Confidentiality of event data in policy-based monitoring

Mirko Montanari, Roy H. Campbell

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Monitoring systems observe important information that could be a valuable resource to malicious users: attackers can use the knowledge of topology information, application logs, or configuration data to target attacks and make them hard to detect. The increasing need for correlating information across distributed systems to better detect potential attacks and to meet regulatory requirements can potentially exacerbate the problem if the monitoring is centralized. A single zero-day vulnerability would permit an attacker to access all information. This paper introduces a novel algorithm for performing policy-based security monitoring. We use policies to distribute information across several hosts, so that any host compromise has limited impact on the confidentiality of the data about the overall system. Experiments show that our solution spreads information uniformly across distributed monitoring hosts and forces attackers to perform multiple actions to acquire important data.

Original languageEnglish (US)
Title of host publication2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012
DOIs
StatePublished - Oct 1 2012
Event42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012 - Boston, MA, United States
Duration: Jun 25 2012Jun 28 2012

Publication series

NameProceedings of the International Conference on Dependable Systems and Networks

Other

Other42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012
CountryUnited States
CityBoston, MA
Period6/25/126/28/12

Fingerprint

Monitoring
Topology
Experiments

Keywords

  • confidentiality
  • distributed systems
  • monitoring
  • policy compliance
  • security

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

Montanari, M., & Campbell, R. H. (2012). Confidentiality of event data in policy-based monitoring. In 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012 [6263954] (Proceedings of the International Conference on Dependable Systems and Networks). https://doi.org/10.1109/DSN.2012.6263954

Confidentiality of event data in policy-based monitoring. / Montanari, Mirko; Campbell, Roy H.

2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012. 2012. 6263954 (Proceedings of the International Conference on Dependable Systems and Networks).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Montanari, M & Campbell, RH 2012, Confidentiality of event data in policy-based monitoring. in 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012., 6263954, Proceedings of the International Conference on Dependable Systems and Networks, 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012, Boston, MA, United States, 6/25/12. https://doi.org/10.1109/DSN.2012.6263954
Montanari M, Campbell RH. Confidentiality of event data in policy-based monitoring. In 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012. 2012. 6263954. (Proceedings of the International Conference on Dependable Systems and Networks). https://doi.org/10.1109/DSN.2012.6263954
Montanari, Mirko ; Campbell, Roy H. / Confidentiality of event data in policy-based monitoring. 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012. 2012. (Proceedings of the International Conference on Dependable Systems and Networks).
@inproceedings{c83d35a85849438fb965b1ca7c8edeb7,
title = "Confidentiality of event data in policy-based monitoring",
abstract = "Monitoring systems observe important information that could be a valuable resource to malicious users: attackers can use the knowledge of topology information, application logs, or configuration data to target attacks and make them hard to detect. The increasing need for correlating information across distributed systems to better detect potential attacks and to meet regulatory requirements can potentially exacerbate the problem if the monitoring is centralized. A single zero-day vulnerability would permit an attacker to access all information. This paper introduces a novel algorithm for performing policy-based security monitoring. We use policies to distribute information across several hosts, so that any host compromise has limited impact on the confidentiality of the data about the overall system. Experiments show that our solution spreads information uniformly across distributed monitoring hosts and forces attackers to perform multiple actions to acquire important data.",
keywords = "confidentiality, distributed systems, monitoring, policy compliance, security",
author = "Mirko Montanari and Campbell, {Roy H.}",
year = "2012",
month = "10",
day = "1",
doi = "10.1109/DSN.2012.6263954",
language = "English (US)",
isbn = "9781467316248",
series = "Proceedings of the International Conference on Dependable Systems and Networks",
booktitle = "2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012",

}

TY - GEN

T1 - Confidentiality of event data in policy-based monitoring

AU - Montanari, Mirko

AU - Campbell, Roy H.

PY - 2012/10/1

Y1 - 2012/10/1

N2 - Monitoring systems observe important information that could be a valuable resource to malicious users: attackers can use the knowledge of topology information, application logs, or configuration data to target attacks and make them hard to detect. The increasing need for correlating information across distributed systems to better detect potential attacks and to meet regulatory requirements can potentially exacerbate the problem if the monitoring is centralized. A single zero-day vulnerability would permit an attacker to access all information. This paper introduces a novel algorithm for performing policy-based security monitoring. We use policies to distribute information across several hosts, so that any host compromise has limited impact on the confidentiality of the data about the overall system. Experiments show that our solution spreads information uniformly across distributed monitoring hosts and forces attackers to perform multiple actions to acquire important data.

AB - Monitoring systems observe important information that could be a valuable resource to malicious users: attackers can use the knowledge of topology information, application logs, or configuration data to target attacks and make them hard to detect. The increasing need for correlating information across distributed systems to better detect potential attacks and to meet regulatory requirements can potentially exacerbate the problem if the monitoring is centralized. A single zero-day vulnerability would permit an attacker to access all information. This paper introduces a novel algorithm for performing policy-based security monitoring. We use policies to distribute information across several hosts, so that any host compromise has limited impact on the confidentiality of the data about the overall system. Experiments show that our solution spreads information uniformly across distributed monitoring hosts and forces attackers to perform multiple actions to acquire important data.

KW - confidentiality

KW - distributed systems

KW - monitoring

KW - policy compliance

KW - security

UR - http://www.scopus.com/inward/record.url?scp=84866648713&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84866648713&partnerID=8YFLogxK

U2 - 10.1109/DSN.2012.6263954

DO - 10.1109/DSN.2012.6263954

M3 - Conference contribution

AN - SCOPUS:84866648713

SN - 9781467316248

T3 - Proceedings of the International Conference on Dependable Systems and Networks

BT - 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012

ER -