MASSIF: MAnagement of Security information and events in Service Infrastructures

From Navigators

Latest revision as of 17:54, 16 December 2014

http://www.massif-project.eu/

• Research Line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)
• Sponsor: EU (FP7-ICT Integrated project)
• Project Number: 257475
• Total award amount: 5.95M Euros
• Coordinator: Atos Origin
• Partners: Atos Origin, CINI, Epsilon srl, Orange Labs - FranceTelecom, Fraunhofer-SIT, FCUL, SPIIRAS, Télécom SudParis, AlienVault, T-SystemsSouth Africa, Distributed Systems Laboratory (LSD - Universidad Politécnica deMadrid), 6CURE
• Start Date: Oct. 2010
• Duration: 36 months
• Team at FCUL: Researchers including Nuno Ferreira Neves, Paulo Verissimo, Alysson Bessani, António Casimiro

Summary

“Prevention is ideal, but detection is a must.”

The main objective of MASSIF is to achieve a significant advance in the area of (Security Information and Event Management). On the base of proper multi-level event correlation MASSIF will provide innovation techniques in order to enable the detection of upcoming security threats and trigger remediation actions even before the occurrence of possible security incidences. Thus, MASSIF will develop a new generation SIEM framework for service infrastructures supporting intelligent, scalable, and multi-level/multi-domain security event processing and predictive security monitoring. Such service-level SIEM involves the modelling and formal validation of security, including trusted computing concepts, architecture for dependable and resilient collection of service events, supported by an extremely scalable and high performance event collection and processing framework, in the context of service-level attack models.

Four industrial domains serve as a source for requirements and to validate and demonstrate project results:

1. Olympic Games IT infrastructure deployed and managed by Atos Origin;
2. France Telecom scenario on "Mobile phone based money transfer service" facing security events, especially for the "non-IT" and "service" events;
3. T-Systems South Africa provides managed IT outsource services with a high degree of complexity in setting up SIEM systems for large distributed enterprises;
4. Epsilon (an SME) will demonstrate the use of the advanced concepts of SIEM in an IT system supporting a critical infrastructure (dam).

Publications

• Miguel Garcia, Nuno Ferreira Neves, Alysson Bessani, “SieveQ: A Layered BFT Protection System for Critical Services”, IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 3, pp. 511–525, Jun. 2018.

• Ibéria Medeiros, “Detection of Vulnerabilities and Automatic Protection for Web Applications”, Ph.D. dissertation, Departamento de Informática, Faculdade de Ciências, Universidade de Lisboa, Sept. 2016.

• Miguel Garcia, Alysson Bessani, Ilir Gashi, Nuno Ferreira Neves, Rafael R. Obelheiro, “Analysis of OS Diversity for Intrusion Tolerance”, Software: Practice and Experience, vol. 44, no. 8, pp. 735–770, Jun. 2014.

• José Lopes, Nuno Ferreira Neves, “Stopping a Rapid Tornado with a Puff”, in Proceedings of the IEEE Symposium on Security and Privacy (Oakland), San Jose, USA, May 2014.

• Alysson Bessani, João Sousa, Eduardo Alchieri, “State Machine Replication for the Masses with BFT-SMART”, University of Lisbon, DI-FCUL, Tech. Rep. TR-2013-07, Nov. 2013. http://hdl.handle.net/10451/14170

• Ibéria Medeiros, Nuno Neves, Miguel Correia, “Securing Energy Metering Software with Automatic Source Code Correction”, in IEEE International Conference on Industrial Informatics (INDIN), Bochum, Germany, Jul. 2013.

• Miguel Garcia, Nuno Ferreira Neves, Alysson Bessani, “An intrusion-tolerant firewall design for protecting SIEM systems”, in Workshop on Systems Resilience in conjunction with the Conference on Dependable Systems and Networks, Jun. 2013.

• Miguel Correia, Nuno Ferreira Neves, Paulo Verissimo, “BFT-TO: Intrusion Tolerance with”, The Computer Journal, vol. 56, no. 6, pp. 693–715, Jun. 2013.

• Bruno Vavala, Nuno Neves, “Robust and Speculative Byzantine Randomized Consensus with Constant Time Complexity in Normal Conditions”, in Proceedings of the 31st IEEE Symposium on Reliable and Distributed Systems (SRDS), Oct. 2012.

• Miguel Garcia, Nuno Ferreira Neves, Alysson Bessani, “DIVERSYS: DIVErse Rejuvenation SYStem”, in NFORUM 2012 - Simpósio de Informática, Lisbon, Portugal, Sept. 2012.

• Alysson Bessani, “(BFT) State Machine Replication: The Hype, The Virtue... and even some Practice”, Apr. 2012.

• Alysson Bessani, João Sousa, Eduardo Alchieri, “... And StateMachine Replication for All with BFT-SMaRt”, Apr. 2012.

• Mônica Dixit, Henrique Moniz, António Casimiro, “Timeout-based adaptive consensus: improving performance through adaptation”, in Proceedings of the 27th ACM Symposium on Applied Computing, Dependable and Adaptive Distributed Systems Track, Riva del Garda (Trento), Italy, Mar. 2012, pp. 492–497. http://doi.acm.org/10.1145/2245276.2245371

• João Antunes, Nuno Ferreira Neves, “Using Behavioral Profiles to Detect Software Flaws in Network Servers”, in Proceedings of the International Symposium on Software Reliability Engineering (ISSRE), Nov. 2011.

• João Antunes, Nuno Ferreira Neves, “DiveInto: Supporting Diversity in Intrusion-Tolerant Systems”, in Proceedings of the Symposium on Reliable Distributed Systems (SRDS), Oct. 2011.

• Miguel Garcia, Alysson Bessani, Nuno Ferreira Neves, “Diverse OS Rejuvenation for Intrusion Tolerance”, in Poster in Supplement of the IEEE/IFIP International Conference on Dependable Systems and Networks, Jun. 2011.

• Miguel Garcia, Alysson Bessani, Ilir Gashi, Nuno Ferreira Neves, Rafael R. Obelheiro, “OS Diversity for Intrusion Tolerance: Myth or Reality?”, in Proceedings of the International Conference on Dependable Systems and Networks - DSN'11. Hong Kong, China, June 2011., Jun. 2011.

• João Antunes, Nuno Ferreira Neves, “Automatically Complementing Protocol Specifications From Network Traces”, in 13th European Workshop on Dependable Computing, May 2011.

BibTeX