Limiting data exposure in monitoring multi-domain policy conformance

Mirko Montanari, Jun Ho Huh, Rakesh B. Bobba, Roy H. Campbell

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In hybrid- or multi-cloud systems, security information and event management systems often work with abstract level information provided by the service providers. Privacy and confidentiality requirements discourage sharing of the raw data. With access to only the partial information, detecting anomalies and policy violations becomes much more difficult in those environments. This paper proposes a mechanism for detecting undesirable events over the composition of multiple independent systems that have constraints in sharing information because of security and privacy concerns. Our approach complements other privacy-preserving event-sharing methods by focusing on discrete events such as system and network configuration changes. We use logic-based policies to define undesirable event sequences, and use multi-party computation to share event details that are needed for detecting violations. Further, through experimental evaluation, we show that our technique reduces the information shared between systems by more than half, and we show that the low performance of multi-party computation can be balanced out with concurrency-demonstrating an event rate acceptable for verification of configuration changes as well as other complex conditions.

Original languageEnglish (US)
Title of host publicationTrust and Trustworthy Computing - 6th International Conference, TRUST 2013, Proceedings
Pages65-82
Number of pages18
DOIs
StatePublished - 2013
Event6th International Conference on Trust and Trustworthy Computing, TRUST 2013 - London, United Kingdom
Duration: Jun 17 2013Jun 19 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7904 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other6th International Conference on Trust and Trustworthy Computing, TRUST 2013
Country/TerritoryUnited Kingdom
CityLondon
Period6/17/136/19/13

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Limiting data exposure in monitoring multi-domain policy conformance'. Together they form a unique fingerprint.

Cite this