Grasp

GRASP’s unique intrusion detection operates at the application level by monitoring resource consumption. GRASP automatically modifies fine-grained operating system security policy mechanisms to prevent a similar intrusion in the future. GRASP’s policy evolution approach includes several safety mechanisms to ensure critical mission resources are always accessible to those who need them. Today, creating fine-grained security policies place too great a burden on local administrators, who should be concentrating on meeting mission objectives. GRASP effectively provides a protective object-oriented operating system armor around the application. The proposed GRASP design has the following features: •Application intrusion detection, containment and automatic intelligence gathering •Proactively deceiving the attacker to elicit unique, distinguishing characteristics •Tracking attackers across multiple incursions by identifying them by their fist •Attacker fists described canonically so they can be shared with other DoD sites •Gathering intelligence about attack vectors and how they work •Evolving security policy in response to attacks without impacting the mission •Long term learning to determine the most effective deception techniques •Risk monitoring that terminates an attack when it threatens the application