A survey on deep packet inspection for intrusion detection systems, Arxiv preprint, 2008. ,
Intrusion detection systems: A taxonomy and survey, 2000. ,
Secure computer system: Unied exposition and multics interpretation. Mtr-2997 ( esd-tr-75-306), MITRE Corp, 1976. ,
Remus: a security-enhanced operating system, ACM Transactions on Information and System Security, vol.5, issue.1, p.3661, 2002. ,
DOI : 10.1145/504909.504911
The chinese wall security policy, Proceedings of the IEEE Symposium on Security and Privacy, 1989. ,
Integrity considerations for secure computer systems, 1977. ,
The slab allocator: An object-caching kernel memory allocator, USENIX Summer, p.8798, 1994. ,
Understanding The Linux Kernel, 2005. ,
Network applications of bloom lters: A survey, In Internet Mathematics, p.636646, 2002. ,
Bluebox: A policy-driven, host-based intrusion detection system, ACM Trans. Inf. Syst. Secur, vol.6, p.173200, 2003. ,
Information ow query and verication for security policy of security-enhanced linux, Proceedings of IWSEC, p.389404, 2006. ,
Abstractions for usable information ow control in aeolus, Proceedings of the 2012 USENIX conference on Annual Technical Conference, USENIX ATC'12, p.1212, 2012. ,
A Comparison of Commercial and Military Computer Security Policies, 1987 IEEE Symposium on Security and Privacy, p.184194, 1987. ,
DOI : 10.1109/SP.1987.10001
Towards a taxonomy of intrusion-detection systems, Computer Networks, vol.31, issue.8, p.31805822, 1999. ,
DOI : 10.1016/S1389-1286(98)00017-6
A lattice model of secure information flow, Communications of the ACM, vol.19, issue.5, pp.236-243, 1976. ,
DOI : 10.1145/360051.360056
An Intrusion-Detection Model, IEEE transaction on Software Engineering, vol.13, issue.2, p.222232, 1987. ,
Trusted network interpretation of the DoD TCSEC ,
How to write shared libraries, 2011. ,
Labels and event processes in the asbestos operating system, SOSP '05: Proceedings of the twentieth ACM symposium on Operating systems principles, p.1730, 2005. ,
Taintdroid: an information-ow tracking system for realtime privacy monitoring on smartphones, Proceedings of the 9th USENIX conference on Operating systems design and implementation, OSDI'10, p.16, 2010. ,
Multilevel security and the quality of protection, Proceedings of First Workshop on Quality of Protection, p.2006, 2006. ,
Challenging the anomaly detection paradigm: a provocative discussion, Proceedings of the 2006 workshop on New security paradigms, NSPW '06, p.2129, 2007. ,
Blare Tools: A Policy-Based Intrusion Detection System Automatically Set by the Security Policy, Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection, 2009. ,
DOI : 10.1007/978-3-642-04342-0_22
Unwinding and Inference Control, 1984 IEEE Symposium on Security and Privacy, 1984. ,
DOI : 10.1109/SP.1984.10019
Getting started with the linux intrusion detection system, Linux J, 2006. ,
Virtualization with kvm, Linux J, issue.166, 2008. ,
Access policy generation system based on process execution history, Network Security Forum, 2003. ,
Intrusion detection in distributed systems, an approach based on taint marking, 2013 IEEE International Conference on Communications (ICC), 2013. ,
DOI : 10.1109/ICC.2013.6654811
URL : https://hal.archives-ouvertes.fr/hal-00840338
A taint marking approach to condentiality violation detection, Australasian Information Security Conference, p.8390, 2012. ,
Enforcing mandatory access control in distributed systems using aspect orientation, 21st Nordic Workshop on Programming Theory NWPT2009, p.6264, 2009. ,
Monitoring both os and program level information ows to detect intrusions against network servers, IEEE Workshop on Monitoring , Attack Detection and Mitigation, 2007. ,
A History and Survey of Network Firewalls, 2002. ,
Anomaly intrusion detection in dynamic execution environments, Proceedings of the 2002 workshop on New security paradigms , NSPW '02, p.5260, 2002. ,
DOI : 10.1145/844102.844112
User-level infrastructure for system call interposition: A platform for intrusion detection and connement, Network and Distributed Systems Security Symposium, 1999. ,
Information ow in operating systems : Eager formal methods, Workshop on Issues on the Theory of Security, 2003. ,
Detecting and countering system intrusions using software wrappers, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems], 2000. ,
DOI : 10.1109/FITS.2003.1264947
Information ow control for standard os abstractions, Proceedings of the 21st Symposium on Operating Systems Principles, 2007. ,
Secure computer systems: A mathematical model. MTR-2547 (ESD-TR-73-278-II), MITRE Corp, vol.2, 1973. ,
The inevitability of failure: The awed assumption of security in modern computing environments, Proceedings of the 21st National Information Systems Security Conference, p.303314, 1998. ,
