Files in this item



application/pdfTHAKORE-THESIS-2015.pdf (1MB)
(no description provided)PDF


Title:A quantitative methodology for evaluating and deploying security monitors
Author(s):Thakore, Uttam
Advisor(s):Sanders, William H.
Department / Program:Computer Science
Discipline:Computer Science
Degree Granting Institution:University of Illinois at Urbana-Champaign
Subject(s):computer security
monitor deployment
monitor placement
intrusion tolerance
intrusion detection
digital forensics
Abstract:Despite advances in intrusion detection and prevention systems, attacks on networked computer systems continue to succeed. Intrusion tolerance and forensic analysis are required to adequately detect and defend against attacks that succeed. Intrusion tolerance and forensic analysis techniques depend on monitors to collect information about possible attacks. Since monitoring can be expensive, however, monitors must be selectively deployed to maximize their overall utility. We identify a need for a methodology for evaluating monitor deployment to determine a placement of monitors that meets both security goals and cost constraints. In this thesis, we introduce a methodology both to quantitatively evaluate monitor deployments in terms of security goals and to deploy monitors optimally based on cost constraints. First, we define a system and data model that describes the system we aim to protect, the monitors that can be deployed, and the relationship between intrusions and data generated by monitors. Second, we define a set of quantitative metrics that both quantify the utility and richness of monitor data with respect to intrusion detection, and quantify the cost associated with monitor deployment. We describe how a practitioner could characterize intrusion detection requirements in terms of target values of our metrics. Finally, we use our data model and metrics to formulate a method to determine the cost-optimal, maximum-utility placement of monitors. We illustrate our approach throughout the thesis with a working example, and demonstrate its practicality and expressiveness with a case study based on an enterprise Web service architecture. The value of our approach comes from its ability to determine optimal monitor placements, which can be counterintuitive or difficult to find, for nearly any set of cost and intrusion detection parameters.
Issue Date:2015-07-22
Rights Information:Copyright 2015 Uttam Thakore
Date Available in IDEALS:2015-09-29
Date Deposited:August 201

This item appears in the following Collection(s)

Item Statistics