“An intrusion-tolerant firewall design for protecting SIEM systems”

From Navigators

Jump to: navigation, search

Miguel Garcia, Nuno Ferreira Neves, Alysson Bessani

in Workshop on Systems Resilience in conjunction with the Conference on Dependable Systems and Networks, Jun. 2013.

Abstract: Nowadays, organizations are resorting to Security Information and Event Management (SIEM) systems to monitor and manage their network infrastructures. SIEMs employ a data collection capability based on many sensors placed in critical points of the network, which forwards events to a core facility for processing and support different forms of analysis (e.g., report attacks in near real time, inventory management, risk assessment). In this paper, we will focus on the defense of the core facility components by presenting a new firewall design that is resilient to very harsh failure scenarios. In particular, it tolerates not only external attacks but also the intrusion of some of its components. The firewall employs a two level filtering scheme to increase performance and to allow for some flexibility on the selection of fault-tolerance mechanisms. The first filtering stage efficiently eliminates the most common forms of attacks, while the second stage supports application rules for a more sophisticated analysis of the traffic. The fault tolerance mechanisms are based on a detection and recovery approach for the first stage, while the second stage uses state machine replication and voting.

Download paper

Download An intrusion-tolerant firewall design for protecting SIEM systems

Export citation

BibTeX

Project(s): Project:MASSIF

Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)

Personal tools
Navigators toolbox