Integrated access control and intrusion detection for web servers

22 June 2004

conference paper
Published by Institute of Electrical and Electronics Engineers (IEEE)

p. 394-401
https://doi.org/10.1109/icdcs.2003.1203489

Abstract

Current intrusion detection systems work in isolation front access control for the application the systems aim to protect. The lack of coordination and inter-operation between these components prevents detecting and responding to ongoing attacks in real time, before they cause damage. To address this, we apply dynamic authorization techniques to support fine-grained access control and application level intrusion detection and response capabilities. This paper describes our experience with integration of the Generic Authorization and Access Control API (GAA-API) to provide dynamic intrusion detection and response for the Apache Web Server The GAA-API is a generic interface which may be used to enable such dynamic authorization and intrusion response capabilities for many applications.

Keywords

This publication has 2 references indexed in Scilit:

The specification and enforcement of advanced security policies
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2003
Intrusion detection systems
Published by National Institute of Standards and Technology (NIST) ,2001