Rosy Barruffi, Michela Milano and Rebecca Montanari
Security Management is a key issue in distributed computer systems. Resources and data need to be protected against unauthorized access, manipulation and malicious intrusions that render a system unreliable or unusable. The complexity of the task calls for the design of intelligent support systems that aid system administrators in the detection and/or prevention of intrusions. For this purpose, Intrusion Detection Systems (IDS) have been deeply investigated. IDSs axe aimed at identifying intrusions and triggering consequent repair and/or reconfiguration actions. In general, these recovery procedures axe statically defined by a system administrator. An alternative approach relies on a planner that dynamically computes the action chain (plan) for reconfiguring/repairing an attacked system. Using planning techniques greatly increases IDS flexibility, since statically defined countermeasures axe not always the most appropriate and can be excessive (or even wrong) in some situations. In this paper, we discuss the design and implementation of a constraint-based planner that acts as a reacting module in an IDS.