research-article

Semantic Mediation for A Posteriori Log Analysis

Authors:

Farah Dernaika,

Nora Cuppens-Boulahia,

Frédéric Cuppens,

Olivier RaynaudAuthors Info & Claims

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

Article No.: 88, Pages 1 - 10

https://doi.org/10.1145/3339252.3340104

Published: 26 August 2019 Publication History

Abstract

The a posteriori access control mode consists in monitoring actions performed by users, to detect possible violations of the security policy and to apply sanctions or reparations. In general, logs are among the first data sources that information security specialists consult for forensics when they suspect that something went wrong. One difficult challenge we face when analyzing logs, is the multiple log file formats. However, normalizing logs in one format needs a lot of processing especially because log files usually contain a high volume of data. Our study proposes then to tackle this problem, by leaving the different log formats as they are, and retrieving information from logs by querying them. A semantic mediator makes it possible to inter-operate various sources of information without modifying their internal functioning. It can be responsible for locating data sources, to transmit queries to each source, or from one source to another, to retrieve the queries responses and possibly send them back to other sources. To the best of our knowledge, semantic mediation techniques have been used to share information from heterogeneous data sources, but they were never used in the context of log analysis.

References

[1]

{n. d.}. Elasticsearch Logstash. https://www.elastic.co/products/logstash.

[2]

{n. d.}. Mediation toolkit. https://github.com/correndo/mediation.

[3]

{n. d.}. SparqlToXQuery. https://sourceforge.net/projects/sparqltoxquery/.

[4]

Mohamed Karim Aroua and Belhassen Zouari. 2012. Modeling of A-Posteriori Access Control in Business Processes. In 2012 IEEE 36th Annual Computer Software and Applications Conference Workshops. IEEE, 403--408.

Digital Library

[5]

Hanieh Azkia, Nora Cuppens-Boulahia, Frédéric Cuppens, and Gouenou Coatrieux. 2010. Reconciling IHE-ATNA profile with a posteriori contextual access and usage control policy in healthcare environment. In 2010 Sixth International Conference on Information Assurance and Security. IEEE, 197--203.

[6]

Hanieh Azkia, Nora Cuppens-Boulahia, Frédéric Cuppens, and Gouenou Coatrieux. 2011. A posteriori access and usage control policy in healthcare environment. Journal of information assurance and security (JIAS) 6, 192 (2011), 389--397.

[7]

Hanieh Azkia, Nora Cuppens-Boulahia, Frédéric Cuppens, and Gouenou Coatrieux. 2012. Ontology based log content extraction engine for a posteriori security control. Studies in health technology and informatics 180 (2012), 746--750.

[8]

Franz Baader, Diego Calvanese, Deborah McGuinness, Peter Patel-Schneider, and Daniele Nardi. 2003. The description logic handbook: Theory, implementation and applications. Cambridge university press.

Digital Library

[9]

Leila Bahri, Barbara Carminati, and Elena Ferrari. 2015. CARDS-collaborative audit and report data sharing for a-posteriori access control in DOSNs. In 2015 IEEE Conference on Collaboration and Internet Computing (CIC). IEEE, 36--45.

Digital Library

[10]

D Bell, Leonard J LaPadula, M Ben-Ari, G Benson, G Benson, B Appelbe, I Akyildiz, C Date, D Denning, P Denning, et al. 1988. Secure computer system unified exposition and multics interpretation. Commun. ACM 1 (1988), 271--280.

[11]

Djamal Benslimane, Mahmoud Barhamgi, Frédéric Cuppens, Franck Morvan, Bruno Defude, Ebrahim Nageba, Michael Mrissa, Francois Paulus, Stephane Morucci, Nora Cuppens, et al. 2013. PAIRSE: a privacy-preserving service-oriented data integration system. ACM SIGMOD Record 42, 3 (2013), 42--47.

Digital Library

[12]

Nikos Bikakis, Chrisa Tsinaraki, Ioannis Stavrakantonakis, Nektarios Gioldasis, and Stavros Christodoulakis. 2015. The SPARQL2XQuery interoperability framework. World Wide Web 18, 2 (2015), 403--490.

Digital Library

[13]

Béatrice Bouchou and Cheikh Niang. 2014. Semantic mediator querying. In Proceedings of the 18th International Database Engineering & Applications Symposium. ACM, 29--38.

Digital Library

[14]

Diego Calvanese, Benjamin Cogrel, Sarah Komla-Ebri, Roman Kontchakov, Davide Lanti, Martin Rezk, Mariano Rodriguez-Muro, and Guohui Xiao. 2017. Ontop:Answering SPARQL queries over relational databases. Semantic Web 8, 3 (2017), 471--487.

[15]

JG Cederquist, R Conn, MAC Dekker, Sandro Etalle, and JI Den Hartog. 2005. An audit logic for accountability. In Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05). IEEE, 34--43.

Digital Library

[16]

JG Cederquist, RJ Corin, MAC Dekker, Sandro Etalle, Jeremy den Hartog, and Gabriele Lenzini. 2006. The audit logic: Policy compliance in distributed systems. (2006).

