, A survey on deep packet inspection for intrusion detection systems, Arxiv preprint, 2008.
, Intrusion detection systems: A taxonomy and survey, 2000.
, Secure computer system: Unied exposition and multics interpretation. Mtr-2997 ( esd-tr-75-306), MITRE Corp, 1976.
, Remus: a security-enhanced operating system, ACM Transactions on Information and System Security, vol.5, issue.1, p.3661, 2002.
DOI : 10.1145/504909.504911
, The chinese wall security policy, Proceedings of the IEEE Symposium on Security and Privacy, 1989.
, Integrity considerations for secure computer systems, 1977.
, The slab allocator: An object-caching kernel memory allocator, USENIX Summer, p.8798, 1994.
, Understanding The Linux Kernel, 2005.
, Network applications of bloom lters: A survey, In Internet Mathematics, p.636646, 2002.
, Bluebox: A policy-driven, host-based intrusion detection system, ACM Trans. Inf. Syst. Secur, vol.6, p.173200, 2003.
, Information ow query and verication for security policy of security-enhanced linux, Proceedings of IWSEC, p.389404, 2006.
, Abstractions for usable information ow control in aeolus, Proceedings of the 2012 USENIX conference on Annual Technical Conference, USENIX ATC'12, p.1212, 2012.
, A Comparison of Commercial and Military Computer Security Policies, 1987 IEEE Symposium on Security and Privacy, p.184194, 1987.
DOI : 10.1109/SP.1987.10001
, Towards a taxonomy of intrusion-detection systems, Computer Networks, vol.31, issue.8, p.31805822, 1999.
DOI : 10.1016/S1389-1286(98)00017-6
, A lattice model of secure information flow, Communications of the ACM, vol.19, issue.5, pp.236-243, 1976.
DOI : 10.1145/360051.360056
, An Intrusion-Detection Model, IEEE transaction on Software Engineering, vol.13, issue.2, p.222232, 1987.
, Trusted network interpretation of the DoD TCSEC
, How to write shared libraries, 2011.
, Labels and event processes in the asbestos operating system, SOSP '05: Proceedings of the twentieth ACM symposium on Operating systems principles, p.1730, 2005.
, Taintdroid: an information-ow tracking system for realtime privacy monitoring on smartphones, Proceedings of the 9th USENIX conference on Operating systems design and implementation, OSDI'10, p.16, 2010.
, Multilevel security and the quality of protection, Proceedings of First Workshop on Quality of Protection, p.2006, 2006.
, Challenging the anomaly detection paradigm: a provocative discussion, Proceedings of the 2006 workshop on New security paradigms, NSPW '06, p.2129, 2007.
, Blare Tools: A Policy-Based Intrusion Detection System Automatically Set by the Security Policy, Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection, 2009.
DOI : 10.1007/978-3-642-04342-0_22
, Unwinding and Inference Control, 1984 IEEE Symposium on Security and Privacy, 1984.
DOI : 10.1109/SP.1984.10019
, Getting started with the linux intrusion detection system, Linux J, 2006.
, Virtualization with kvm, Linux J, issue.166, 2008.
, Access policy generation system based on process execution history, Network Security Forum, 2003.
, Intrusion detection in distributed systems, an approach based on taint marking, 2013 IEEE International Conference on Communications (ICC), 2013.
DOI : 10.1109/ICC.2013.6654811
URL : https://hal.archives-ouvertes.fr/hal-00840338
, A taint marking approach to condentiality violation detection, Australasian Information Security Conference, p.8390, 2012.
, Enforcing mandatory access control in distributed systems using aspect orientation, 21st Nordic Workshop on Programming Theory NWPT2009, p.6264, 2009.
, Monitoring both os and program level information ows to detect intrusions against network servers, IEEE Workshop on Monitoring , Attack Detection and Mitigation, 2007.
, A History and Survey of Network Firewalls, 2002.
, Anomaly intrusion detection in dynamic execution environments, Proceedings of the 2002 workshop on New security paradigms , NSPW '02, p.5260, 2002.
DOI : 10.1145/844102.844112
, User-level infrastructure for system call interposition: A platform for intrusion detection and connement, Network and Distributed Systems Security Symposium, 1999.
, Information ow in operating systems : Eager formal methods, Workshop on Issues on the Theory of Security, 2003.
, Detecting and countering system intrusions using software wrappers, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems], 2000.
DOI : 10.1109/FITS.2003.1264947
, Information ow control for standard os abstractions, Proceedings of the 21st Symposium on Operating Systems Principles, 2007.
, Secure computer systems: A mathematical model. MTR-2547 (ESD-TR-73-278-II), MITRE Corp, vol.2, 1973.