Linux Kernel Development, 2005. ,
Integrating a network IDS into an open source Cloud Computing environment, 2010 Sixth International Conference on Information Assurance and Security, p.265270, 2010. ,
DOI : 10.1109/ISIAS.2010.5604069
Shamon: A System for Distributed Mandatory Access Control, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06), p.2332, 2006. ,
DOI : 10.1109/ACSAC.2006.47
Introducing technology into the Linux kernel: a case study, SIGOPS Oper. Syst. Rev, vol.42, issue.5, p.417, 2008. ,
BYOD: Security and Privacy Considerations, IT Professional, vol.14, issue.5, p.5355, 2012. ,
DOI : 10.1109/MITP.2012.93
Jonathan Shapiro, and Combex Inc. Capability myths demolished, 2003. ,
A decentralized model for information ow control, SIGOPS Oper. Syst. Rev, vol.31, issue.5, p.129142, 1997. ,
Protecting privacy using the decentralized label model ,
Communicating between the kernel and user-space in linux using netlink sockets. Software: Practice and Experience, pp.797-810, 2010. ,
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software, Proceedings of the Network and Distributed System Security Symposium (NDSS 2005), 2005. ,
Apparmor, application security for linux ,
Trusted computer system evaluation criteria (orange book) DoD 5200, p.28, 1983. ,
An overview of anomaly detection techniques: Existing solutions and latest technological trends, Computer Networks, vol.51, issue.12, p.34483470, 2007. ,
DOI : 10.1016/j.comnet.2007.02.001
Bro: a system for detecting network intruders in real-time, Proc. of the 7th Usenix Security Symposium, p.3151, 1998. ,
DOI : 10.1016/S1389-1286(99)00112-7
Argos: an emulator for ngerprinting zero-day attacks for advertised honeypots with automatic signature generation ,
Snort -lightweight intrusion detection for networks, Proceedings of the USENIX LISA'99 conference, p.229238, 1999. ,
Intrusion detection in the cloud, Dependable, Autonomic and Secure Computing DASC 09. Eighth IEEE International Conference on, p.729734, 2009. ,
Lattice-based access control models, Computer, vol.26, issue.11, p.919, 1993. ,
DOI : 10.1109/2.241422
The simplied mandatory access control kernel ,
Implementing SELinux as a Linux Security Module, 2002. ,
Frédéric Tronel, Valérie Viet Triem Tong Information ow control for intrusion detection derived from mac policy, Proceedings of the IEEE International Conference on Computer Communications (ICC), 2011. ,
Specifying and enforcing a negrained information ow policy: Model and experiments, Proceedings of MIST, 2010. ,
Rie: An architectural framework for user-centric information-ow security, MICRO 37: Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, p.243254, 2004. ,
Testing network-based intrusion detection signatures using mutant exploits, Proceedings of the 11th ACM conference on Computer and communications security , CCS '04, p.2130, 2004. ,
DOI : 10.1145/1030083.1030088
Janus: an approach for connement of untrusted applications, 1999. ,
The TrustedBSD MAC Framework, Proceedings DARPA Information Survivability Conference and Exposition, p.285296, 2003. ,
DOI : 10.1109/DISCEX.2003.1194900
Information ow control in cloud computing, CollaborateCom'10, p.17, 2010. ,
Panorama: capturing system-wide information ow for malware detection and analysis, Proceedings of the 14th ACM conference on Computer and communications security, CCS '07, p.116127, 2007. ,
Practical data-leak prevention for legacy applications in enterprise networks, 2011. ,
Prelude ids: current state and development perspectives, 2003. ,
Making information ow explicit in histar, OSDI '06: Proceedings of the 7th symposium on Operating systems design and implementation, p.263278, 2006. ,
Securing distributed systems with information ow control, NSDI'08: Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, p.293308, 2008. ,
Hardware enforcement of application security policies using tagged memory, Proceedings of OSDI, p.225240 ,
Using cqual for static analysis of authorization hook placement, Proceedings of the 11th USENIX Security Symposium, p.3348, 2002. ,
A novel network intrusion detection system (nids) based on signatures search of data mining, Proceedings of the 1st international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop, e-Forensics '08, pp.45145-45152, 2008. ,
Introducing reference ow control for detecting intrusion symptoms at the os level, Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection, p.292306, 2002. ,
Experimenting with a policy-based hids based on an information ow control model, Proceedings of the Annual Computer Security Applications Conference (ACSAC), 2003. ,
Distributed intrusion detection in clusters based on non-interference, Proceedings of the 2006 Australasian workshops on Grid computing and e-research - ACSW Frontiers '06, p.8995, 2006. ,