[17]

Ricardo Corin, Sandro Etalle, Jeremy den Hartog, Gabriele Lenzini, and I Staicu. 2004. A logic for auditing accountability in decentralized systems. In IFIP World Computer Congress, TC 1. Springer, 187--201.

[18]

Jérôme David, Jérôme Euzenat, François Scharffe, and Cássia Trojahn dos Santos. 2011. The alignment API 4.0. Semantic web 2, 1 (2011), 3--10.

Digital Library

[19]

Steven Dawson, Shelly Qian, and Pierangela Samarati. 2000. Providing security and interoperation of heterogeneous systems. In Security of Data and Transaction Processing. Springer, 119--145.

Digital Library

[20]

Sabrina De Capitani di Vimercati and Pierangela Samarati. 1997. Authorization specification and enforcement in federated database systems. Journal of Computer Security 5, 2 (1997), 155--188.

Digital Library

[21]

M A C Dekker and S Etalle. 2007. Audit-Based Access Control for. Electronic Notes in Theoretical Computer Science 168, 1 (2007), 221--236.

Digital Library

[22]

Mari Antonius Cornelis Dekker and Sandro Etalle. 2007. Audit-based access control for electronic health records. Electronic Notes in Theoretical Computer Science 168 (2007), 221--236.

Digital Library

[23]

Min Du, Feifei Li, Guineng Zheng, and Vivek Srikumar. 2017. DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning. (2017), 1285--1298.

Digital Library

[24]

Gilles Dubois and Danielle Boulanger. 2000. A Multi-agent system using semantic metadata for the cooperation among multiple information sources. In 4th European Conf. on Principles and Practice of Knowledge Discovery in Databases.

[25]

Anas Abou El Kalam, Rania El Baida, Philippe Balbiani, Salem Benferhat, Frédéric Cuppens, Yves Deswarte, Alexandre Miege, Claire Saurel, and Gilles Trouessin. 2003. Or-BAC: un modèle de contrôle d'accès basé sur les organisations. Cahiers francophones de la recherche en sécurité de l'information 1 (2003), 30--43.

[26]

Brendan Elliott, En Cheng, Chimezie Thomas-Ogbuji, and Z Meral Ozsoyoglu. 2009. A complete translation from SPARQL into efficient SQL. In Proceedings of the 2009 International Database Engineering & Applications Symposium. ACM, 31--42.

Digital Library

[27]

Sandro Etalle, Fabio Massacci, and Artsiom Yautsiukhin. {n. d.}. The Meaning of Logs. ({n. d.}).

[28]

Sandro Etalle and William H Winsborough. {n. d.}. A Posteriori Compliance Control Categories and Subject Descriptors. ({n. d.}), 11--20.

Digital Library

[29]

Jérôme Euzenat. 2004. An API for ontology alignment. In International Semantic Web Conference. Springer, 698--712.

Digital Library

[30]

David Ferraiolo, Janet Cugini, and D Richard Kuhn. 1995. Role-based access control (RBAC): Features and motivations. In Proceedings of 11th annual computer security application conference. 241--48.

[31]

Tim Finin, Anupam Joshi, Lalana Kagal, Jianwei Niu, Ravi Sandhu, William Winsborough, and Bhavani Thuraisingham. 2008. R OWL BAC: representing role based access control in OWL. In Proceedings of the 13th ACM symposium on Access control models and technologies. ACM, 73--82.

Digital Library

[32]

Bill Gregg, Horacio D'Agostino, and Eduardo Gonzalez Toledo. 2006. Creating an IHE ATNA-based audit repository. Journal of digital imaging 19, 4 (2006), 307--315.

[33]

Vincent C Hu, David Ferraiolo, Rick Kuhn, Arthur R Friedman, Alan J Lang, Margaret M Cogdell, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone, et al. 2013. Guide to attribute based access control (abac) definition and considerations (draft). NIST special publication 800, 162 (2013).

[34]

Karen Kent and Murugiah Souppaya. 2006. Guide to computer security log management. NIST special publication 92 (2006).

[35]

Graham Klyne and Jeremy J Carroll. 2006. Resource description framework (RDF): Concepts and abstract syntax. (2006).

[36]

Konstantinos Makris, Nektarios Gioldasis, Nikos Bikakis, and Stavros Christodoulakis. 2010. Sparql rewriting for query mediation over mapped ontologies. Technical University of Crete (2010).

[37]

Michael Mayhew, Michael Atighetchi, Aaron Adler, and Rachel Greenstadt. {n. d.}. Use of Machine Learning in Big Data Analytics for Insider Threat Detection. ({n. d.}).

[38]

Deborah L McGuinness, Frank Van Harmelen, et al. 2004. OWL web ontology language overview. W3C recommendation 10, 10 (2004), 2004.

[39]

Prasenjit Mitra, Chi-Chun Pan, Peng Liu, and Vijayalakshmi Atluri. 2006. Privacy-preserving semantic interoperation and access control of heterogeneous databases. In Proceedings of the 2006 ACM Symposium on Information, computer and communications security. ACM, 66--77.

