Using security policies to automate placement of network intrusion prevention

Nirupama Talele; Jason Teutsch; Trent Ray Jaeger; Robert F. Erbacher

doi:10.1007/978-3-642-36563-8_2

Using security policies to automate placement of network intrusion prevention

Nirupama Talele, Jason Teutsch, Trent Ray Jaeger, Robert F. Erbacher

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Citations (Scopus)

Abstract

System administrators frequently use Intrusion Detection and Prevention Systems (IDPS) and host security mechanisms, such as firewalls and mandatory access control, to protect their hosts from remote adversaries. The usual techniques for placing network monitoring and intrusion prevention apparatuses in the network do not account for host flows and fail to defend against vulnerabilities resulting from minor modifications to host configurations. Therefore, despite widespread use of these methods, the task of security remains largely reactive. In this paper, we propose an approach to automate a minimal mediation placement for network and host flows. We use Intrusion Prevention System (IPS) as a replacement for certain host mediations. Due to the large number of flows at the host level, we summarize information flows at the composite network level, using a conservative estimate of the host mediation. Our summary technique reduces the number of relevant network nodes in our example network by 80% and improves mediation placement speed by 87.5%. In this way, we effectively and efficiently compute network-wide defense placement for comprehensive security enforcement.

Original language	English (US)
Title of host publication	Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings
Pages	17-32
Number of pages	16
DOIs	https://doi.org/10.1007/978-3-642-36563-8_2
State	Published - Dec 1 2013
Event	5th International Symposium on Engineering Secure Software and Systems, ESSoS 2013 - Paris, France Duration: Feb 27 2013 → Mar 1 2013

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7781 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	5th International Symposium on Engineering Secure Software and Systems, ESSoS 2013
Country	France
City	Paris
Period	2/27/13 → 3/1/13

Fingerprint

Security Policy

Intrusion detection

Access control

Placement

Mediation

Monitoring

Composite materials

Network Monitoring

Firewall

Intrusion Detection

Information Flow

Access Control

Vulnerability

Replacement

Minor

Composite

Configuration

Vertex of a graph

Estimate

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Cite this

Talele, N., Teutsch, J., Jaeger, T. R., & Erbacher, R. F. (2013). Using security policies to automate placement of network intrusion prevention. In Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings (pp. 17-32). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7781 LNCS). https://doi.org/10.1007/978-3-642-36563-8_2

Talele, Nirupama ; Teutsch, Jason ; Jaeger, Trent Ray ; Erbacher, Robert F. / Using security policies to automate placement of network intrusion prevention. Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings. 2013. pp. 17-32 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{63a8752ae7d140f4a84952c6ac5194ca,

title = "Using security policies to automate placement of network intrusion prevention",

abstract = "System administrators frequently use Intrusion Detection and Prevention Systems (IDPS) and host security mechanisms, such as firewalls and mandatory access control, to protect their hosts from remote adversaries. The usual techniques for placing network monitoring and intrusion prevention apparatuses in the network do not account for host flows and fail to defend against vulnerabilities resulting from minor modifications to host configurations. Therefore, despite widespread use of these methods, the task of security remains largely reactive. In this paper, we propose an approach to automate a minimal mediation placement for network and host flows. We use Intrusion Prevention System (IPS) as a replacement for certain host mediations. Due to the large number of flows at the host level, we summarize information flows at the composite network level, using a conservative estimate of the host mediation. Our summary technique reduces the number of relevant network nodes in our example network by 80{\%} and improves mediation placement speed by 87.5{\%}. In this way, we effectively and efficiently compute network-wide defense placement for comprehensive security enforcement.",

author = "Nirupama Talele and Jason Teutsch and Jaeger, {Trent Ray} and Erbacher, {Robert F.}",

year = "2013",

month = "12",

day = "1",

doi = "10.1007/978-3-642-36563-8_2",

language = "English (US)",

isbn = "9783642365621",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "17--32",

booktitle = "Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings",

}

Talele, N, Teutsch, J, Jaeger, TR & Erbacher, RF 2013, Using security policies to automate placement of network intrusion prevention. in Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7781 LNCS, pp. 17-32, 5th International Symposium on Engineering Secure Software and Systems, ESSoS 2013, Paris, France, 2/27/13. https://doi.org/10.1007/978-3-642-36563-8_2

Using security policies to automate placement of network intrusion prevention. / Talele, Nirupama; Teutsch, Jason; Jaeger, Trent Ray; Erbacher, Robert F.

Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings. 2013. p. 17-32 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7781 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Using security policies to automate placement of network intrusion prevention

AU - Talele, Nirupama

AU - Teutsch, Jason

AU - Jaeger, Trent Ray

AU - Erbacher, Robert F.

PY - 2013/12/1

Y1 - 2013/12/1

N2 - System administrators frequently use Intrusion Detection and Prevention Systems (IDPS) and host security mechanisms, such as firewalls and mandatory access control, to protect their hosts from remote adversaries. The usual techniques for placing network monitoring and intrusion prevention apparatuses in the network do not account for host flows and fail to defend against vulnerabilities resulting from minor modifications to host configurations. Therefore, despite widespread use of these methods, the task of security remains largely reactive. In this paper, we propose an approach to automate a minimal mediation placement for network and host flows. We use Intrusion Prevention System (IPS) as a replacement for certain host mediations. Due to the large number of flows at the host level, we summarize information flows at the composite network level, using a conservative estimate of the host mediation. Our summary technique reduces the number of relevant network nodes in our example network by 80% and improves mediation placement speed by 87.5%. In this way, we effectively and efficiently compute network-wide defense placement for comprehensive security enforcement.

AB - System administrators frequently use Intrusion Detection and Prevention Systems (IDPS) and host security mechanisms, such as firewalls and mandatory access control, to protect their hosts from remote adversaries. The usual techniques for placing network monitoring and intrusion prevention apparatuses in the network do not account for host flows and fail to defend against vulnerabilities resulting from minor modifications to host configurations. Therefore, despite widespread use of these methods, the task of security remains largely reactive. In this paper, we propose an approach to automate a minimal mediation placement for network and host flows. We use Intrusion Prevention System (IPS) as a replacement for certain host mediations. Due to the large number of flows at the host level, we summarize information flows at the composite network level, using a conservative estimate of the host mediation. Our summary technique reduces the number of relevant network nodes in our example network by 80% and improves mediation placement speed by 87.5%. In this way, we effectively and efficiently compute network-wide defense placement for comprehensive security enforcement.

UR - http://www.scopus.com/inward/record.url?scp=84893143999&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84893143999&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-36563-8_2

DO - 10.1007/978-3-642-36563-8_2

M3 - Conference contribution

SN - 9783642365621

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 17

EP - 32

BT - Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings

ER -

Talele N, Teutsch J, Jaeger TR, Erbacher RF. Using security policies to automate placement of network intrusion prevention. In Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings. 2013. p. 17-32. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-36563-8_2

Access to Document

10.1007/978-3-642-36563-8_2