Confidentiality of event data in policy-based monitoring

Mirko Montanari; Roy H. Campbell

doi:10.1109/DSN.2012.6263954

Confidentiality of event data in policy-based monitoring

Mirko Montanari, Roy H. Campbell

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Monitoring systems observe important information that could be a valuable resource to malicious users: attackers can use the knowledge of topology information, application logs, or configuration data to target attacks and make them hard to detect. The increasing need for correlating information across distributed systems to better detect potential attacks and to meet regulatory requirements can potentially exacerbate the problem if the monitoring is centralized. A single zero-day vulnerability would permit an attacker to access all information. This paper introduces a novel algorithm for performing policy-based security monitoring. We use policies to distribute information across several hosts, so that any host compromise has limited impact on the confidentiality of the data about the overall system. Experiments show that our solution spreads information uniformly across distributed monitoring hosts and forces attackers to perform multiple actions to acquire important data.

Original language	English (US)
Title of host publication	2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012
DOIs	https://doi.org/10.1109/DSN.2012.6263954
State	Published - 2012
Event	42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012 - Boston, MA, United States Duration: Jun 25 2012 → Jun 28 2012

Publication series

Name	Proceedings of the International Conference on Dependable Systems and Networks

Other

Other	42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012
Country/Territory	United States
City	Boston, MA
Period	6/25/12 → 6/28/12

Keywords

confidentiality
distributed systems
monitoring
policy compliance
security

ASJC Scopus subject areas

Software
Hardware and Architecture
Computer Networks and Communications

Online availability

10.1109/DSN.2012.6263954

Library availability

Discover UIUC Full Text

Cite this

Confidentiality of event data in policy-based monitoring. / Montanari, Mirko; Campbell, Roy H.
2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012. 2012. 6263954 (Proceedings of the International Conference on Dependable Systems and Networks).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Montanari, M & Campbell, RH 2012, Confidentiality of event data in policy-based monitoring. in 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012., 6263954, Proceedings of the International Conference on Dependable Systems and Networks, 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012, Boston, MA, United States, 6/25/12. https://doi.org/10.1109/DSN.2012.6263954

@inproceedings{c83d35a85849438fb965b1ca7c8edeb7,

title = "Confidentiality of event data in policy-based monitoring",

abstract = "Monitoring systems observe important information that could be a valuable resource to malicious users: attackers can use the knowledge of topology information, application logs, or configuration data to target attacks and make them hard to detect. The increasing need for correlating information across distributed systems to better detect potential attacks and to meet regulatory requirements can potentially exacerbate the problem if the monitoring is centralized. A single zero-day vulnerability would permit an attacker to access all information. This paper introduces a novel algorithm for performing policy-based security monitoring. We use policies to distribute information across several hosts, so that any host compromise has limited impact on the confidentiality of the data about the overall system. Experiments show that our solution spreads information uniformly across distributed monitoring hosts and forces attackers to perform multiple actions to acquire important data.",

keywords = "confidentiality, distributed systems, monitoring, policy compliance, security",

author = "Mirko Montanari and Campbell, {Roy H.}",

year = "2012",

doi = "10.1109/DSN.2012.6263954",

language = "English (US)",

isbn = "9781467316248",

series = "Proceedings of the International Conference on Dependable Systems and Networks",

booktitle = "2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012",

note = "42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012 ; Conference date: 25-06-2012 Through 28-06-2012",

}

TY - GEN

T1 - Confidentiality of event data in policy-based monitoring

AU - Montanari, Mirko

AU - Campbell, Roy H.

PY - 2012

Y1 - 2012

N2 - Monitoring systems observe important information that could be a valuable resource to malicious users: attackers can use the knowledge of topology information, application logs, or configuration data to target attacks and make them hard to detect. The increasing need for correlating information across distributed systems to better detect potential attacks and to meet regulatory requirements can potentially exacerbate the problem if the monitoring is centralized. A single zero-day vulnerability would permit an attacker to access all information. This paper introduces a novel algorithm for performing policy-based security monitoring. We use policies to distribute information across several hosts, so that any host compromise has limited impact on the confidentiality of the data about the overall system. Experiments show that our solution spreads information uniformly across distributed monitoring hosts and forces attackers to perform multiple actions to acquire important data.

AB - Monitoring systems observe important information that could be a valuable resource to malicious users: attackers can use the knowledge of topology information, application logs, or configuration data to target attacks and make them hard to detect. The increasing need for correlating information across distributed systems to better detect potential attacks and to meet regulatory requirements can potentially exacerbate the problem if the monitoring is centralized. A single zero-day vulnerability would permit an attacker to access all information. This paper introduces a novel algorithm for performing policy-based security monitoring. We use policies to distribute information across several hosts, so that any host compromise has limited impact on the confidentiality of the data about the overall system. Experiments show that our solution spreads information uniformly across distributed monitoring hosts and forces attackers to perform multiple actions to acquire important data.

KW - confidentiality

KW - distributed systems

KW - monitoring

KW - policy compliance

KW - security

UR - http://www.scopus.com/inward/record.url?scp=84866648713&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84866648713&partnerID=8YFLogxK

U2 - 10.1109/DSN.2012.6263954

DO - 10.1109/DSN.2012.6263954

M3 - Conference contribution

AN - SCOPUS:84866648713

SN - 9781467316248

T3 - Proceedings of the International Conference on Dependable Systems and Networks

BT - 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012

T2 - 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2012

Y2 - 25 June 2012 through 28 June 2012

ER -

Confidentiality of event data in policy-based monitoring

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this