From: "Patrick K., ITF" <cto@itechfrontiers.com>
To: Hramchenko <hramchenko@bk.ru>
Cc: selinux@tycho.nsa.gov
Subject: Re: New HIPS based on SELinux
Date: Thu, 06 Oct 2011 05:01:56 -0400 [thread overview]
Message-ID: <4E8D6E84.9090407@itechfrontiers.com> (raw)
In-Reply-To: <201110060030.05639.hramchenko@bk.ru>
Hello,
I think you are misusing the term "HIPS" here, (or using your own
definition actually)
Sorry to be pedantic but, SELinux as you know is an add-on (platform
) to the kernel providing Access Control (RBAC, IBAC, MAC and etc.) and
MLS (Multi-Level Security)
While encouraging you for your work but I'm afraid it is as you
explained yourself:
" User Data Defence includes set of template policies, which makes
process of creation SELinux specifications for user mode applications
simple .... "
in other words, It is A Graphical user Interface for creating SELinux
Policies
BUT, Host based Intrusion Prevention System, (HIPS)
or more accurately Host Based Intrusion Detection and Prevention System
(HIDPS) requires a method to detect attacks and react upon them or
interact with them (Preemptive approach), taking into account the server
or workstation parameters and conditions, utilizing either or
combination of :
1) Signature based analysis of threats
2) Anomaly based analysis of threats against the server,
in example statistical analysis, Integrity analysis and etc.
3) Protocol Anomaly Analysis
4) Heuristic analysis
combination of methods using Expert systems or other means in
Artificial Intelligence/Synthetic Intelligence such as Petri nets,
Artificial Neural Networks and etc.
Best Regards,
Patrick K.
On 10/5/2011 2:30 PM, Hramchenko wrote:
> Hi all.
>
> I have created new host intrusion prevention system based on SELinux.
> It's focused on protection user's data.
> One of the main goals was to create lightweight replacement of
> setroubleshootd.
>
> I hope my program will be useful for SELinux users.
>
> The project home page:
> https://github.com/Hramchenko/userdatadefence/
>
> With respect, Hramchenko Vitaliy.
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2011-10-06 9:02 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-05 18:30 New HIPS based on SELinux Hramchenko
2011-10-06 9:01 ` Patrick K., ITF [this message]
2011-10-06 10:18 ` Hramchenko
2011-10-06 10:25 ` Patrick K., ITF
2011-10-07 8:16 ` Hramchenko
2011-10-07 10:50 ` Patrick K., ITF
-- strict thread matches above, loose matches on Subject: below --
2011-10-05 17:39 Hramchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E8D6E84.9090407@itechfrontiers.com \
--to=cto@itechfrontiers.com \
--cc=hramchenko@bk.ru \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.