Real-time Security & Dependability monitoring: Make it a bundle

Security & Dependability (SEC&DEP) monitoring has definitely become a number one priority, since it is understood that it is the pre-requisite for allowing system operation to continue also in the presence of faults and/or attacks. Since effective remediation requires that the right actions be taken at the right time, in order for SEC&DEP monitoring to be really useful, the results of the monitoring process must be made available in a timely fashion, i.e. in (near) real-time. A plethora of technologies exists, that individually represent a (potentially) effective building block of a real-time SEC&DEP monitoring facility, but - regrettably - they very much lack integration. We claim that a significant advancement in the convergence of such technologies is needed. While recently some achievements have been made, much is yet to be done. In this paper, we briefly review the current State Of The Art (SOTA) of technologies that can be used to implement a real-time SEC&DEP monitoring facility, with two objectives: 1) perform a gap analysis, i.e. point out the major limitations of such technologies, and 2) identify the main avenues towards effective SEC&DEP monitoring.

[1]  Luigi Coppolino,et al.  Exposing vulnerabilities in electric power grids: An experimental approach , 2014, Int. J. Crit. Infrastructure Prot..

[2]  Li Yang,et al.  Management Information System for Dam Safety Monitoring Based on B/S Structure , 2009, 2009 First International Conference on Information Science and Engineering.

[3]  Luigi Coppolino,et al.  A Weight-Based Symptom Correlation Approach to SQL Injection Attacks , 2009, 2009 Fourth Latin-American Symposium on Dependable Computing.

[4]  Alessandro Cilardo,et al.  Adaptable Parsing of Real-Time Data Streams , 2007, 15th EUROMICRO International Conference on Parallel, Distributed and Network-Based Processing (PDP'07).

[5]  Luigi Coppolino,et al.  Enhancing SIEM Technology to Protect Critical Infrastructures , 2012, CRITIS.

[6]  Luigi Coppolino,et al.  An Intrusion Detection System for Critical Information Infrastructures using Wireless Sensor Network technologies , 2010, 2010 5th International Conference on Critical Infrastructure (CRIS).

[7]  Luigi Coppolino,et al.  Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study , 2011, SAFECOMP.

[8]  Luigi Coppolino,et al.  Protecting the WSN Zones of a Critical Infrastructure via Enhanced SIEM Technology , 2012, SAFECOMP Workshops.

[9]  Luigi Coppolino,et al.  QoS Monitoring in a Cloud Services Environment: The SRT-15 Approach , 2011, Euro-Par Workshops.