, The inevitability of failure: The awed assumption of security in modern computing environments, Proceedings of the 21st National Information Systems Security Conference, p.303314, 1998.
, Linux Kernel Development, 2005.
, Integrating a network IDS into an open source Cloud Computing environment, 2010 Sixth International Conference on Information Assurance and Security, p.265270, 2010.
DOI : 10.1109/ISIAS.2010.5604069
, Shamon: A System for Distributed Mandatory Access Control, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06), p.2332, 2006.
DOI : 10.1109/ACSAC.2006.47
, Introducing technology into the Linux kernel: a case study, SIGOPS Oper. Syst. Rev, vol.42, issue.5, p.417, 2008.
, BYOD: Security and Privacy Considerations, IT Professional, vol.14, issue.5, p.5355, 2012.
DOI : 10.1109/MITP.2012.93
, Jonathan Shapiro, and Combex Inc. Capability myths demolished, 2003.
, A decentralized model for information ow control, SIGOPS Oper. Syst. Rev, vol.31, issue.5, p.129142, 1997.
, Protecting privacy using the decentralized label model
, Communicating between the kernel and user-space in linux using netlink sockets. Software: Practice and Experience, pp.797-810, 2010.
, Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software, Proceedings of the Network and Distributed System Security Symposium (NDSS 2005), 2005.
, Apparmor, application security for linux
, Trusted computer system evaluation criteria (orange book) DoD 5200, p.28, 1983.
, An overview of anomaly detection techniques: Existing solutions and latest technological trends, Computer Networks, vol.51, issue.12, p.34483470, 2007.
DOI : 10.1016/j.comnet.2007.02.001
, Bro: a system for detecting network intruders in real-time, Proc. of the 7th Usenix Security Symposium, p.3151, 1998.
DOI : 10.1016/S1389-1286(99)00112-7
, Argos: an emulator for ngerprinting zero-day attacks for advertised honeypots with automatic signature generation
, Snort -lightweight intrusion detection for networks, Proceedings of the USENIX LISA'99 conference, p.229238, 1999.
, Intrusion detection in the cloud, Dependable, Autonomic and Secure Computing DASC 09. Eighth IEEE International Conference on, p.729734, 2009.
, Lattice-based access control models, Computer, vol.26, issue.11, p.919, 1993.
DOI : 10.1109/2.241422
, The simplied mandatory access control kernel
, Implementing SELinux as a Linux Security Module, 2002.
, Frédéric Tronel, Valérie Viet Triem Tong Information ow control for intrusion detection derived from mac policy, Proceedings of the IEEE International Conference on Computer Communications (ICC), 2011.
, Specifying and enforcing a negrained information ow policy: Model and experiments, Proceedings of MIST, 2010.
, Rie: An architectural framework for user-centric information-ow security, MICRO 37: Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, p.243254, 2004.
, Testing network-based intrusion detection signatures using mutant exploits, Proceedings of the 11th ACM conference on Computer and communications security , CCS '04, p.2130, 2004.
DOI : 10.1145/1030083.1030088
, Janus: an approach for connement of untrusted applications, 1999.
, The TrustedBSD MAC Framework, Proceedings DARPA Information Survivability Conference and Exposition, p.285296, 2003.
DOI : 10.1109/DISCEX.2003.1194900
, Information ow control in cloud computing, CollaborateCom'10, p.17, 2010.
, Panorama: capturing system-wide information ow for malware detection and analysis, Proceedings of the 14th ACM conference on Computer and communications security, CCS '07, p.116127, 2007.
, Practical data-leak prevention for legacy applications in enterprise networks, 2011.
, Prelude ids: current state and development perspectives, 2003.
, Making information ow explicit in histar, OSDI '06: Proceedings of the 7th symposium on Operating systems design and implementation, p.263278, 2006.
, Securing distributed systems with information ow control, NSDI'08: Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, p.293308, 2008.
, Hardware enforcement of application security policies using tagged memory, Proceedings of OSDI, p.225240
, Using cqual for static analysis of authorization hook placement, Proceedings of the 11th USENIX Security Symposium, p.3348, 2002.
, A novel network intrusion detection system (nids) based on signatures search of data mining, Proceedings of the 1st international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop, e-Forensics '08, pp.45145-45152, 2008.
, Introducing reference ow control for detecting intrusion symptoms at the os level, Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection, p.292306, 2002.
, Experimenting with a policy-based hids based on an information ow control model, Proceedings of the Annual Computer Security Applications Conference (ACSAC), 2003.
, Distributed intrusion detection in clusters based on non-interference, Proceedings of the 2006 Australasian workshops on Grid computing and e-research - ACSW Frontiers '06, p.8995, 2006.