Using security policies to automate placement of network intrusion prevention

Nirupama Talele, Jason Teutsch, Trent Jaeger, Robert F. Erbacher

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Scopus citations

Abstract

System administrators frequently use Intrusion Detection and Prevention Systems (IDPS) and host security mechanisms, such as firewalls and mandatory access control, to protect their hosts from remote adversaries. The usual techniques for placing network monitoring and intrusion prevention apparatuses in the network do not account for host flows and fail to defend against vulnerabilities resulting from minor modifications to host configurations. Therefore, despite widespread use of these methods, the task of security remains largely reactive. In this paper, we propose an approach to automate a minimal mediation placement for network and host flows. We use Intrusion Prevention System (IPS) as a replacement for certain host mediations. Due to the large number of flows at the host level, we summarize information flows at the composite network level, using a conservative estimate of the host mediation. Our summary technique reduces the number of relevant network nodes in our example network by 80% and improves mediation placement speed by 87.5%. In this way, we effectively and efficiently compute network-wide defense placement for comprehensive security enforcement.

Original languageEnglish (US)
Title of host publicationEngineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings
Pages17-32
Number of pages16
DOIs
StatePublished - Dec 1 2013
Event5th International Symposium on Engineering Secure Software and Systems, ESSoS 2013 - Paris, France
Duration: Feb 27 2013Mar 1 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7781 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other5th International Symposium on Engineering Secure Software and Systems, ESSoS 2013
CountryFrance
CityParis
Period2/27/133/1/13

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Using security policies to automate placement of network intrusion prevention'. Together they form a unique fingerprint.

  • Cite this

    Talele, N., Teutsch, J., Jaeger, T., & Erbacher, R. F. (2013). Using security policies to automate placement of network intrusion prevention. In Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings (pp. 17-32). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7781 LNCS). https://doi.org/10.1007/978-3-642-36563-8_2