A Collaborative Approach for Access Control, Intrusion Detection and Security Testing M. Blanc * J. Briffaut † P. Clemente † M. Gad El Rab † C. Toinard † * Commissariat ` a l’Energie Atomique † Laboratoire d’Informatique Fondamentale d’Orl´ eans BP 12 Batiment IIIA, Rue L´ eonard de Vinci,B.P. 6759 91680 Bruy` eres-le-Chˆ atel 45067 ORLEANS Cedex 2 France France {jeremy.briffaut,patrice.clemente,mohammed.gadelrab,christian.toinard}@lifo.univ-orleans.fr mathieu.blanc@cea.fr ABSTRACT Security Management is becoming a critical aspect for large scale distributed systems. In this paper, we propose a global architecture, based on an original meta-policy ap- proach for access control and intrusion detection, allowing to guarantee global security properties. In contrast with classical meta-policy based systems, by applying verifica- tion techniques on the meta-policy, our solution guarantees global security properties while supporting local updates of the security policy. It is thus a powerful solution that pro- vides strong fault tolerance since the control is carried out in a complete decentralized manner. By using a meta-policy, the system can verify the respect of global security proper- ties after meta or local modifications of the policy. Thanks to test components, our system is also able to evaluate and configure in real-time each of its functionalities while track- ing self corruption by malicious hackers. Our architecture is a cooperative multi agent-based system, making it possi- ble to activate a functionality independently from some oth- ers. It is divided into several levels, each one contributing to the automation of the security management. KEYWORDS: Security, Multi-Agent System, Access Control, Intrusion Detection, Test, Verification. 1. INTRODUCTION Keeping distributed system secure is becoming more and more difficult. Security administrators are required to man- age several security components scattered everywhere in the system, with sometimes thousands of hosts, user accounts and hidden enemies (attackers). Several security mecha- nisms have been created to guard computer systems from hackers and malicious users. First, access to system re- sources (files, applications, peripherals, etc.) was restricted and no longer accessible to everybody. Access was con- trolled by security policies according to particular access control systems (i.e., DAC, MAC, RBAC, etc.). With an Internet access, computers become massively con- nected and the risks of bypassing security measures are mul- tiplied. Therefore, new measures such as firewalls and in- trusion detection systems (IDS) have been invented. How- ever, the management of all these mechanisms is not a triv- ial task because they are usually scattered and may belong to different administrative domains with sometimes incom- patible security policies. The main objective of developing the meta-policy (policy of the policies) is also meant to fa- cilitate the administration of distributed policies. To keep the control of large scale networks, many solutions have been invented to ease the job of the security adminis- trator(s). For example, security management systems pro- vide a centralized management console for deploying secu- rity updates, software patches, virus scans, managing secu- rity policies, etc. But, to our knowledge, no solution offers both high level security in distributed system and facilitates administration. The multi-agent and multi-level architecture that we pro- pose goes a step further in the automation of the security management. In this architecture, we integrate several se- curity mechanisms (security policy, firewalls, network IDS, host IDS). Moreover, the proposal includes test and verifica- tion abilities to guarantee the correctness of the meta-policy updates proposed by the global administrator. The novelty of this approach 1 is that it provides an agent- based security solution that uses different security mech- anisms that complement each other to overcome the limi- tations existing in some of these techniques. Agents may work alone or can form groups of agents, handling specific functionalities of the overall system, such as security policy, 1 This work was supported by the ACI SATIN http://lifc.univ- fcomte.fr/∼heampc/SATIN/. 270 0-9785699-0-3/06/$20.00©2006 IEEE