Robustness of Compliance to Infrastructure Security Policies
Chaugule, Amey
This item is only available for download by members of the University of Illinois community. Students, faculty, and staff at the U of I may log in with your NetID and password to view the item. If you are trying to access an Illinois-restricted dissertation or thesis, you can request a copy through your library's Inter-Library Loan office or purchase a copy directly from ProQuest.
Permalink
https://hdl.handle.net/2142/46542
Description
Title
Robustness of Compliance to Infrastructure Security Policies
Author(s)
Chaugule, Amey
Contributor(s)
Campbell, Roy H.
Issue Date
2011-05
Keyword(s)
network security
infrastructure security
security estimation
Date of Ingest
2014-01-15T16:17:37Z
Abstract
Policies are used extensively in managing the security of large computer infrastructure
systems. Many large organizations and several government entities such as the
National Institute for Standards and Technology (NIST) and the North American Electric Reliability
Corporation (NERC) define security policies to specify the allowed configurations of the
systems under their watch. The goal of such policies is to help reduce the vulnerability
of the infrastructure to attacks, misconfiguration and operator error. To that end, these policies
specify allowed interconnections between systems, firewall configurations, software settings,
and levels of redundancy in the system’s components. Ensuring compliance to such
policies through frequent monitoring can reduce the time span during which these systems are vulnerable to attacks.
However, faults and attacks can make the underlying information used for validating
compliance erroneous or incomplete. A compromised system could feed false information
about its state to the compliance monitoring system. In this thesis we introduce the
concept of robustness of compliance. We show that systems which are compliant to security
policies can exhibit different level of resilience to false information and we provide an
algorithm for quantitatively computing a measure of robustness based on the concept of
distance from violation. Intuitively, our algorithm computes an estimation of the amount
of false information that needs to be provided to a compliance monitoring system for making
an infrastructure appear compliant even when the underlying system is noncompliant.
Our experiments demonstrate that our approach is viable in large networks.
Use this login method if you
don't
have an
@illinois.edu
email address.
(Oops, I do have one)
IDEALS migrated to a new platform on June 23, 2022. If you created
your account prior to this date, you will have to reset your password
using the forgot-password link below.