Using security policies to automate placement of network intrusion prevention

Nirupama Talele, Jason Teutsch, Trent Ray Jaeger, Robert F. Erbacher

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

System administrators frequently use Intrusion Detection and Prevention Systems (IDPS) and host security mechanisms, such as firewalls and mandatory access control, to protect their hosts from remote adversaries. The usual techniques for placing network monitoring and intrusion prevention apparatuses in the network do not account for host flows and fail to defend against vulnerabilities resulting from minor modifications to host configurations. Therefore, despite widespread use of these methods, the task of security remains largely reactive. In this paper, we propose an approach to automate a minimal mediation placement for network and host flows. We use Intrusion Prevention System (IPS) as a replacement for certain host mediations. Due to the large number of flows at the host level, we summarize information flows at the composite network level, using a conservative estimate of the host mediation. Our summary technique reduces the number of relevant network nodes in our example network by 80% and improves mediation placement speed by 87.5%. In this way, we effectively and efficiently compute network-wide defense placement for comprehensive security enforcement.

Original languageEnglish (US)
Title of host publicationEngineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings
Pages17-32
Number of pages16
DOIs
StatePublished - Dec 1 2013
Event5th International Symposium on Engineering Secure Software and Systems, ESSoS 2013 - Paris, France
Duration: Feb 27 2013Mar 1 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7781 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other5th International Symposium on Engineering Secure Software and Systems, ESSoS 2013
CountryFrance
CityParis
Period2/27/133/1/13

Fingerprint

Security Policy
Intrusion detection
Access control
Placement
Mediation
Monitoring
Composite materials
Network Monitoring
Firewall
Intrusion Detection
Information Flow
Access Control
Vulnerability
Replacement
Minor
Composite
Configuration
Vertex of a graph
Estimate

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Talele, N., Teutsch, J., Jaeger, T. R., & Erbacher, R. F. (2013). Using security policies to automate placement of network intrusion prevention. In Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings (pp. 17-32). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7781 LNCS). https://doi.org/10.1007/978-3-642-36563-8_2
Talele, Nirupama ; Teutsch, Jason ; Jaeger, Trent Ray ; Erbacher, Robert F. / Using security policies to automate placement of network intrusion prevention. Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings. 2013. pp. 17-32 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{63a8752ae7d140f4a84952c6ac5194ca,
title = "Using security policies to automate placement of network intrusion prevention",
abstract = "System administrators frequently use Intrusion Detection and Prevention Systems (IDPS) and host security mechanisms, such as firewalls and mandatory access control, to protect their hosts from remote adversaries. The usual techniques for placing network monitoring and intrusion prevention apparatuses in the network do not account for host flows and fail to defend against vulnerabilities resulting from minor modifications to host configurations. Therefore, despite widespread use of these methods, the task of security remains largely reactive. In this paper, we propose an approach to automate a minimal mediation placement for network and host flows. We use Intrusion Prevention System (IPS) as a replacement for certain host mediations. Due to the large number of flows at the host level, we summarize information flows at the composite network level, using a conservative estimate of the host mediation. Our summary technique reduces the number of relevant network nodes in our example network by 80{\%} and improves mediation placement speed by 87.5{\%}. In this way, we effectively and efficiently compute network-wide defense placement for comprehensive security enforcement.",
author = "Nirupama Talele and Jason Teutsch and Jaeger, {Trent Ray} and Erbacher, {Robert F.}",
year = "2013",
month = "12",
day = "1",
doi = "10.1007/978-3-642-36563-8_2",
language = "English (US)",
isbn = "9783642365621",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "17--32",
booktitle = "Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings",

}

Talele, N, Teutsch, J, Jaeger, TR & Erbacher, RF 2013, Using security policies to automate placement of network intrusion prevention. in Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7781 LNCS, pp. 17-32, 5th International Symposium on Engineering Secure Software and Systems, ESSoS 2013, Paris, France, 2/27/13. https://doi.org/10.1007/978-3-642-36563-8_2

Using security policies to automate placement of network intrusion prevention. / Talele, Nirupama; Teutsch, Jason; Jaeger, Trent Ray; Erbacher, Robert F.

Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings. 2013. p. 17-32 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7781 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Using security policies to automate placement of network intrusion prevention

AU - Talele, Nirupama

AU - Teutsch, Jason

AU - Jaeger, Trent Ray

AU - Erbacher, Robert F.

PY - 2013/12/1

Y1 - 2013/12/1

N2 - System administrators frequently use Intrusion Detection and Prevention Systems (IDPS) and host security mechanisms, such as firewalls and mandatory access control, to protect their hosts from remote adversaries. The usual techniques for placing network monitoring and intrusion prevention apparatuses in the network do not account for host flows and fail to defend against vulnerabilities resulting from minor modifications to host configurations. Therefore, despite widespread use of these methods, the task of security remains largely reactive. In this paper, we propose an approach to automate a minimal mediation placement for network and host flows. We use Intrusion Prevention System (IPS) as a replacement for certain host mediations. Due to the large number of flows at the host level, we summarize information flows at the composite network level, using a conservative estimate of the host mediation. Our summary technique reduces the number of relevant network nodes in our example network by 80% and improves mediation placement speed by 87.5%. In this way, we effectively and efficiently compute network-wide defense placement for comprehensive security enforcement.

AB - System administrators frequently use Intrusion Detection and Prevention Systems (IDPS) and host security mechanisms, such as firewalls and mandatory access control, to protect their hosts from remote adversaries. The usual techniques for placing network monitoring and intrusion prevention apparatuses in the network do not account for host flows and fail to defend against vulnerabilities resulting from minor modifications to host configurations. Therefore, despite widespread use of these methods, the task of security remains largely reactive. In this paper, we propose an approach to automate a minimal mediation placement for network and host flows. We use Intrusion Prevention System (IPS) as a replacement for certain host mediations. Due to the large number of flows at the host level, we summarize information flows at the composite network level, using a conservative estimate of the host mediation. Our summary technique reduces the number of relevant network nodes in our example network by 80% and improves mediation placement speed by 87.5%. In this way, we effectively and efficiently compute network-wide defense placement for comprehensive security enforcement.

UR - http://www.scopus.com/inward/record.url?scp=84893143999&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84893143999&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-36563-8_2

DO - 10.1007/978-3-642-36563-8_2

M3 - Conference contribution

SN - 9783642365621

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 17

EP - 32

BT - Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings

ER -

Talele N, Teutsch J, Jaeger TR, Erbacher RF. Using security policies to automate placement of network intrusion prevention. In Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings. 2013. p. 17-32. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-36563-8_2