Withdraw
Loading…
Limiting information exposure in multi-domain monitoring systems
Montanari, Mirko
Loading…
Permalink
https://hdl.handle.net/2142/45491
Description
- Title
- Limiting information exposure in multi-domain monitoring systems
- Author(s)
- Montanari, Mirko
- Issue Date
- 2013-08-22T16:42:01Z
- Director of Research (if dissertation) or Advisor (if thesis)
- Campbell, Roy H.
- Doctoral Committee Chair(s)
- Campbell, Roy H.
- Committee Member(s)
- Gunter, Carl A.
- Sanders, William H.
- Ou, Xinming
- Department of Study
- Computer Science
- Discipline
- Computer Science
- Degree Granting Institution
- University of Illinois at Urbana-Champaign
- Degree Name
- Ph.D.
- Degree Level
- Dissertation
- Keyword(s)
- computer security
- policy
- compliance monitoring
- security monitoring
- data sharing
- Abstract
- Security monitoring systems have been recognized as a fundamental component of security management, and they provide the fundamental building blocks of future reactive and autonomic systems that can automatically respond and adapt to changes in their environment. However, operating security monitoring systems in the complex environment of today's organizations is challenging. The complex structure of many organizations, the use of cloud computing, and the complexity of attacks require monitoring systems that can operate across the organization boundaries to integrate many types of information. However, when multiple security domains are involved, privacy and confidentiality problems create challenges in integrating events across systems. Situational awareness can be impacted, and so can be the ability of future systems to adapt to their environment. Our thesis is that the explicit definition of policies enables the design of multi-domain monitoring systems that protect the confidentiality and the integrity of the monitoring data. We focus on the problem of sharing discrete events across organizations for detecting violations of security policies. We identify several scenarios from real-word policies in which such a multi-domain sharing is necessary. We introduce a novel architecture for monitoring multi-domain systems, and we introduce two complementary approaches for reducing the amount of information to share to a value close to the theoretical minimum. Our results show that our approaches have adequate performance in many monitoring scenarios, and significantly reduces the amount of information to share. Finally, as security monitoring is a fundamental service in modern systems, we provide a security analysis of our architecture. We analyze the impact of attacks on the integrity, availability, and confidentiality of the monitoring data. We show that, in many cases, our monitoring system fails gracefully in case of attacks without the causing catastrophic security failures of centralized systems.
- Graduation Semester
- 2013-08
- Permalink
- http://hdl.handle.net/2142/45491
- Copyright and License Information
- Copyright 2013 Mirko Montanari
Owning Collections
Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at IllinoisDissertations and Theses - Computer Science
Dissertations and Theses from the Dept. of Computer ScienceManage Files
Loading…
Edit Collection Membership
Loading…
Edit Metadata
Loading…
Edit Properties
Loading…
Embargoes
Loading…