MASSIF: MAnagement of Security information and events in Service Infrastructures

From Navigators

(Difference between revisions)
Jump to: navigation, search
 
Line 13: Line 13:
|year=2010
|year=2010
|Duration months=36
|Duration months=36
-
|Summary=''“Prevention is ideal, but detection is a must.”''
+
|Summary===Summary==
 +
 
 +
''“Prevention is ideal, but detection is a must.”''
The main objective of MASSIF is to achieve a significant advance in the area of (Security Information and Event Management). On the base of proper multi-level event correlation MASSIF will provide innovation techniques in order to enable the detection of upcoming security threats and trigger remediation actions even before the occurrence of possible security incidences. Thus, MASSIF will develop a new generation SIEM framework for service infrastructures supporting intelligent, scalable, and multi-level/multi-domain security event processing and predictive security monitoring. Such service-level SIEM involves the modelling and formal validation of security, including trusted computing concepts, architecture for dependable and resilient collection of service events, supported by an extremely scalable and high performance event collection and processing framework, in the context of service-level attack models.
The main objective of MASSIF is to achieve a significant advance in the area of (Security Information and Event Management). On the base of proper multi-level event correlation MASSIF will provide innovation techniques in order to enable the detection of upcoming security threats and trigger remediation actions even before the occurrence of possible security incidences. Thus, MASSIF will develop a new generation SIEM framework for service infrastructures supporting intelligent, scalable, and multi-level/multi-domain security event processing and predictive security monitoring. Such service-level SIEM involves the modelling and formal validation of security, including trusted computing concepts, architecture for dependable and resilient collection of service events, supported by an extremely scalable and high performance event collection and processing framework, in the context of service-level attack models.
Line 23: Line 25:
#T-Systems South Africa provides managed IT outsource services with a high degree of complexity in setting up SIEM systems for large distributed enterprises;
#T-Systems South Africa provides managed IT outsource services with a high degree of complexity in setting up SIEM systems for large distributed enterprises;
#Epsilon (an SME) will demonstrate the use of the advanced concepts of SIEM in an IT system supporting a critical infrastructure (dam).
#Epsilon (an SME) will demonstrate the use of the advanced concepts of SIEM in an IT system supporting a critical infrastructure (dam).
-
|Researchers=Nuno Ferreira Neves, Paulo Verissimo, Alysson Bessani, António Casimiro,  
+
|Researchers=Nuno Ferreira Neves, Paulo Verissimo, Alysson Bessani, António Casimiro,
}}
}}

Latest revision as of 17:54, 16 December 2014

http://www.massif-project.eu/

Summary

“Prevention is ideal, but detection is a must.”

The main objective of MASSIF is to achieve a significant advance in the area of (Security Information and Event Management). On the base of proper multi-level event correlation MASSIF will provide innovation techniques in order to enable the detection of upcoming security threats and trigger remediation actions even before the occurrence of possible security incidences. Thus, MASSIF will develop a new generation SIEM framework for service infrastructures supporting intelligent, scalable, and multi-level/multi-domain security event processing and predictive security monitoring. Such service-level SIEM involves the modelling and formal validation of security, including trusted computing concepts, architecture for dependable and resilient collection of service events, supported by an extremely scalable and high performance event collection and processing framework, in the context of service-level attack models.

Four industrial domains serve as a source for requirements and to validate and demonstrate project results:

  1. Olympic Games IT infrastructure deployed and managed by Atos Origin;
  2. France Telecom scenario on "Mobile phone based money transfer service" facing security events, especially for the "non-IT" and "service" events;
  3. T-Systems South Africa provides managed IT outsource services with a high degree of complexity in setting up SIEM systems for large distributed enterprises;
  4. Epsilon (an SME) will demonstrate the use of the advanced concepts of SIEM in an IT system supporting a critical infrastructure (dam).

Publications

  • Miguel Garcia, Alysson Bessani, Ilir Gashi, Nuno Ferreira Neves, Rafael R. Obelheiro, “OS Diversity for Intrusion Tolerance: Myth or Reality?”, in Proceedings of the International Conference on Dependable Systems and Networks - DSN'11. Hong Kong, China, June 2011., Jun. 2011.

BibTeX

Navigators - MASSIF project
Personal tools
Navigators toolbox