IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012) (2012)
Boston, MA, USA USA
June 25, 2012 to June 28, 2012
Mirko Montanari , University of Illinois at Urbana-Champaign, USA
Roy H. Campbell , University of Illinois at Urbana-Champaign, USA
Monitoring systems observe important information that could be a valuable resource to malicious users: attackers can use the knowledge of topology information, application logs, or configuration data to target attacks and make them hard to detect. The increasing need for correlating information across distributed systems to better detect potential attacks and to meet regulatory requirements can potentially exacerbate the problem if the monitoring is centralized. A single zero-day vulnerability would permit an attacker to access all information. This paper introduces a novel algorithm for performing policy-based security monitoring. We use policies to distribute information across several hosts, so that any host compromise has limited impact on the confidentiality of the data about the overall system. Experiments show that our solution spreads information uniformly across distributed monitoring hosts and forces attackers to perform multiple actions to acquire important data.
distributed systems, security, monitoring, policy compliance, confidentiality
M. Montanari and R. H. Campbell, "Confidentiality of event data in policy-based monitoring," IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012)(DSN), Boston, MA, USA USA, 2012, pp. 1-12.