Mike Petkac & Lee Badger
NAI Labs
USA

Cooperative frameworks for intrusion detection and response exemplify a key area of today’s computer research: automating defenses against malicious attacks that increasingly are taking place at grander speeds and scales to enhance the survivability of distributed systems and maintain mission critical functionality. At the individual host-level, intrusion response often includes security policy reconfiguration to reduce the risk of further penetrations. However, runtime policy changes may cause traditional software components, designed without (dynamic) security in mind, to fail in varying degrees, including termination of critical processes. This paper presents security agility , a strategy to provide software components with the security awareness and adaptability to address runtime security policy changes, describes how security agility is packaged in a prototype toolkit, and illustrates how the toolkit can be integrated with intrusion detection and response frameworks to help automate flexible host-based response to intrusions.

Read Paper (in PDF)