论文信息 - Model-Based Security Event Management

Model-Based Security Event Management

With the growing size and complexity of current ICT infrastructures, it becomes increasingly challenging to gain an overview of potential security breaches. Security Information and Event Management systems which aim at collecting, aggregating and processing security-relevant information are therefore on the rise. However, the event model of current systems mostly describes network events and their correlation, but is not linked to a comprehensive security model, including system state, security and compliance requirements, countermeasures, and affected assets. In this paper we introduce a comprehensive semantic model for security event management. Besides the description of security incidents, the model further allows to add conditions over the system state, define countermeasures, and link to external security models.

Julian Schütte | Roland Rieke | Timo Winkelvos

[1] Szabolcs Rozsnyai,et al. Event-driven rules for sensing and responding to business situations , 2007, DEBS '07.

[2] Robert Fox. Moving from data to information , 2004, OCLC Syst. Serv..

[3] Stefan Biffl,et al. Knowledge-based Runtime Failure Detection for Industrial Automation Systems , 2010, Models@run.time.

[4] Hervé Debar,et al. The Intrusion Detection Message Exchange Format (IDMEF) , 2007, RFC.

[5] David Clark,et al. Safety and Security Analysis of Object-Oriented Models , 2002, SAFECOMP.

[6] Carsten Rudolph,et al. On a formal framework for security properties , 2005, Comput. Stand. Interfaces.

[7] Ruth Breu,et al. Using an Enterprise Architecture for IT Risk Management , 2006, ISSA.

[8] Luigi Coppolino,et al. Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study , 2011, SAFECOMP.

[9] Roland Rieke,et al. Model-based Situational Security Analysis , 2011 .