Distributed security policy conformance

Mirko Montanari; Ellick Chan; Kevin Larson; Wucherl Yoo; Roy H. Campbell

doi:10.1007/978-3-642-21424-0_17

Distributed security policy conformance

Mirko Montanari, Ellick Chan, Kevin Larson, Wucherl Yoo, Roy H. Campbell

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Security policy conformance is a crucial issue in large-scale critical cyber-infrastructure. The complexity of these systems, insider attacks, and the possible speed of an attack on a system necessitate an automated approach to assure a basic level of protection. This paper presents Odessa, a resilient system for monitoring and validating compliance of networked systems to complex policies. To manage the scale of infrastructure systems and to avoid single points of failure or attack, Odessa distributes policy validation across many network nodes. Partial delegation enables the validation of component policies and of liveness at the edge nodes of the network using redundancy to increase security. Redundant distributed servers aggregate data to validate more complex policies. Our practical implementation of Odessa resists Byzantine failure of monitoring using an architecture that significantly increases scalability and attack resistance.

Original language	English (US)
Title of host publication	Future Challenges in Security and Privacy for Academia and Industry - 26th IFIP TC 11 International Information Security Conference, SEC 2011, Proceedings
Pages	210-222
Number of pages	13
DOIs	https://doi.org/10.1007/978-3-642-21424-0_17
State	Published - 2011
Event	26th IFIP TC-11 International Information Security Conference on "Future Challenges in Security and Privacy for Academia and Industry", SEC 2011 - Lucerne, Switzerland Duration: Jun 7 2011 → Jun 9 2011

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	354 AICT
ISSN (Print)	1868-4238

Other

Other	26th IFIP TC-11 International Information Security Conference on "Future Challenges in Security and Privacy for Academia and Industry", SEC 2011
Country/Territory	Switzerland
City	Lucerne
Period	6/7/11 → 6/9/11

ASJC Scopus subject areas

Information Systems and Management

Online availability

10.1007/978-3-642-21424-0_17

Library availability

Discover UIUC Full Text

Cite this

Montanari, M., Chan, E., Larson, K., Yoo, W., & Campbell, R. H. (2011). Distributed security policy conformance. In Future Challenges in Security and Privacy for Academia and Industry - 26th IFIP TC 11 International Information Security Conference, SEC 2011, Proceedings (pp. 210-222). (IFIP Advances in Information and Communication Technology; Vol. 354 AICT). https://doi.org/10.1007/978-3-642-21424-0_17

Distributed security policy conformance. / Montanari, Mirko; Chan, Ellick; Larson, Kevin et al.
Future Challenges in Security and Privacy for Academia and Industry - 26th IFIP TC 11 International Information Security Conference, SEC 2011, Proceedings. 2011. p. 210-222 (IFIP Advances in Information and Communication Technology; Vol. 354 AICT).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Montanari, M, Chan, E, Larson, K, Yoo, W & Campbell, RH 2011, Distributed security policy conformance. in Future Challenges in Security and Privacy for Academia and Industry - 26th IFIP TC 11 International Information Security Conference, SEC 2011, Proceedings. IFIP Advances in Information and Communication Technology, vol. 354 AICT, pp. 210-222, 26th IFIP TC-11 International Information Security Conference on "Future Challenges in Security and Privacy for Academia and Industry", SEC 2011, Lucerne, Switzerland, 6/7/11. https://doi.org/10.1007/978-3-642-21424-0_17

@inproceedings{c163776d48db417d815b9b1d327fe3bd,

title = "Distributed security policy conformance",

abstract = "Security policy conformance is a crucial issue in large-scale critical cyber-infrastructure. The complexity of these systems, insider attacks, and the possible speed of an attack on a system necessitate an automated approach to assure a basic level of protection. This paper presents Odessa, a resilient system for monitoring and validating compliance of networked systems to complex policies. To manage the scale of infrastructure systems and to avoid single points of failure or attack, Odessa distributes policy validation across many network nodes. Partial delegation enables the validation of component policies and of liveness at the edge nodes of the network using redundancy to increase security. Redundant distributed servers aggregate data to validate more complex policies. Our practical implementation of Odessa resists Byzantine failure of monitoring using an architecture that significantly increases scalability and attack resistance.",

author = "Mirko Montanari and Ellick Chan and Kevin Larson and Wucherl Yoo and Campbell, {Roy H.}",

year = "2011",

doi = "10.1007/978-3-642-21424-0_17",

language = "English (US)",

isbn = "9783642214233",

series = "IFIP Advances in Information and Communication Technology",

pages = "210--222",

booktitle = "Future Challenges in Security and Privacy for Academia and Industry - 26th IFIP TC 11 International Information Security Conference, SEC 2011, Proceedings",

note = "26th IFIP TC-11 International Information Security Conference on {"}Future Challenges in Security and Privacy for Academia and Industry{"}, SEC 2011 ; Conference date: 07-06-2011 Through 09-06-2011",

}

TY - GEN

T1 - Distributed security policy conformance

AU - Montanari, Mirko

AU - Chan, Ellick

AU - Larson, Kevin

AU - Yoo, Wucherl

AU - Campbell, Roy H.

PY - 2011

Y1 - 2011

N2 - Security policy conformance is a crucial issue in large-scale critical cyber-infrastructure. The complexity of these systems, insider attacks, and the possible speed of an attack on a system necessitate an automated approach to assure a basic level of protection. This paper presents Odessa, a resilient system for monitoring and validating compliance of networked systems to complex policies. To manage the scale of infrastructure systems and to avoid single points of failure or attack, Odessa distributes policy validation across many network nodes. Partial delegation enables the validation of component policies and of liveness at the edge nodes of the network using redundancy to increase security. Redundant distributed servers aggregate data to validate more complex policies. Our practical implementation of Odessa resists Byzantine failure of monitoring using an architecture that significantly increases scalability and attack resistance.

AB - Security policy conformance is a crucial issue in large-scale critical cyber-infrastructure. The complexity of these systems, insider attacks, and the possible speed of an attack on a system necessitate an automated approach to assure a basic level of protection. This paper presents Odessa, a resilient system for monitoring and validating compliance of networked systems to complex policies. To manage the scale of infrastructure systems and to avoid single points of failure or attack, Odessa distributes policy validation across many network nodes. Partial delegation enables the validation of component policies and of liveness at the edge nodes of the network using redundancy to increase security. Redundant distributed servers aggregate data to validate more complex policies. Our practical implementation of Odessa resists Byzantine failure of monitoring using an architecture that significantly increases scalability and attack resistance.

UR - http://www.scopus.com/inward/record.url?scp=79960875884&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79960875884&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-21424-0_17

DO - 10.1007/978-3-642-21424-0_17

M3 - Conference contribution

AN - SCOPUS:79960875884

SN - 9783642214233

T3 - IFIP Advances in Information and Communication Technology

SP - 210

EP - 222

BT - Future Challenges in Security and Privacy for Academia and Industry - 26th IFIP TC 11 International Information Security Conference, SEC 2011, Proceedings

T2 - 26th IFIP TC-11 International Information Security Conference on "Future Challenges in Security and Privacy for Academia and Industry", SEC 2011

Y2 - 7 June 2011 through 9 June 2011

ER -

Distributed security policy conformance

Abstract

Publication series

Other

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this