Digital Library

[40]

Chi-Chun Pan, Prasenjit Mitra, and Peng Liu. 2006. Semantic access control for information interoperation. In Proceedings of the eleventh ACM symposium on Access control models and technologies. ACM, 237--246.

Digital Library

[41]

Eric Prud, Andy Seaborne, et al. 2006. Sparql query language for rdf. (2006).

[42]

Li Qin and Vijayalakshmi Atluri. 2003. Concept-level access control for the semantic web. In Proceedings of the 2003 ACM workshop on XML security. ACM, 94--103.

Digital Library

[43]

Yuzhong Qu, Xiang Zhang, and Huiying Li. 2004. OREL: an ontology-based rights expression language. In Proceedings of the 13th international World Wide Web conference on Alternate track papers & posters. ACM, 324--325.

Digital Library

[44]

Nitin Kumar Sharma and Anupam Joshi. 2016. Representing attribute based access control policies in owl. In 2016 IEEE Tenth International Conference on Semantic Computing (ICSC). IEEE, 333--336.

[45]

Sabrina De Capitani di Vimercati. 2011. Discretionary Access Control Policies (DAC). Springer US, Boston, MA, 356--358.

[46]

Jacques Wainer. {n. d.}. Anomaly Detection using Process Mining. ({n. d.}), 1--13.

[47]

Gio Wiederhold. 1992. Mediators in the architecture of future information systems. Computer 25, 3 (1992), 38--49.

Digital Library

Cited By

Rand JMiranskyy AJuristo N(2021)On automatic parsing of log recordsProceedings of the 43rd International Conference on Software Engineering: New Ideas and Emerging Results10.1109/ICSE-NIER52604.2021.00017(41-45)Online publication date: 25-May-2021
https://dl.acm.org/doi/10.1109/ICSE-NIER52604.2021.00017
Dernaika FCuppens-Boulahia NCuppens FRaynaud O(2021)A Posteriori Access Control with an Administrative PolicyAdvances in Security, Networks, and Internet of Things10.1007/978-3-030-71017-0_19(261-276)Online publication date: 2-Mar-2021
https://doi.org/10.1007/978-3-030-71017-0_19
Dernaika FCuppens-Boulahia NCuppens FRaynaud O(2021)A Posteriori Analysis of Policy Temporal ComplianceRisks and Security of Internet and Systems10.1007/978-3-030-68887-5_8(133-148)Online publication date: 12-Feb-2021
https://doi.org/10.1007/978-3-030-68887-5_8
Show More Cited By

Recommendations

Mediation Spaces for Similarity-Based Semantic Web Services Selection

Semantic Web Services SWS aim at the automated discovery, selection and orchestration of Web services based on comprehensive, machine-interpretable semantic descriptions. The latter are, in principle, deployed by multiple possible actors i.e., service ...
Ontology-Based mediation system
Proceedings of the 2006 conference on Leading the Web in Concurrent Engineering: Next Generation Concurrent Engineering

Data integration by mediation is more practical then centralized data warehouse when data is not static. The use of ontologies in the mediation allows semantic and structural integration. In this paper, we propose a new mediation system based on a ...
Semantic Mediation for Standard-Based B2B Interoperability

The authors discuss a semantic-mediation architecture to advance traditional approaches for standards-based business-to-business (B2B) interoperability. The architecture is supported by the Athena Knowledge Representation and Semantics Mediation tool ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

August 2019

979 pages

ISBN:9781450371643

DOI:10.1145/3339252

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 August 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ARES '19

ARES '19: 14th International Conference on Availability, Reliability and Security

August 26 - 29, 2019

CA, Canterbury, United Kingdom

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
104
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)1

Reflects downloads up to 21 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Rand JMiranskyy AJuristo N(2021)On automatic parsing of log recordsProceedings of the 43rd International Conference on Software Engineering: New Ideas and Emerging Results10.1109/ICSE-NIER52604.2021.00017(41-45)Online publication date: 25-May-2021
https://dl.acm.org/doi/10.1109/ICSE-NIER52604.2021.00017
Dernaika FCuppens-Boulahia NCuppens FRaynaud O(2021)A Posteriori Access Control with an Administrative PolicyAdvances in Security, Networks, and Internet of Things10.1007/978-3-030-71017-0_19(261-276)Online publication date: 2-Mar-2021
https://doi.org/10.1007/978-3-030-71017-0_19
Dernaika FCuppens-Boulahia NCuppens FRaynaud O(2021)A Posteriori Analysis of Policy Temporal ComplianceRisks and Security of Internet and Systems10.1007/978-3-030-68887-5_8(133-148)Online publication date: 12-Feb-2021
https://doi.org/10.1007/978-3-030-68887-5_8
Svacina JRaffety JWoodahl CStone BCerny TBures MShin DFrajtak KTisnovsky P(2020)On Vulnerability and Security Log analysisProceedings of the International Conference on Research in Adaptive and Convergent Systems10.1145/3400286.3418261(175-180)Online publication date: 13-Oct-2020
https://dl.acm.org/doi/10.1145/3400286.3418261

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents