Distributed Security Policy Conformance - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2011

Distributed Security Policy Conformance

Résumé

Security policy conformance is a crucial issue in large-scale critical cyber-infrastructure. The complexity of these systems, insider attacks, and the possible speed of an attack on a system necessitate an automated approach to assure a basic level of protection.This paper presents Odessa, a resilient system for monitoring and validating compliance of networked systems to complex policies. To manage the scale of infrastructure systems and to avoid single points of failure or attack, Odessa distributes policy validation across many network nodes. Partial delegation enables the validation of component policies and of liveness at the edge nodes of the network using redundancy to increase security. Redundant distributed servers aggregate data to validate more complex policies. Our practical implementation of Odessa resists Byzantine failure of monitoring using an architecture that significantly increases scalability and attack resistance.
Fichier principal
Vignette du fichier
978-3-642-21424-0_17_Chapter.pdf (412.28 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01567586 , version 1 (24-07-2017)

Licence

Paternité

Identifiants

Citer

Mirko Montanari, Ellick Chan, Kevin Larson, Wucherl Yoo, Roy H. Campbell. Distributed Security Policy Conformance. 26th International Information Security Conference (SEC), Jun 2011, Lucerne, Switzerland. pp.210-222, ⟨10.1007/978-3-642-21424-0_17⟩. ⟨hal-01567586⟩
39 Consultations
311 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More