Design and Implementation of A Network Security Management System
Keywords:Emergency Response, Device Organization, Network Security Management
In recent years, the emerged network worms and attacks have distributive characteristics, which can spread globally in a short time. Security management crossing network to co-defense network-wide attacks and improve the efficiency of security administration is urgently needed. This paper proposes a hierarchical distributed network security management system (HD-NSMS), which can centrally manage security across networks. First describes the system in macrostructure and microstructure; then discusses three key problems when building HD-NSMS: device model, alert mechanism, and emergency response mechanism; at last, it describes the implementation of HD-NSMS. The paper is valuable for implementing NSMS in that it derives from a practical network security management system (NSMS).
S. Lechner, “SAMSON: Management of Security in Open Systems”, Computer Communications, Sep 1994.
F. Stamatelopoulos, G. Koutepas, B. Maglaris., "System Security Management via SNMP", Proceedings of the 4th HPOVUA Workshop on Network and Systems Management, Madrid, Spain, April 1997.
Hyland P C．Concentric Supervision of Security Applications：A New Security Management Paradigm．In：Annual Computer Security Applications Conf．1998
Soon Choul Kim, Young Su Choi, Jin Wook Chung, "Study of security management system based on client/server model", ICC 1999 - IEEE International Conference on Communications, no. 1, June 1999 pp. 1403-1408.
K. Boudaoud and C. McCathieNevile. An intelligent agent-based model for security management. Proc. of the Seventh IEEE Symposium on Computers and Communications, July 1-4 2002.
J. Dawkins,K. Clark,G. Manes,and M. Papa. A Framework for Unified Network Security Management: Identifying and Tracking Security Threats on Converged Networks. Journal of Network and Systems Management, Vol. 13, No. 3, September 2005.
Kienzle DM, Elder MC . Recent worms: A survey and trends. In: Staniford S, ed. Proc. of the ACM CCS Workshop on Rapid Malcode (WORM 2003). Washington, 2003.
Federal Communications Commision, Computer Security Incident Response Guide, 2001.12. www.fcc.gov
H. Debar and A. Wespi, “Aggregation and Alert Correlation of Intrusion Detection Alerts”, Conference on Recent Advances in Intrusion Detection (RAID 2001), pp.85-103, Oct., 2001.
P. Ning, Y. Cui, and D. R. fand D. Xu. Techniques and tools for analyzing intrusion alerts. ACM Transactions on Information and System Security (TISSEC), 7(2):274--318, May. 2004.
Porras, P., Fong, M., and Valdes, A. 2002. A mission-impact-based approach to INFOSEC alarm correlation. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002). 95--114.
F. Cuppens. Managing Alerts in a Multi- Intrusion Detection Environment. Proceedings 17th Computer Security Applications Conference, New Orleans, LA, December2001.
Cuppens and Miege 2002 CUPPENS，F．AND MIEGE。A．2002．Alert correlation in a cooperative intrusion detection framework[A1．In ：Proceedings of the 2002 IEEE Symposium on Security and Privacy[C]，2002．
Check Point Software Technologies Ltd.http://www.checkpoint.com/products/downloads/Stateful_Inspection.pdf. 2005
Tobias Chyssler, Simin Nadjm-Tehrani, Stefan Burschka, Kalle Burbeck: Alarm Reduction and Correlation in Defence of IP Networks. WETICE 2004: 229-234
VALDES A，SKINNER K．Probabilistic alert correlation．In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection(RAID 2001).
Zhiyong Shan, Tanzirul Azim, Iulian Neamtiu. Finding Resume and Restart Errors in Android Applications. ACM Conference on Object-Oriented Programming, Systems, Languages & Applications (OOPSLA’16), November 2016. Accepted.
Zhiyong Shan, I. Neamtiu, Z. Qian and D. Torrieri, "Proactive restart as cyber maneuver for Android," Military Communications Conference, MILCOM 2015 - 2015 IEEE, Tampa, FL, 2015, pp. 19-24.
Jin, Xinxin, Soyeon Park, Tianwei Sheng, Rishan Chen, Zhiyong Shan, and Yuanyuan Zhou. "FTXen: Making hypervisor resilient to hardware faults on relaxed cores." In 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA’15), pp. 451-462. IEEE, 2015.
Zhiyong Shan, Xin Wang, Tzi-cker Chiueh: Shuttle: Facilitating Inter-Application Interactions for OS-Level Virtualization. IEEE Trans. Computers 63(5): 1220-1233 (2014)
Zhiyong Shan, Xin Wang: Growing Grapes in Your Computer to Defend Against Malware. IEEE Transactions on Information Forensics and Security 9(2): 196-207 (2014)
Zhiyong Shan, Xin Wang, Tzi-cker Chiueh: Malware Clearance for Secure Commitment of OS-Level Virtual Machines. IEEE Transactions on Dependable and Secure Computing. 10(2): 70-83 (2013)
Zhiyong Shan, Xin Wang, Tzi-cker Chiueh: Enforcing Mandatory Access Control in Commodity OS to Disable Malware. IEEE Transactions on Dependable and Secure Computing 9(4): 541-555 (2012)
Zhiyong Shan, Xin Wang, Tzi-cker Chiueh, Xiaofeng Meng: Facilitating inter-application interactions for OS-level virtualization. In Proceedings of the 8th ACM Annual International Conference on Virtual Execution Environments (VEE’12), 75-86
Zhiyong Shan, Xin Wang, Tzi-cker Chiueh, and Xiaofeng Meng. "Safe side effects commitment for OS-level virtualization." In Proceedings of the 8th ACM international conference on Autonomic computing (ICAC’11), pp.111-120.ACM, 2011.
Zhiyong Shan, Xin Wang, and Tzi-cker Chiueh. 2011. Tracer: enforcing mandatory access control in commodity OS with the support of light-weight intrusion detection and tracing. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS '11). ACM, New York, NY, USA, 135-144. (full paper acceptance rate 16%)
Shan, Zhiyong, Tzi-cker Chiueh, and Xin Wang. "Virtualizing system and ordinary services in Windows-based OS-level virtual machines." In Proceedings of the 2011 ACM Symposium on Applied Computing, pp. 579-583. ACM, 2011.
Shan, Zhiyong, Yang Yu, and Tzi-cker Chiueh. "Confining windows inter-process communications for OS-level virtual machine." In Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems, pp. 30-35. ACM, 2009.
Shan, Zhiyong. "Compatible and Usable Mandatory Access Control for Good-enough OS Security." In Electronic Commerce and Security, 2009. ISECS'09. Second International Symposium on, vol. 1, pp. 246-250. IEEE, 2009.
Xiao Li, Wenchang Shi, Zhaohui Liang, Bin Liang, Zhiyong Shan. Operating System Mechanisms for TPM-Based Lifetime Measurement of Process Integrity. Proceedings of the IEEE 6th International Conference on Mobile Adhoc and Sensor Systems (MASS 2009), Oct., 2009, Macau SAR, P.R.China, IEEE Computer Society. pp. 783--789.
Xiao Li, Wenchang Shi, Zhaohui Liang, Bin Liang, Zhiyong Shan. Design of an Architecture for Process Runtime Integrity Measurement. Microelectronics & Computer, Vol.26, No.9, Sep 2009:183~186.
How to Cite
Copyright (c) 2020 Zhiyong Shan, Vinod Namboodiri
This work is licensed under a Creative Commons Attribution 4.0 International License.