Abstract
With the growing size and complexity of current ICT infrastructures, it becomes increasingly challenging to gain an overview of potential security breaches. Security Information and Event Management systems which aim at collecting, aggregating and processing security-relevant information are therefore on the rise. However, the event model of current systems mostly describes network events and their correlation, but is not linked to a comprehensive security model, including system state, security and compliance requirements, countermeasures, and affected assets. In this paper we introduce a comprehensive semantic model for security event management. Besides the description of security incidents, the model further allows to add conditions over the system state, define countermeasures, and link to external security models.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Monitoring up the Stack: Adding Value to SIEM. White paper, Securosis L.L.C., Phoenix, AZ (2010)
Applied Network Security Analysis: Moving from Data to Information. White paper, Securosis L.L.C., Phoenix, AZ (2011)
Project MASSIF website (2012), http://www.massif-project.eu/
AlienValult: AlienVault Unified SIEM (2010), http://www.alienvault.com/
Araknos: Akab2 (July 2012), http://www.araknos.it/en/prodotti/akab2.html
ArcSight Inc.: Common event format: Event interoperability standard (August 2006), http://www.arcsight.com/collateral/CEFstandards.pdf
Buecker, A., Amado, J., Druker, D., Lorenz, C., Muehlenbrock, F., Tan, R.: IT Security Compliance Management Design Guide with IBM Tivoli Security Information and Event Manager. IBM Redbooks (July 2010) ISBN 0-7384-3446-9
Coppolino, L., D’Antonio, S., Formicola, V., Romano, L.: Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study. In: Flammini, F., Bologna, S., Vittorini, V. (eds.) SAFECOMP 2011. LNCS, vol. 6894, pp. 199–212. Springer, Heidelberg (2011)
CS: Prelude SIEM (July 2012), http://www.prelude-technologies.com
Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format (IDMEF). RFC 4765 (Experimental) (March 2007)
Eichler, J., Rieke, R.: Model-based Situational Security Analysis. In: Proc. of the 6th Int’l Workshop on Models@run.time at the 14th Int’l Conf. on Model Driven Engineering Languages and Systems (MODELS 2011), Wellington, New Zealand, CEUR Workshop Proceedings, vol. 794, pp. 25–36. IEEE Computer Society (2011)
Gürgens, S., Ochsenschläger, P., Rudolph, C.: On a formal framework for security properties. Computer Standards & Interfaces 27, 457–466 (2005)
Iec, I.: ISO/IEC 27004:2009 - Information technology - Security techniques - Information security management - Measurement. ISOIEC (2009)
Innerhofer-Oberperfler, F., Breu, R.: Using an enterprise architecture for it risk management. In: Proc. of the ISSA Conf. from Insight to Foresight (2006)
Kotenko, I., et al.: Analytical attack modeling. Tech. Rep. Deliverable D4.3.1, MASSIF Project (2011)
Lieberman Software: Common event format configuration guide (January 2010)
Melik-Merkumians, M., Moser, T., Schatten, A., Zoitl, A., Biffl, S.: Knowledge-based runtime failure detection for industrial automation systems. In: Workshop Models@run.time. pp. 108–119. CEUR (2010)
Schiefer, J., Rozsnyai, S., Rauscher, C., Saurer, G.: Event-driven rules for sensing and responding to business situations. In: Int’l Conf. on Distributed Event-Based Systems (DEBS), pp. 198–205 (2007)
Verissimo, P., et al.: Massif architecture document. Tech. Rep. Deliverable D2.1.1, MASSIF Project (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schütte, J., Rieke, R., Winkelvos, T. (2012). Model-Based Security Event Management. In: Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2012. Lecture Notes in Computer Science, vol 7531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33704-8_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-33704-8_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33703-1
Online ISBN: 978-3-642-33704-8
eBook Packages: Computer ScienceComputer Science (R0)