GIIS 2009 _ Multi-Agents System Service Based Platform in Telecommunication Security Incident...

5/24/2018 GIIS 2009 _ Multi-Agents System Service Based Platform in Telecommunication Security Incident Reaction

1/12

Multi-Agents System Service

based Platform inTelecommunication Security

Incident ReactionBenjamin Gteau, Djamel Khadraoui, Christophe Feltus

Public Research Centre Henri Tudor


2/12

INTRODUCTION

Telecom and information systems are more

widely spread and heterogeneous

More complexity through their opening

More complexity through their interconnection


3/12

Many challenges

Security management : Establish central or local permanent decision capabilities;

Have the necessary level of information;

Quickly collect the information, which is critical in case of anattack on a critical system node;

Launch automated countermeasures to quickly block a detectedattack.

Previous work : Reaction strategy consists of automating and adapting policieswhen attack occurs

towards a policy regulation process


4/12

Security management challenges

From organisation business policy to

networks securitys state

Regulation loop

Agreement or automation

Conflict

management


5/12

Requirement analysis and design


6/12

Based on the requirement :

selected approach MAS

Advantages :

- reactivity and pro-activity

- cooperation

- autonomous

XACML architecture

A policy language implemented in XML

A processing model, describing how tointerpret the policies


7/12

Agent based distributed architecture

Vertical dimensionOrganizational layer

Allows adding abstractionHigher level = global view

Horizontal dimension

Three basic componentsAgent function


8/12


Alert Correlation EngineCollect, correlate and analyze alerts

Forward to the reaction decision component

Police Instantiation EngineDecide if reaction is needed (based on

organization, behaviour, policy)

Modify, add or remove policy

Policy Deployment PointInstantiate and deploy policy

Enforcement of new policy to the PEP

New security state of the network

Development of a policy enforcement engine


9/12

JADE

Java Agent DEvelopment framework

Software framework fully implemented in JAVA

Simplifies the implementation of multi-agentsystems through a middleware

The agent platform can be distributed acrossmachines

Configuration can be controlled via a remote GUI Set of system services :

Naming services, yellow pages services, messagetransport and parsing services


10/12

Policy enforcement engine

- Components

- PIE, PDP, PEP

- Informationflow

- FIPA-ACL

- Agents- PIE, PDP, PEP

and Facilitator


11/12

Policy Decision Point /

Enforcement Point

- Interaction between PDP and theFacilitator agents

- The Facilitator agent manage the

topology by retrieving PEP Agent- According to their localization

(IP/Mac addresses)

- According to the action/type (FW, FS,

etc.)- PDP decides PEP that is able to

implement the policies in terms ofrules or scripts on devices.

- PEP concretely apply the policy


12/12

CONCLUSIONS

From organisation business policy to

networks securitys state - Regulation loop

Requirement analysis and design


Vertical / Horizontal layer

JADE platform

Date post:	14-Oct-2015
Category:	Documents
Upload:	christophe-feltus
View:	8 times
Download:	0 times

GIIS 2009 _ Multi-Agents System Service Based Platform in Telecommunication Security Incident...

Documents