Attack-resilient compliance monitoring for large distributed infrastructure systems

Mirko Montanari, R H Campbell

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The security of monitoring systems is critical for maintaining an accurate view of the state of infrastructure systems such as enterprise networks and critical infrastructure systems. A malicious user that controls a monitoring system has the ability of delaying the detection of security attacks and sabotages, and can acquire information about the infrastructure that can enable additional attacks. In this paper we present a distributed architecture that increases the resilient of monitoring systems to attacks against their availability, integrity, and confidentiality. Our approach is based on distributing the knowledge of the state of the infrastructure to a large number of non-dedicated servers, so that the compromise of any limited number of hosts does not cause a compromise of the entire monitoring system. We present an algorithm able to integrate information across the distributed servers to evaluate complex security policies. We analyze the security properties of our approach, and we experimentally evaluate the performance and the resilience of our architecture. We show that, compared to current solutions, our solution increases the resilience of a monitoring system while reducing the load on each monitoring machine.

Original languageEnglish (US)
Title of host publicationProceedings - 2011 5th International Conference on Network and System Security, NSS 2011
Pages192-199
Number of pages8
DOIs
StatePublished - Nov 17 2011
Event2011 5th International Conference on Network and System Security, NSS 2011 - Milan, Italy
Duration: Sep 6 2011Sep 8 2011

Publication series

NameProceedings - 2011 5th International Conference on Network and System Security, NSS 2011

Other

Other2011 5th International Conference on Network and System Security, NSS 2011
CountryItaly
CityMilan
Period9/6/119/8/11

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Control and Systems Engineering
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Attack-resilient compliance monitoring for large distributed infrastructure systems'. Together they form a unique fingerprint.

Cite this