Ubiquitous Redirection as Access Control Response
نویسندگان
چکیده
Rule-based access control mechanisms, network firewalls and application input validation all serve to enforce security policy. When violating the acceptable conditions these defenses mandate, an unauthorized requester is generally turned away. We make an argument for a modification to traditional access limitation through redirection and deceptive completion across many layers of data communication. Ubiquitous redirection provides additional information on attacker behavior, consumes attacker resources, improving defender awareness and, ultimately, site security. We describe a variety of network-based techniques for deception implemented in our honeypots, and undertake a study of OS-level deception practiced by rootkit writers with the view towards prospective use of similar techniques for defensive applications.
منابع مشابه
The Primary Path Selection Algorithm for Ubiquitous Multi-homing Environments
The multi-homing technology can provide an extended coverage area via distinct access technologies. Also, it is able to redirect a flow from one interface to another without reinitiating the flow. However, there is no suitable multi-homing technology for ubiquitous network environment at the moment. To provide multi-homing schemes into the ubiquitous environment, various related researches shou...
متن کاملFlexible Access Control using IPC Redirection
We present a mechanism for inter-process communication (IPC) redirection that enables efficient and flexible access control for micro-kernel systems. In such systems, services are implemented at user-level, so IPC is the only means of communication between them. Thus, the system must be able to mediate IPCs to enforce its access control policy. Such mediation must enable enforcement of security...
متن کاملPointRight: Pointer/Keyboard Redirection for Interactive Workspaces
The ubiquitous computing rooms and interactive workspaces currently being researched and deployed typically have several large screens and dozens of machines which can display to them. Providing convenient and intuitive pointer and keyboard access in such spaces is a challenge. The room should function as a large virtual desktop, and input should automatically be routed to whichever machine is ...
متن کاملWeb Distributed Authoring and Versioning (WebDAV) Redirect Reference Resources
This specification defines an extension to Web Distributed Authoring and Versioning (WebDAV) to allow clients to author HTTP redirect reference resources whose default response is an HTTP/1.1 3xx (Redirection) status code. A redirect reference makes it possible to access the target resourced indirectly through any URI mapped to the redirect reference resource. This specification does not addres...
متن کاملUser-Centric Adaptive Access Control and Resource Configuration for Ubiquitous Computing Environments
Provision of adaptive access control is key to allowing users harness the full potential of ubiquitous computing environments. In this paper, we introduce the M-Zones Access Control (MAC) process, which provides user-centric attribute-based access control, together with automatic reconfiguration of resources in response to the changes in the set of users physically present in the environment. U...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005