Protecting grids from cross-domain attacks using security alert sharing mechanisms

In single administrative domain networks there is only one security policy which can be evaluated by the IT security manager, thanks to monitoring and reporting tools. Grid networks are often composed of different administrative domains owned by different organizations dispersed globally. Such networks are referred to as multi-administrative domain networks. Each domain might have its own security policy and may not want to share its security data with less-protected networks, making it more complex to ensure the security of such networks and protecting them from cross-domain attacks. We propose a Security Event Manager (SEM) called the Grid Security Operation Center (GSOC), which facilitates IT security managers in giving a view of the security of the whole grid network without compromising confidentiality of security data. To do so, GSOC provides a security evaluation of each administrative domain (AD) and a parametric security alert sharing scheme. Alert sharing can then be tuned in order to meet local security policy rules. Highlights� Security evaluation is proposed in order to assign security levels to the members of one grid. � Security alert sharing is presented which helps in blocking cross-domain attacks. � Alert sharing mechanism gives a global view of security of the entire grid computing network.

[1]  Julien Bourgeois,et al.  A Global Security Architecture for Intrusion Detection on Computer Networks , 2007, 2007 IEEE International Parallel and Distributed Processing Symposium.

[2]  Jun Li,et al.  The Architecture of the Large-scale Distributed Intrusion Detection System , 2005, Sixth International Conference on Parallel and Distributed Computing Applications and Technologies (PDCAT'05).

[3]  Li Xiong,et al.  DPCube: Releasing Differentially Private Data Cubes for Health Information , 2012, 2012 IEEE 28th International Conference on Data Engineering.

[4]  Tal Garfinkel,et al.  When Virtual Is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments , 2005, HotOS.

[5]  Chao-Tung Yang,et al.  Integrating grid with intrusion detection , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[6]  Chao-Tung Yang,et al.  A performance-based grid intrusion detection system , 2005, 29th Annual International Computer Software and Applications Conference (COMPSAC'05).

[7]  Fang-Yie Leu,et al.  Intrusion Detection based on Grid , 2006, 2006 International Multi-Conference on Computing in the Global Information Technology - (ICCGI'06).

[8]  Bill Cheswick,et al.  Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.

[9]  Marian Bubak,et al.  Perspectives on grid computing , 2010, Future Gener. Comput. Syst..

[10]  Dimitrios Pendarakis,et al.  Security audits of multi-tier virtual infrastructures in public infrastructure clouds , 2010, CCSW '10.

[11]  Li Xiong,et al.  DObjects+: Enabling Privacy-Preserving Data Federation Services , 2012, 2012 IEEE 28th International Conference on Data Engineering.

[12]  H. Raghav Rao,et al.  Security in grid computing: A review and synthesis , 2008, Decis. Support Syst..

[13]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[14]  Julien Bourgeois,et al.  Fast attack detection using correlation and summarizing of security alerts in grid computing networks , 2012, The Journal of Supercomputing.

[15]  Carla Merkle Westphall,et al.  Composition of a DIDS by integrating heterogeneous IDSs on grids , 2006, MCG '06.

[16]  Stuart Kenny,et al.  Towards a Grid-wide Intrusion Detection System , 2005, EGC.

[17]  张哉根,et al.  Leu-M , 1991 .

[18]  Jie Pan,et al.  Introduction to Grid Computing , 2009 .

[19]  Ahmad-Reza Sadeghi,et al.  Trustworthy Clouds Underpinning the Future Internet , 2011, Future Internet Assembly.

[20]  Julien Bourgeois,et al.  Minimization of Security Alerts under Denial of Service Attacks in Grid Computing Networks , 2011 .

[21]  Ahmad-Reza Sadeghi,et al.  AmazonIA: when elasticity snaps back , 2011, CCS '11.

[22]  Anirban Chakrabarti Grid computing security , 2007 .

[23]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[24]  Rangga Wildani IMPLEMENTASI INTRUSION DETECTION SYSTEM (IDS) SNORT PADA LABORATORIUM JARINGAN KOMPUTER LEPKOM UNIVERSITAS GUNADARMA , 2010 .

[25]  Stephen Northcutt,et al.  Network intrusion detection , 2003 .

[26]  Julien Bourgeois,et al.  A global security architecture for intrusion detection on computer networks , 2008, Comput. Secur..

[28]  Julien Bourgeois,et al.  Defining a simple metric for real-time security level evaluation of multi-sites networks , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing.

[29]  Julien Bourgeois,et al.  Towards a Global Security Architecture for Intrusion Detection and Reaction Management , 2003, WISA.

[30]  Ernesto Damiani,et al.  An XML-based approach to combine firewalls and web services security specifications , 2003, XMLSEC '03.

[31]  Julien Bourgeois,et al.  Managing Security of Grid Architecture with a Grid Security Operation Center , 2009, SECRYPT.

[32]  Christine Morin,et al.  Virtual Organization Support within a Grid-Wide Operating System , 2008, IEEE Internet Computing.

[33]  Engin Kirda,et al.  A security analysis of Amazon's Elastic Compute Cloud service , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN 2012).