Attack-resilient compliance monitoring for large distributed infrastructure systems

Mirko Montanari, R H Campbell

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The security of monitoring systems is critical for maintaining an accurate view of the state of infrastructure systems such as enterprise networks and critical infrastructure systems. A malicious user that controls a monitoring system has the ability of delaying the detection of security attacks and sabotages, and can acquire information about the infrastructure that can enable additional attacks. In this paper we present a distributed architecture that increases the resilient of monitoring systems to attacks against their availability, integrity, and confidentiality. Our approach is based on distributing the knowledge of the state of the infrastructure to a large number of non-dedicated servers, so that the compromise of any limited number of hosts does not cause a compromise of the entire monitoring system. We present an algorithm able to integrate information across the distributed servers to evaluate complex security policies. We analyze the security properties of our approach, and we experimentally evaluate the performance and the resilience of our architecture. We show that, compared to current solutions, our solution increases the resilience of a monitoring system while reducing the load on each monitoring machine.

Original languageEnglish (US)
Title of host publicationProceedings - 2011 5th International Conference on Network and System Security, NSS 2011
Pages192-199
Number of pages8
DOIs
StatePublished - Nov 17 2011
Event2011 5th International Conference on Network and System Security, NSS 2011 - Milan, Italy
Duration: Sep 6 2011Sep 8 2011

Publication series

NameProceedings - 2011 5th International Conference on Network and System Security, NSS 2011

Other

Other2011 5th International Conference on Network and System Security, NSS 2011
CountryItaly
CityMilan
Period9/6/119/8/11

Fingerprint

Monitoring
Servers
Critical infrastructures
Compliance
Availability
Industry

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Control and Systems Engineering
  • Safety, Risk, Reliability and Quality

Cite this

Montanari, M., & Campbell, R. H. (2011). Attack-resilient compliance monitoring for large distributed infrastructure systems. In Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011 (pp. 192-199). [6060000] (Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011). https://doi.org/10.1109/ICNSS.2011.6060000

Attack-resilient compliance monitoring for large distributed infrastructure systems. / Montanari, Mirko; Campbell, R H.

Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011. 2011. p. 192-199 6060000 (Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Montanari, M & Campbell, RH 2011, Attack-resilient compliance monitoring for large distributed infrastructure systems. in Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011., 6060000, Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011, pp. 192-199, 2011 5th International Conference on Network and System Security, NSS 2011, Milan, Italy, 9/6/11. https://doi.org/10.1109/ICNSS.2011.6060000
Montanari M, Campbell RH. Attack-resilient compliance monitoring for large distributed infrastructure systems. In Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011. 2011. p. 192-199. 6060000. (Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011). https://doi.org/10.1109/ICNSS.2011.6060000
Montanari, Mirko ; Campbell, R H. / Attack-resilient compliance monitoring for large distributed infrastructure systems. Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011. 2011. pp. 192-199 (Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011).
@inproceedings{99632b0ccf9044eebb53cf8dd11eaff1,
title = "Attack-resilient compliance monitoring for large distributed infrastructure systems",
abstract = "The security of monitoring systems is critical for maintaining an accurate view of the state of infrastructure systems such as enterprise networks and critical infrastructure systems. A malicious user that controls a monitoring system has the ability of delaying the detection of security attacks and sabotages, and can acquire information about the infrastructure that can enable additional attacks. In this paper we present a distributed architecture that increases the resilient of monitoring systems to attacks against their availability, integrity, and confidentiality. Our approach is based on distributing the knowledge of the state of the infrastructure to a large number of non-dedicated servers, so that the compromise of any limited number of hosts does not cause a compromise of the entire monitoring system. We present an algorithm able to integrate information across the distributed servers to evaluate complex security policies. We analyze the security properties of our approach, and we experimentally evaluate the performance and the resilience of our architecture. We show that, compared to current solutions, our solution increases the resilience of a monitoring system while reducing the load on each monitoring machine.",
author = "Mirko Montanari and Campbell, {R H}",
year = "2011",
month = "11",
day = "17",
doi = "10.1109/ICNSS.2011.6060000",
language = "English (US)",
isbn = "9781457704598",
series = "Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011",
pages = "192--199",
booktitle = "Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011",

}

TY - GEN

T1 - Attack-resilient compliance monitoring for large distributed infrastructure systems

AU - Montanari, Mirko

AU - Campbell, R H

PY - 2011/11/17

Y1 - 2011/11/17

N2 - The security of monitoring systems is critical for maintaining an accurate view of the state of infrastructure systems such as enterprise networks and critical infrastructure systems. A malicious user that controls a monitoring system has the ability of delaying the detection of security attacks and sabotages, and can acquire information about the infrastructure that can enable additional attacks. In this paper we present a distributed architecture that increases the resilient of monitoring systems to attacks against their availability, integrity, and confidentiality. Our approach is based on distributing the knowledge of the state of the infrastructure to a large number of non-dedicated servers, so that the compromise of any limited number of hosts does not cause a compromise of the entire monitoring system. We present an algorithm able to integrate information across the distributed servers to evaluate complex security policies. We analyze the security properties of our approach, and we experimentally evaluate the performance and the resilience of our architecture. We show that, compared to current solutions, our solution increases the resilience of a monitoring system while reducing the load on each monitoring machine.

AB - The security of monitoring systems is critical for maintaining an accurate view of the state of infrastructure systems such as enterprise networks and critical infrastructure systems. A malicious user that controls a monitoring system has the ability of delaying the detection of security attacks and sabotages, and can acquire information about the infrastructure that can enable additional attacks. In this paper we present a distributed architecture that increases the resilient of monitoring systems to attacks against their availability, integrity, and confidentiality. Our approach is based on distributing the knowledge of the state of the infrastructure to a large number of non-dedicated servers, so that the compromise of any limited number of hosts does not cause a compromise of the entire monitoring system. We present an algorithm able to integrate information across the distributed servers to evaluate complex security policies. We analyze the security properties of our approach, and we experimentally evaluate the performance and the resilience of our architecture. We show that, compared to current solutions, our solution increases the resilience of a monitoring system while reducing the load on each monitoring machine.

UR - http://www.scopus.com/inward/record.url?scp=81055137255&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=81055137255&partnerID=8YFLogxK

U2 - 10.1109/ICNSS.2011.6060000

DO - 10.1109/ICNSS.2011.6060000

M3 - Conference contribution

AN - SCOPUS:81055137255

SN - 9781457704598

T3 - Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011

SP - 192

EP - 199

BT - Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011

ER -