Integrated Access Control and Intrusion Detection (IACID) Framework for Secure Grid Computing

Traditional Intrusion Detection Systems (IDSs) work in isolation from access control for the application the systems aim to protect. The lack of coordination and inter-operation between these components prevents detecting sophisticated attacks and responding to ongoing attacks in real time, before they cause damage. Another disadvantage is a large number of false positives. Reports of attacks can trigger response actions (e.g., termination of the offending connections). Thus an inaccurate IDS decision may result in disruption of service to legitimate users. Therefore, successful intrusion detection requires accurate and efficient models for analyzing application, system and network audit data and real time response to the attacks. To address the need for accurate and effective intrusion detection and response for secure Grid computing we developed an Integrated Access Control and Intrusion Detection (IACID) framework. The heterogeneity of Grid resources calls for policy-based detection and response to attacks to accommodate various security levels of resources and different security policies for specific users and environments. Our approach is based on specifying security policies extended with the capability to identify intrusions and suspicious behavior at the application level and guiding the audit data collection, intrusion detection and response. Policy enforcement is performed by the GAA-API (a component of the IACID system) that monitors access requests to vulnerable Grid applications evaluates and enforces the policies. The system detects and responds to intrusions by comparing access request patterns against the security policies and communicating with different detectors in order to build a coherent picture of attacks.