Model-Based Security Event Management

Schütte, Julian; Rieke, Roland; Winkelvos, Timo

doi:10.1007/978-3-642-33704-8_16

Julian Schütte¹⁸,
Roland Rieke¹⁹ &
Timo Winkelvos¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 7531))

Included in the following conference series:

International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security

2140 Accesses
5 Citations

Abstract

With the growing size and complexity of current ICT infrastructures, it becomes increasingly challenging to gain an overview of potential security breaches. Security Information and Event Management systems which aim at collecting, aggregating and processing security-relevant information are therefore on the rise. However, the event model of current systems mostly describes network events and their correlation, but is not linked to a comprehensive security model, including system state, security and compliance requirements, countermeasures, and affected assets. In this paper we introduce a comprehensive semantic model for security event management. Besides the description of security incidents, the model further allows to add conditions over the system state, define countermeasures, and link to external security models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Monitoring up the Stack: Adding Value to SIEM. White paper, Securosis L.L.C., Phoenix, AZ (2010)
Google Scholar
Applied Network Security Analysis: Moving from Data to Information. White paper, Securosis L.L.C., Phoenix, AZ (2011)
Google Scholar
Project MASSIF website (2012), http://www.massif-project.eu/
AlienValult: AlienVault Unified SIEM (2010), http://www.alienvault.com/
Araknos: Akab2 (July 2012), http://www.araknos.it/en/prodotti/akab2.html
ArcSight Inc.: Common event format: Event interoperability standard (August 2006), http://www.arcsight.com/collateral/CEFstandards.pdf
Buecker, A., Amado, J., Druker, D., Lorenz, C., Muehlenbrock, F., Tan, R.: IT Security Compliance Management Design Guide with IBM Tivoli Security Information and Event Manager. IBM Redbooks (July 2010) ISBN 0-7384-3446-9
Google Scholar
Coppolino, L., D’Antonio, S., Formicola, V., Romano, L.: Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study. In: Flammini, F., Bologna, S., Vittorini, V. (eds.) SAFECOMP 2011. LNCS, vol. 6894, pp. 199–212. Springer, Heidelberg (2011)
Chapter Google Scholar
CS: Prelude SIEM (July 2012), http://www.prelude-technologies.com
Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format (IDMEF). RFC 4765 (Experimental) (March 2007)
Google Scholar
Eichler, J., Rieke, R.: Model-based Situational Security Analysis. In: Proc. of the 6th Int’l Workshop on Models@run.time at the 14th Int’l Conf. on Model Driven Engineering Languages and Systems (MODELS 2011), Wellington, New Zealand, CEUR Workshop Proceedings, vol. 794, pp. 25–36. IEEE Computer Society (2011)
Google Scholar
Gürgens, S., Ochsenschläger, P., Rudolph, C.: On a formal framework for security properties. Computer Standards & Interfaces 27, 457–466 (2005)
Article Google Scholar
Iec, I.: ISO/IEC 27004:2009 - Information technology - Security techniques - Information security management - Measurement. ISOIEC (2009)
Google Scholar
Innerhofer-Oberperfler, F., Breu, R.: Using an enterprise architecture for it risk management. In: Proc. of the ISSA Conf. from Insight to Foresight (2006)
Google Scholar
Kotenko, I., et al.: Analytical attack modeling. Tech. Rep. Deliverable D4.3.1, MASSIF Project (2011)
Google Scholar
Lieberman Software: Common event format configuration guide (January 2010)
Google Scholar
Melik-Merkumians, M., Moser, T., Schatten, A., Zoitl, A., Biffl, S.: Knowledge-based runtime failure detection for industrial automation systems. In: Workshop Models@run.time. pp. 108–119. CEUR (2010)
Google Scholar
Schiefer, J., Rozsnyai, S., Rauscher, C., Saurer, G.: Event-driven rules for sensing and responding to business situations. In: Int’l Conf. on Distributed Event-Based Systems (DEBS), pp. 198–205 (2007)
Google Scholar
Verissimo, P., et al.: Massif architecture document. Tech. Rep. Deliverable D2.1.1, MASSIF Project (2011)
Google Scholar

Download references

Author information

Authors and Affiliations

Fraunhofer Institution AISEC, Munich, Germany
Julian Schütte
Fraunhofer Institute SIT, Darmstadt, Germany
Roland Rieke & Timo Winkelvos

Authors

Julian Schütte
View author publications
You can also search for this author in PubMed Google Scholar
Roland Rieke
View author publications
You can also search for this author in PubMed Google Scholar
Timo Winkelvos
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

St. Petersburg Institute for Informatics and Automation, Russian Academy of Science, 39, 14th Liniya, 199178, St.-Petersburg, Russia
Igor Kotenko
Binghamton University (SUNYI), 13902, Binghamton, NY, USA
Victor Skormin

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Schütte, J., Rieke, R., Winkelvos, T. (2012). Model-Based Security Event Management. In: Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2012. Lecture Notes in Computer Science, vol 7531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33704-8_16

Download citation

DOI: https://doi.org/10.1007/978-3-642-33704-8_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33703-1
Online ISBN: 978-3-642-33704-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics