Distributed security policy conformance

Mirko Montanari, Ellick Chan, Kevin Larson, Wucherl Yoo, Roy H. Campbell

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Security policy conformance is a crucial issue in large-scale critical cyber-infrastructure. The complexity of these systems, insider attacks, and the possible speed of an attack on a system necessitate an automated approach to assure a basic level of protection. This paper presents Odessa, a resilient system for monitoring and validating compliance of networked systems to complex policies. To manage the scale of infrastructure systems and to avoid single points of failure or attack, Odessa distributes policy validation across many network nodes. Partial delegation enables the validation of component policies and of liveness at the edge nodes of the network using redundancy to increase security. Redundant distributed servers aggregate data to validate more complex policies. Our practical implementation of Odessa resists Byzantine failure of monitoring using an architecture that significantly increases scalability and attack resistance.

Original languageEnglish (US)
Title of host publicationFuture Challenges in Security and Privacy for Academia and Industry - 26th IFIP TC 11 International Information Security Conference, SEC 2011, Proceedings
Pages210-222
Number of pages13
DOIs
StatePublished - Aug 2 2011
Event26th IFIP TC-11 International Information Security Conference on "Future Challenges in Security and Privacy for Academia and Industry", SEC 2011 - Lucerne, Switzerland
Duration: Jun 7 2011Jun 9 2011

Publication series

NameIFIP Advances in Information and Communication Technology
Volume354 AICT
ISSN (Print)1868-4238

Other

Other26th IFIP TC-11 International Information Security Conference on "Future Challenges in Security and Privacy for Academia and Industry", SEC 2011
CountrySwitzerland
CityLucerne
Period6/7/116/9/11

    Fingerprint

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications
  • Information Systems and Management

Cite this

Montanari, M., Chan, E., Larson, K., Yoo, W., & Campbell, R. H. (2011). Distributed security policy conformance. In Future Challenges in Security and Privacy for Academia and Industry - 26th IFIP TC 11 International Information Security Conference, SEC 2011, Proceedings (pp. 210-222). (IFIP Advances in Information and Communication Technology; Vol. 354 AICT). https://doi.org/10.1007/978-3-642-21424-0_17