Security monitoring systems have been recognized as a fundamental component of security management, and they provide the fundamental building blocks of future reactive and autonomic systems that can automatically respond and adapt to changes in their environment. However, operating security monitoring systems in the complex environment of today's organizations is challenging. The complex structure of many organizations, the use of cloud computing, and the complexity of attacks require monitoring systems that can operate across the organization boundaries to integrate many types of information. However, when multiple security domains are involved, privacy and confidentiality problems create challenges in integrating events across systems. Situational awareness can be impacted, and so can be the ability of future systems to adapt to their environment. Our thesis is that the explicit definition of policies enables the design of multi-domain monitoring systems that protect the confidentiality and the integrity of the monitoring data. We focus on the problem of sharing discrete events across organizations for detecting violations of security policies. We identify several scenarios from real-word policies in which such a multi-domain sharing is necessary. We introduce a novel architecture for monitoring multi-domain systems, and we introduce two complementary approaches for reducing the amount of information to share to a value close to the theoretical minimum. Our results show that our approaches have adequate performance in many monitoring scenarios, and significantly reduces the amount of information to share. Finally, as security monitoring is a fundamental service in modern systems, we provide a security analysis of our architecture. We analyze the impact of attacks on the integrity, availability, and confidentiality of the monitoring data. We show that, in many cases, our monitoring system fails gracefully in case of attacks without the causing catastrophic security failures of centralized systems.
【 预 览 】
附件列表
Files
Size
Format
View
Limiting information exposure in multi-domain monitoring systems
PDF
download
878987797
028-85220240
