Multi-organization policy-based monitoring

Mirko Montanari, Lucas T. Cook, Roy H. Campbell

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The monitoring of modern large scale infrastructure systems often relies on complex event processing (CEP) rules to detect security and performance problems. For example, the continuous monitoring of compliance to regulatory requirements such as PCI-DSS and NERC CIP requires analyzing events to identify if specific conditions over the configurations of devices occur. In multi-organization systems, detecting these problems often requires integrating events generated by different organizations. As events provide information about the infrastructure' internal structure, organizations are interested in reducing the amount of information shared with external entities. This paper analyses the problem of detecting policy violations in network infrastructure systems managed by two organizations (e.g., a cloud user and a cloud provider). We focus on CEP monitoring systems and we introduce two protocols for selecting the events to share between the two organizations to ensure the detection of all possible policy violations. Our experimental evaluation shows that reciprocal information sharing between the two organizations significantly reduces the amount of information to transfer. In our SNMP monitoring test case, we obtain a 80% reduction in the information shared by any single organization.

Original languageEnglish (US)
Title of host publicationProceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012
Pages70-77
Number of pages8
DOIs
StatePublished - Oct 2 2012
Event2012 IEEE 13th International Symposium on Policies for Distributed Systems and Networks, POLICY 2012 - Chapel Hill, NC, United States
Duration: Jul 16 2012Jul 18 2012

Publication series

NameProceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012

Other

Other2012 IEEE 13th International Symposium on Policies for Distributed Systems and Networks, POLICY 2012
CountryUnited States
CityChapel Hill, NC
Period7/16/127/18/12

    Fingerprint

Keywords

  • cloud computing
  • compliance
  • monitoring
  • multi-domain
  • multi-organization
  • policy
  • security

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Montanari, M., Cook, L. T., & Campbell, R. H. (2012). Multi-organization policy-based monitoring. In Proceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012 (pp. 70-77). [6268003] (Proceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012). https://doi.org/10.1109/POLICY.2012.18