1 / 8

DETECT DEtection Test bed for Event Correlation and Tuning

DETECT DEtection Test bed for Event Correlation and Tuning. Marc Dacier, Eurecom marc.dacier@eurecom.fr. Contributors. University of Milano ( Italy ): D. Buschi Internet Systematics Lab ( Greece ) : Y. Corovesis Institut Eurecom ( France ): M. Dacier

jreppert
Download Presentation

DETECT DEtection Test bed for Event Correlation and Tuning

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DETECTDEtection Test bed for Event Correlation and Tuning Marc Dacier, Eurecom marc.dacier@eurecom.fr

  2. Contributors • University of Milano (Italy): D. Buschi • Internet Systematics Lab (Greece) : Y. Corovesis • Institut Eurecom (France): M. Dacier • France Telecom R&D (France), H. Debar • Chalmers University (Sweden): E. Jonsson • Université Catholique de Louvain (Belgium): B. Le Charlier • Joint Research Centre, Ispra (Italy): P. Loekkemyhr • Defence Science and Technology Laboratory (Dstl, UK): T. McCutcheon • Queensland University of Technology (Australia): G. Mohay • Centre de Recherche Droit et Informatique, FUNDP Namur (Belgium): Y. Poullet • IBM Zurich Research Laboratorium (Switzerland): A. Wespi

  3. Paradigm Shift • From “Security by Obscurity” • The bad guys don’t know how to break into the system. • To “Security by Ignorance” • The good guys don’t know how to break into the system.

  4. Rationales • Lack of real data concerning attacks • Can we build fault tolerant systems without providing sound rationales regarding the fault assumptions? … No • Can we reuse existing approaches to address this issue ? . No

  5. In a nutshell • How to build a highly distributed and truly intrusion tolerant system that provides all the data we need for analysis without putting us into jail …. • How can we do this while taking advantage of the dependability body of knowledge (architecture, modelling,protocols, etc) ? • e.g. MAFTIA

  6. Open issues • Architectural issues: • What is the bad guy allowed to do ? • How do we securely exchange information, where ? • How do we recover from successful intrusions ? • How “real” is the fake world we build ? • Data collection issues: • What are we allowed to do ? • Legal issues • Where are we eager to share ? • Confidentiality, privacy issues. • What do we really need to collect ? • Context provisioning, correlation issues

  7. Expected outcome • Continuous stream of unbiased set of real, representative data that can be offered to the whole community for analysis and education purposes. • An easy-to-install set up freely available that can be widely distributed to enrich this stream of data. • A demonstrator to test technical outcome of DESIRE.

More Related