Distributed intrusion detection for policy. Controlled heterogeneous environments

This paper describes the intrusion detection aspects of a security architecture for distributed heterogeneous systems based on a network of externalized reference monitors defining a set of policies formulated as formulae of a first order theory. This can be retrofitted onto existing operating systems or realized standalone. Aspects considered in this paper include the effects of fine-grained component-level instrumentation of the operating system and a common entity naming model imposed by the architectural framework and discusses the application of the JDL multisensor data fusion model in the context of the framework.