A generic model for an application based intrusion prevention detection system

摘要

This paper presents a security model that applies the reference monitor concept in trusted operating systems to end-user applications, to provide a comprehensive solution for securing applications. An external security reference monitor (ESRM) has been designed and directly coupled with the application to take care of the security needs of the application like user identification and authentication, access control, secure communications, accountability and audit, audit log analysis and intrusion detection. The security reference monitor is a single point through which all access requests to the application are validated. This paper presents ESRM as applied to a File Transfer application. Rules have been configured to comprehensively validate all input data and enforce user access control. Application data has been logged for statistical analysis of usage patterns; to monitor the effectiveness of the present rules and to obtain data needed to update present rule base to further strengthen the application protection measures.