Date post: | 14-Oct-2015 |
Category: |
Documents |
Upload: | christophe-feltus |
View: | 8 times |
Download: | 0 times |
of 12
5/24/2018 GIIS 2009 _ Multi-Agents System Service Based Platform in Telecommunication Security Incident Reaction
1/12
Multi-Agents System Service
based Platform inTelecommunication Security
Incident ReactionBenjamin Gteau, Djamel Khadraoui, Christophe Feltus
Public Research Centre Henri Tudor
5/24/2018 GIIS 2009 _ Multi-Agents System Service Based Platform in Telecommunication Security Incident Reaction
2/12
INTRODUCTION
Telecom and information systems are more
widely spread and heterogeneous
More complexity through their opening
More complexity through their interconnection
5/24/2018 GIIS 2009 _ Multi-Agents System Service Based Platform in Telecommunication Security Incident Reaction
3/12
Many challenges
Security management : Establish central or local permanent decision capabilities;
Have the necessary level of information;
Quickly collect the information, which is critical in case of anattack on a critical system node;
Launch automated countermeasures to quickly block a detectedattack.
Previous work : Reaction strategy consists of automating and adapting policieswhen attack occurs
towards a policy regulation process
5/24/2018 GIIS 2009 _ Multi-Agents System Service Based Platform in Telecommunication Security Incident Reaction
4/12
Security management challenges
From organisation business policy to
networks securitys state
Regulation loop
Agreement or automation
Conflict
management
5/24/2018 GIIS 2009 _ Multi-Agents System Service Based Platform in Telecommunication Security Incident Reaction
5/12
Requirement analysis and design
5/24/2018 GIIS 2009 _ Multi-Agents System Service Based Platform in Telecommunication Security Incident Reaction
6/12
Based on the requirement :
selected approach MAS
Advantages :
- reactivity and pro-activity
- cooperation
- autonomous
XACML architecture
A policy language implemented in XML
A processing model, describing how tointerpret the policies
5/24/2018 GIIS 2009 _ Multi-Agents System Service Based Platform in Telecommunication Security Incident Reaction
7/12
Agent based distributed architecture
Vertical dimensionOrganizational layer
Allows adding abstractionHigher level = global view
Horizontal dimension
Three basic componentsAgent function
5/24/2018 GIIS 2009 _ Multi-Agents System Service Based Platform in Telecommunication Security Incident Reaction
8/12
Agent based distributed architecture
Alert Correlation EngineCollect, correlate and analyze alerts
Forward to the reaction decision component
Police Instantiation EngineDecide if reaction is needed (based on
organization, behaviour, policy)
Modify, add or remove policy
Policy Deployment PointInstantiate and deploy policy
Enforcement of new policy to the PEP
New security state of the network
Development of a policy enforcement engine
5/24/2018 GIIS 2009 _ Multi-Agents System Service Based Platform in Telecommunication Security Incident Reaction
9/12
JADE
Java Agent DEvelopment framework
Software framework fully implemented in JAVA
Simplifies the implementation of multi-agentsystems through a middleware
The agent platform can be distributed acrossmachines
Configuration can be controlled via a remote GUI Set of system services :
Naming services, yellow pages services, messagetransport and parsing services
5/24/2018 GIIS 2009 _ Multi-Agents System Service Based Platform in Telecommunication Security Incident Reaction
10/12
Policy enforcement engine
- Components
- PIE, PDP, PEP
- Informationflow
- FIPA-ACL
- Agents- PIE, PDP, PEP
and Facilitator
5/24/2018 GIIS 2009 _ Multi-Agents System Service Based Platform in Telecommunication Security Incident Reaction
11/12
Policy Decision Point /
Enforcement Point
- Interaction between PDP and theFacilitator agents
- The Facilitator agent manage the
topology by retrieving PEP Agent- According to their localization
(IP/Mac addresses)
- According to the action/type (FW, FS,
etc.)- PDP decides PEP that is able to
implement the policies in terms ofrules or scripts on devices.
- PEP concretely apply the policy
5/24/2018 GIIS 2009 _ Multi-Agents System Service Based Platform in Telecommunication Security Incident Reaction
12/12
CONCLUSIONS
From organisation business policy to
networks securitys state - Regulation loop
Requirement analysis and design
Agent based distributed architecture
Vertical / Horizontal layer
JADE platform