Skip to main content
SpringerLink
Log in

Limiting Data Exposure in Monitoring Multi-domain Policy Conformance

  • Conference paper
Trust and Trustworthy Computing (Trust 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7904))

Included in the following conference series:

  • 1327 Accesses

Abstract

In hybrid- or multi-cloud systems, security information and event management systems often work with abstract level information provided by the service providers. Privacy and confidentiality requirements discourage sharing of the raw data. With access to only the partial information, detecting anomalies and policy violations becomes much more difficult in those environments.

This paper proposes a mechanism for detecting undesirable events over the composition of multiple independent systems that have constraints in sharing information because of security and privacy concerns. Our approach complements other privacy-preserving event-sharing methods by focusing on discrete events such as system and network configuration changes. We use logic-based policies to define undesirable event sequences, and use multi-party computation to share event details that are needed for detecting violations. Further, through experimental evaluation, we show that our technique reduces the information shared between systems by more than half, and we show that the low performance of multi-party computation can be balanced out with concurrency—demonstrating an event rate acceptable for verification of configuration changes as well as other complex conditions.

This material is based on work supported in part by a grant from The Boeing Company, and by a grant from Air Force Research Laboratory and the Air Force Office of Scientific Research under agreement number FA8750-11-2-0084. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Allen, J.F.: Maintaining knowledge about temporal intervals. Communications of the ACM 26(11), 832–843 (1983)

    Article  MATH  Google Scholar 

  2. Bernstein, D., Ludvigson, E., Sankar, K., Diamond, S., Morrow, M.: Blueprint for the intercloud-protocols and formats for cloud computing interoperability. In: ICIW 2009, pp. 328–336. IEEE (2009)

    Google Scholar 

  3. Burkhart, M., Strasser, M., Many, D., Dimitropoulos, X.: Sepia: Privacy-preserving aggregation of multi-domain network events and statistics. USENIX Sec (2010)

    Google Scholar 

  4. Ceri, S., Gottlob, G., Tanca, L.: What you always wanted to know about Datalog (and never dared to ask). IEEE Transactions on Knowledge and Data Engineering 1(1), 146–166 (1989)

    Article  Google Scholar 

  5. Grawrock, D.: The Intel Safer Computing Initiative, ch. 1-2, pp. 3–31. Intel Press (2006)

    Google Scholar 

  6. Denker, G., Gehani, A., Kim, M., Hanz, D.: Policy-Based Data Downgrading: Toward a Semantic Framework and Automated Tools to Balance Need-to-Protect and Need-to-Share Policies. In: IEEE POLICY (2010)

    Google Scholar 

  7. Evans, D., Eyers, D.: Efficient Policy Checking across Administrative Domains. In: IEEE POLICY (2010)

    Google Scholar 

  8. Giblin, C., MĂĽller, S., Pfitzmann, B.: From regulatory policies to event monitoring rules: Towards model-driven compliance automation. IBM Research Zurich, Report RZ, 3662 (2006)

    Google Scholar 

  9. Goldreich, O.: Foundations of Cryptography. Basic Applications, vol. 2. Cambridge University Press (2004)

    Google Scholar 

  10. Huang, Y., Evans, D., Katz, J., Malka, L.: Faster secure two-party computation using garbled circuits. In: USENIX Security Symposium (2011)

    Google Scholar 

  11. Huang, Y., Katz, J., Evans, D.: Quid-pro-quo-tocols: Strengthening semi-honest protocols with dual execution. In: IEEE Symposium on Security and Privacy (2012)

    Google Scholar 

  12. Huh, J.H., Lyle, J.: Trustworthy Log Reconciliation for Distributed Virtual Organisations. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 169–182. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  13. Huh, J.H., Martin, A.: Towards a Trustable Virtual Organisation. In: IEEE International Symposium on Parallel and Distributed Processing with Applications, pp. 425–431. IEEE (August 2009)

    Google Scholar 

  14. Hunt, P., Konar, M., Junqueira, F.P., Reed, B.: Zookeeper: Wait-free coordination for internet-scale systems. In: USENIX ATC, vol. 10 (2010)

    Google Scholar 

  15. Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  16. Lee, A.J., Tabriz, P., Borisov, N.: A privacy-preserving interdomain audit framework. In: WPES. ACM (2006)

    Google Scholar 

  17. Lincoln, P., Porras, P., Shmatikov, V.: Privacy-preserving sharing and correction of security alerts. In: USENIX Security Symposium (2004)

    Google Scholar 

  18. Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., Leaf, D.: Nist cloud computing reference architecture. NIST Special Publication 500, 292 (2011)

    Google Scholar 

  19. Montanari, M., Campbell, R.H.: Confidentiality of event data in policy-based monitoring. In: Dependable Systems and Networks, DSN 2012. IEEE (2012)

    Google Scholar 

  20. Montanari, M., Cook, L.T., Campbell, R.H.: Multi-organization policy-based monitoring. In: IEEE POLICY 2012 (2012)

    Google Scholar 

  21. Montanari, M., Huh, J.H., Dagit, D., Bobba, R.B., Campbell, R.H.: Evidence of log integrity in policy-based security monitoring. In: Dependable Systems and Networks Workshops, DSN-W 2012. IEEE (2012)

    Google Scholar 

  22. O’Keefe, C.M.: Privacy and the use of health data - reducing disclosure risk. In: Health Informatics (2008)

    Google Scholar 

  23. Pang, R.: A high-level programming environment for packet trace anonymization and transformation. In: ACM SIGCOMM, Germany (2003)

    Google Scholar 

  24. Payment Card Industry (PCI) Security Standard Council. Data security standard version 1.1 (2006)

    Google Scholar 

  25. Ross, R., Katzke, S., Johnson, A., Swanson, M., Stoneburner, G., Rogers, G., Lee, A.: Recommended security controls for federal information systems (final public draft; nist sp 800-53) (2005)

    Google Scholar 

  26. Singh, J., Vargas, L., Bacon, J., Moody, K.: Policy-Based Information Sharing in Publish/Subscribe Middleware. In: IEEE POLICY (2008)

    Google Scholar 

  27. Slagell, A., Lakkaraju, K., Luo, K.: Flaim: A multi-level anonymization framework for computer and network logs. In: LISA (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Illinois at Urbana-Champaign, USA

    Mirko Montanari, Jun Ho Huh, Rakesh B. Bobba & Roy H. Campbell

Authors
  1. Mirko Montanari
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jun Ho Huh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rakesh B. Bobba
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Roy H. Campbell
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Imperial College London, SW7 2AZ, London, United Kingdom

    Michael Huth

  2. Nokia Research Center, Helsinki, Finland

    N. Asokan

  3. Department of Computer Science, ETH Zurich, Switzerland

    Srdjan ÄŚapkun

  4. University of Oxford, UK

    Ivan Flechais

  5. Information Security Group, Royal Holloway University of London, TW20 0EX, Egham, Surrey, UK

    Lizzie Coles-Kemp

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Montanari, M., Huh, J.H., Bobba, R.B., Campbell, R.H. (2013). Limiting Data Exposure in Monitoring Multi-domain Policy Conformance. In: Huth, M., Asokan, N., ÄŚapkun, S., Flechais, I., Coles-Kemp, L. (eds) Trust and Trustworthy Computing. Trust 2013. Lecture Notes in Computer Science, vol 7904. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38908-5_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38908-5_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38907-8

  • Online ISBN: 978-3-642-38908-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation