Implementing an Intrusion Detection System in the Mysea Architecture
Abstract
The Monterey Security Architecture (MYSEA) supports a multilevel secure (MLS) network and a number of single level networks at different classification levels. The MYSEA MLS server is the focus of policy enforcement. It implements a Dynamic Security Services mechanism (DSS) that can modulate IPsec security attributes and MYSEA security services based upon administrator choices. Use of intrusion detection technology on the unprotected single level networks can provide administrators with actionable information to inform DSS choices. The objective of this thesis is to design an intrusion detection system (IDS) architecture that permits administrators operating on MYSEA client machines to conveniently view and analyze IDS alerts from the single level networks. A progressive set of analyses and experiments was conducted that led to a working implementation of an IDS for MYSEA. Sensors are located on the single level networks. Their alerts are fed into the MLS server, where single level databases are used to store and organize the data. Administrators can login from the MLS LAN and examine IDS results, which may be used to derive new DSS policies. A testing methodology was developed and functional tests were performed. Implementation considerations for future extensions of this work are presented.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2008
- Accession Number
- ADA483571
Entities
People
- Thomas Tenhunen
Organizations
- Naval Postgraduate School