Abstract
In hybrid- or multi-cloud systems, security information and event management systems often work with abstract level information provided by the service providers. Privacy and confidentiality requirements discourage sharing of the raw data. With access to only the partial information, detecting anomalies and policy violations becomes much more difficult in those environments.
This paper proposes a mechanism for detecting undesirable events over the composition of multiple independent systems that have constraints in sharing information because of security and privacy concerns. Our approach complements other privacy-preserving event-sharing methods by focusing on discrete events such as system and network configuration changes. We use logic-based policies to define undesirable event sequences, and use multi-party computation to share event details that are needed for detecting violations. Further, through experimental evaluation, we show that our technique reduces the information shared between systems by more than half, and we show that the low performance of multi-party computation can be balanced out with concurrency—demonstrating an event rate acceptable for verification of configuration changes as well as other complex conditions.
This material is based on work supported in part by a grant from The Boeing Company, and by a grant from Air Force Research Laboratory and the Air Force Office of Scientific Research under agreement number FA8750-11-2-0084. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Allen, J.F.: Maintaining knowledge about temporal intervals. Communications of the ACM 26(11), 832–843 (1983)
Bernstein, D., Ludvigson, E., Sankar, K., Diamond, S., Morrow, M.: Blueprint for the intercloud-protocols and formats for cloud computing interoperability. In: ICIW 2009, pp. 328–336. IEEE (2009)
Burkhart, M., Strasser, M., Many, D., Dimitropoulos, X.: Sepia: Privacy-preserving aggregation of multi-domain network events and statistics. USENIX Sec (2010)
Ceri, S., Gottlob, G., Tanca, L.: What you always wanted to know about Datalog (and never dared to ask). IEEE Transactions on Knowledge and Data Engineering 1(1), 146–166 (1989)
Grawrock, D.: The Intel Safer Computing Initiative, ch. 1-2, pp. 3–31. Intel Press (2006)
Denker, G., Gehani, A., Kim, M., Hanz, D.: Policy-Based Data Downgrading: Toward a Semantic Framework and Automated Tools to Balance Need-to-Protect and Need-to-Share Policies. In: IEEE POLICY (2010)
Evans, D., Eyers, D.: Efficient Policy Checking across Administrative Domains. In: IEEE POLICY (2010)
Giblin, C., Müller, S., Pfitzmann, B.: From regulatory policies to event monitoring rules: Towards model-driven compliance automation. IBM Research Zurich, Report RZ, 3662 (2006)
Goldreich, O.: Foundations of Cryptography. Basic Applications, vol. 2. Cambridge University Press (2004)
Huang, Y., Evans, D., Katz, J., Malka, L.: Faster secure two-party computation using garbled circuits. In: USENIX Security Symposium (2011)
Huang, Y., Katz, J., Evans, D.: Quid-pro-quo-tocols: Strengthening semi-honest protocols with dual execution. In: IEEE Symposium on Security and Privacy (2012)
Huh, J.H., Lyle, J.: Trustworthy Log Reconciliation for Distributed Virtual Organisations. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 169–182. Springer, Heidelberg (2009)
Huh, J.H., Martin, A.: Towards a Trustable Virtual Organisation. In: IEEE International Symposium on Parallel and Distributed Processing with Applications, pp. 425–431. IEEE (August 2009)
Hunt, P., Konar, M., Junqueira, F.P., Reed, B.: Zookeeper: Wait-free coordination for internet-scale systems. In: USENIX ATC, vol. 10 (2010)
Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003)
Lee, A.J., Tabriz, P., Borisov, N.: A privacy-preserving interdomain audit framework. In: WPES. ACM (2006)
Lincoln, P., Porras, P., Shmatikov, V.: Privacy-preserving sharing and correction of security alerts. In: USENIX Security Symposium (2004)
Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., Leaf, D.: Nist cloud computing reference architecture. NIST Special Publication 500, 292 (2011)
Montanari, M., Campbell, R.H.: Confidentiality of event data in policy-based monitoring. In: Dependable Systems and Networks, DSN 2012. IEEE (2012)
Montanari, M., Cook, L.T., Campbell, R.H.: Multi-organization policy-based monitoring. In: IEEE POLICY 2012 (2012)
Montanari, M., Huh, J.H., Dagit, D., Bobba, R.B., Campbell, R.H.: Evidence of log integrity in policy-based security monitoring. In: Dependable Systems and Networks Workshops, DSN-W 2012. IEEE (2012)
O’Keefe, C.M.: Privacy and the use of health data - reducing disclosure risk. In: Health Informatics (2008)
Pang, R.: A high-level programming environment for packet trace anonymization and transformation. In: ACM SIGCOMM, Germany (2003)
Payment Card Industry (PCI) Security Standard Council. Data security standard version 1.1 (2006)
Ross, R., Katzke, S., Johnson, A., Swanson, M., Stoneburner, G., Rogers, G., Lee, A.: Recommended security controls for federal information systems (final public draft; nist sp 800-53) (2005)
Singh, J., Vargas, L., Bacon, J., Moody, K.: Policy-Based Information Sharing in Publish/Subscribe Middleware. In: IEEE POLICY (2008)
Slagell, A., Lakkaraju, K., Luo, K.: Flaim: A multi-level anonymization framework for computer and network logs. In: LISA (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Montanari, M., Huh, J.H., Bobba, R.B., Campbell, R.H. (2013). Limiting Data Exposure in Monitoring Multi-domain Policy Conformance. In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds) Trust and Trustworthy Computing. Trust 2013. Lecture Notes in Computer Science, vol 7904. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38908-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-38908-5_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38907-8
Online ISBN: 978-3-642-38908-5
eBook Packages: Computer ScienceComputer Science (R0)