TY - GEN
T1 - Attack-resilient compliance monitoring for large distributed infrastructure systems
AU - Montanari, Mirko
AU - Campbell, Roy H.
PY - 2011
Y1 - 2011
N2 - The security of monitoring systems is critical for maintaining an accurate view of the state of infrastructure systems such as enterprise networks and critical infrastructure systems. A malicious user that controls a monitoring system has the ability of delaying the detection of security attacks and sabotages, and can acquire information about the infrastructure that can enable additional attacks. In this paper we present a distributed architecture that increases the resilient of monitoring systems to attacks against their availability, integrity, and confidentiality. Our approach is based on distributing the knowledge of the state of the infrastructure to a large number of non-dedicated servers, so that the compromise of any limited number of hosts does not cause a compromise of the entire monitoring system. We present an algorithm able to integrate information across the distributed servers to evaluate complex security policies. We analyze the security properties of our approach, and we experimentally evaluate the performance and the resilience of our architecture. We show that, compared to current solutions, our solution increases the resilience of a monitoring system while reducing the load on each monitoring machine.
AB - The security of monitoring systems is critical for maintaining an accurate view of the state of infrastructure systems such as enterprise networks and critical infrastructure systems. A malicious user that controls a monitoring system has the ability of delaying the detection of security attacks and sabotages, and can acquire information about the infrastructure that can enable additional attacks. In this paper we present a distributed architecture that increases the resilient of monitoring systems to attacks against their availability, integrity, and confidentiality. Our approach is based on distributing the knowledge of the state of the infrastructure to a large number of non-dedicated servers, so that the compromise of any limited number of hosts does not cause a compromise of the entire monitoring system. We present an algorithm able to integrate information across the distributed servers to evaluate complex security policies. We analyze the security properties of our approach, and we experimentally evaluate the performance and the resilience of our architecture. We show that, compared to current solutions, our solution increases the resilience of a monitoring system while reducing the load on each monitoring machine.
UR - http://www.scopus.com/inward/record.url?scp=81055137255&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=81055137255&partnerID=8YFLogxK
U2 - 10.1109/ICNSS.2011.6060000
DO - 10.1109/ICNSS.2011.6060000
M3 - Conference contribution
AN - SCOPUS:81055137255
SN - 9781457704598
T3 - Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011
SP - 192
EP - 199
BT - Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011
T2 - 2011 5th International Conference on Network and System Security, NSS 2011
Y2 - 6 September 2011 through 8 September 2011
ER -