level is used. The reason is the management process is significantly easier and simpler the course the level of control becomes.
Attack Detection Systems for secure computer systems are an approach to enhancing the security ofa computer system. In the past, they aimed at only providing a trail which could be useful in determining how a system was breached and who was responsible for this breach. More recently, attack detection systems have become automated tools which analyze audit data captured from a system, detect attacks as they take place and take measures to prevent further damage to the target system. The Attack Detection System (ADS) discussed in this paper is a real-time attack detection system which allocates points to users who are attempting to attack the target system, detects attacks by examining the number of points each user has been given, and takes countermeasure according to this number of points.
MoFAC presents a model in which access control is finer than table level, but where the increase in complexity and management says within acceptable limits.
Intention Modelling: Approximating Computer User Intentions for Detection and Prediction of Intrusions T. Spyrou and J. Darzentas, Department University of the Aegean, Greece.
of Mathematics,
This paper introduces and describes an innovative modeling approach which utilizes models that are synthesized through approximate calculations of user actions and extensive representation of knowledge about how to perform these actions. The Intention modeling approach is based on theories of cognitive and task modeling as well as on theories ofintention,rational action and plan recognition. Intention Models (IMs) have been used in the detection of malicious attacks which usually do not consist of illegal actions, but of a set of actions individually acceptable to the system which at a higher level may form non-acceptable tasks(s). A first effort at implementing these models for a real application was for the creation ofthe UII system, a research prototype for the detection of anomalous behavior of network users obtained by reasoning about the characterization of their intentions. It was developed as an autonomous module within SECURENET, a European funded program that aims at defending open
A Taxonomy for Analyzing Hazards to Information Systems R. Baskerville, Copenhagen Frederiksberg, Denmark.
Business
School,
Although information systems security is a serious problem, the nature of the constellation of hazards facing these systems is still not well understood. The existing taxonomies used to analyze hazards are of four types: asset groupings, impact groupings, convenience groupings and multi-dimensional. Most of the taxonomies are problematic because they focus on the consequences of the hazard, rather than on the nature ofthe hazard itself. This paper proposes a new taxonomy that analyzes deliberate and accidental hazards in different dimensions. The usefulness of the taxonomy is demonstrated by applying it to analyze a sample of hazard events.
IT Security and Privacy Education L. Yngstrom, Department of Computer and Systems Sciences, Stockholm University and Royal Institute of Technology, Kista, Sweden. An ever repeated problem within IT security is awareness and understanding. Some think this is due to failing
395
conferencing (Mbone).
over
the
Internet
Multicast
Backbone
computer systems, employing methodologies.
advanced
techniques
and
MoFAC: A Model for Fine-grained Access Control
An Attack Detection System for Secure Computer Systems -Design of the ADS
J.S. von Solms, M.S. Olivier and S. H. von Solms, Department of Computer Science, Rand Afrikaans University, Johannesburg, South Africa.
I. Kantzavelou and A. Patel, Department of Computer Science, University College Dublin Belfired, Dublin, Ireland.
Access control in Information Technology (IT) systems, also known as Authorization, is one of the cornerstones of any Information Security Policy. The granularity of such access control can be on different levels, for example on volume (disc pack) leveLdatabase level,table level, and even on individual record (or tuple) and data field level. Although very fine-grained access control, for example on record level, is often required, in most systems access control on table level is used. The reason is the management process is significantly easier and simpler the course the level of control becomes.
Attack Detection Systems for secure computer systems are an approach to enhancing the security ofa computer system. In the past, they aimed at only providing a trail which could be useful in determining how a system was breached and who was responsible for this breach. More recently, attack detection systems have become automated tools which analyze audit data captured from a system, detect attacks as they take place and take measures to prevent further damage to the target system. The Attack Detection System (ADS) discussed in this paper is a real-time attack detection system which allocates points to users who are attempting to attack the target system, detects attacks by examining the number of points each user has been given, and takes countermeasure according to this number of points.
MoFAC presents a model in which access control is finer than table level, but where the increase in complexity and management says within acceptable limits.
Intention Modelling: Approximating Computer User Intentions for Detection and Prediction of Intrusions T. Spyrou and J. Darzentas, Department University of the Aegean, Greece.
of Mathematics,
This paper introduces and describes an innovative modeling approach which utilizes models that are synthesized through approximate calculations of user actions and extensive representation of knowledge about how to perform these actions. The Intention modeling approach is based on theories of cognitive and task modeling as well as on theories ofintention,rational action and plan recognition. Intention Models (IMs) have been used in the detection of malicious attacks which usually do not consist of illegal actions, but of a set of actions individually acceptable to the system which at a higher level may form non-acceptable tasks(s). A first effort at implementing these models for a real application was for the creation ofthe UII system, a research prototype for the detection of anomalous behavior of network users obtained by reasoning about the characterization of their intentions. It was developed as an autonomous module within SECURENET, a European funded program that aims at defending open
A Taxonomy for Analyzing Hazards to Information Systems R. Baskerville, Copenhagen Frederiksberg, Denmark.
Business
School,
Although information systems security is a serious problem, the nature of the constellation of hazards facing these systems is still not well understood. The existing taxonomies used to analyze hazards are of four types: asset groupings, impact groupings, convenience groupings and multi-dimensional. Most of the taxonomies are problematic because they focus on the consequences of the hazard, rather than on the nature ofthe hazard itself. This paper proposes a new taxonomy that analyzes deliberate and accidental hazards in different dimensions. The usefulness of the taxonomy is demonstrated by applying it to analyze a sample of hazard events.
IT Security and Privacy Education L. Yngstrom, Department of Computer and Systems Sciences, Stockholm University and Royal Institute of Technology, Kista, Sweden. An ever repeated problem within IT security is awareness and understanding. Some think this is due to failing
395