Multi-organization policy-based monitoring

Mirko Montanari, Lucas T. Cook, R H Campbell

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The monitoring of modern large scale infrastructure systems often relies on complex event processing (CEP) rules to detect security and performance problems. For example, the continuous monitoring of compliance to regulatory requirements such as PCI-DSS and NERC CIP requires analyzing events to identify if specific conditions over the configurations of devices occur. In multi-organization systems, detecting these problems often requires integrating events generated by different organizations. As events provide information about the infrastructure' internal structure, organizations are interested in reducing the amount of information shared with external entities. This paper analyses the problem of detecting policy violations in network infrastructure systems managed by two organizations (e.g., a cloud user and a cloud provider). We focus on CEP monitoring systems and we introduce two protocols for selecting the events to share between the two organizations to ensure the detection of all possible policy violations. Our experimental evaluation shows that reciprocal information sharing between the two organizations significantly reduces the amount of information to transfer. In our SNMP monitoring test case, we obtain a 80% reduction in the information shared by any single organization.

Original languageEnglish (US)
Title of host publicationProceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012
Pages70-77
Number of pages8
DOIs
StatePublished - Oct 2 2012
Event2012 IEEE 13th International Symposium on Policies for Distributed Systems and Networks, POLICY 2012 - Chapel Hill, NC, United States
Duration: Jul 16 2012Jul 18 2012

Publication series

NameProceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012

Other

Other2012 IEEE 13th International Symposium on Policies for Distributed Systems and Networks, POLICY 2012
CountryUnited States
CityChapel Hill, NC
Period7/16/127/18/12

Fingerprint

Monitoring
Processing

Keywords

  • cloud computing
  • compliance
  • monitoring
  • multi-domain
  • multi-organization
  • policy
  • security

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Montanari, M., Cook, L. T., & Campbell, R. H. (2012). Multi-organization policy-based monitoring. In Proceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012 (pp. 70-77). [6268003] (Proceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012). https://doi.org/10.1109/POLICY.2012.18

Multi-organization policy-based monitoring. / Montanari, Mirko; Cook, Lucas T.; Campbell, R H.

Proceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012. 2012. p. 70-77 6268003 (Proceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Montanari, M, Cook, LT & Campbell, RH 2012, Multi-organization policy-based monitoring. in Proceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012., 6268003, Proceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012, pp. 70-77, 2012 IEEE 13th International Symposium on Policies for Distributed Systems and Networks, POLICY 2012, Chapel Hill, NC, United States, 7/16/12. https://doi.org/10.1109/POLICY.2012.18
Montanari M, Cook LT, Campbell RH. Multi-organization policy-based monitoring. In Proceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012. 2012. p. 70-77. 6268003. (Proceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012). https://doi.org/10.1109/POLICY.2012.18
Montanari, Mirko ; Cook, Lucas T. ; Campbell, R H. / Multi-organization policy-based monitoring. Proceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012. 2012. pp. 70-77 (Proceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012).
@inproceedings{cb2dc5edb3944f308eb194ca5ee9d001,
title = "Multi-organization policy-based monitoring",
abstract = "The monitoring of modern large scale infrastructure systems often relies on complex event processing (CEP) rules to detect security and performance problems. For example, the continuous monitoring of compliance to regulatory requirements such as PCI-DSS and NERC CIP requires analyzing events to identify if specific conditions over the configurations of devices occur. In multi-organization systems, detecting these problems often requires integrating events generated by different organizations. As events provide information about the infrastructure' internal structure, organizations are interested in reducing the amount of information shared with external entities. This paper analyses the problem of detecting policy violations in network infrastructure systems managed by two organizations (e.g., a cloud user and a cloud provider). We focus on CEP monitoring systems and we introduce two protocols for selecting the events to share between the two organizations to ensure the detection of all possible policy violations. Our experimental evaluation shows that reciprocal information sharing between the two organizations significantly reduces the amount of information to transfer. In our SNMP monitoring test case, we obtain a 80{\%} reduction in the information shared by any single organization.",
keywords = "cloud computing, compliance, monitoring, multi-domain, multi-organization, policy, security",
author = "Mirko Montanari and Cook, {Lucas T.} and Campbell, {R H}",
year = "2012",
month = "10",
day = "2",
doi = "10.1109/POLICY.2012.18",
language = "English (US)",
isbn = "9780769547350",
series = "Proceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012",
pages = "70--77",
booktitle = "Proceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012",

}

TY - GEN

T1 - Multi-organization policy-based monitoring

AU - Montanari, Mirko

AU - Cook, Lucas T.

AU - Campbell, R H

PY - 2012/10/2

Y1 - 2012/10/2

N2 - The monitoring of modern large scale infrastructure systems often relies on complex event processing (CEP) rules to detect security and performance problems. For example, the continuous monitoring of compliance to regulatory requirements such as PCI-DSS and NERC CIP requires analyzing events to identify if specific conditions over the configurations of devices occur. In multi-organization systems, detecting these problems often requires integrating events generated by different organizations. As events provide information about the infrastructure' internal structure, organizations are interested in reducing the amount of information shared with external entities. This paper analyses the problem of detecting policy violations in network infrastructure systems managed by two organizations (e.g., a cloud user and a cloud provider). We focus on CEP monitoring systems and we introduce two protocols for selecting the events to share between the two organizations to ensure the detection of all possible policy violations. Our experimental evaluation shows that reciprocal information sharing between the two organizations significantly reduces the amount of information to transfer. In our SNMP monitoring test case, we obtain a 80% reduction in the information shared by any single organization.

AB - The monitoring of modern large scale infrastructure systems often relies on complex event processing (CEP) rules to detect security and performance problems. For example, the continuous monitoring of compliance to regulatory requirements such as PCI-DSS and NERC CIP requires analyzing events to identify if specific conditions over the configurations of devices occur. In multi-organization systems, detecting these problems often requires integrating events generated by different organizations. As events provide information about the infrastructure' internal structure, organizations are interested in reducing the amount of information shared with external entities. This paper analyses the problem of detecting policy violations in network infrastructure systems managed by two organizations (e.g., a cloud user and a cloud provider). We focus on CEP monitoring systems and we introduce two protocols for selecting the events to share between the two organizations to ensure the detection of all possible policy violations. Our experimental evaluation shows that reciprocal information sharing between the two organizations significantly reduces the amount of information to transfer. In our SNMP monitoring test case, we obtain a 80% reduction in the information shared by any single organization.

KW - cloud computing

KW - compliance

KW - monitoring

KW - multi-domain

KW - multi-organization

KW - policy

KW - security

UR - http://www.scopus.com/inward/record.url?scp=84866752083&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84866752083&partnerID=8YFLogxK

U2 - 10.1109/POLICY.2012.18

DO - 10.1109/POLICY.2012.18

M3 - Conference contribution

AN - SCOPUS:84866752083

SN - 9780769547350

T3 - Proceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012

SP - 70

EP - 77

BT - Proceedings - 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2012

ER -