Abstract
As network attacks become more complex, defence strategies must provide means to handle more flexible and dynamic requirements. The Multiprotocol Label Switching (MPLS) standard is a promising method to properly handle suspicious flows participating in such network attacks. Tasks such as alert data extraction, and MPLS routers configuration present an entailment to activate the defence process. This paper introduces a novel framework to define, generate and implement mitigation policies on MPLS routers. The activation of such policies is triggered by the alerts and expressed using a high level formalism. An implementation of the approach is presented.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Eclipse. The Eclipse Foundation open source community website, http://www.eclipse.org/
MotOrBAC: an Open-Source OrBAC Policy Editor, http://motorbac.sourceforge.net/
MPLS for Linux, http://mpls-linux.sourceforge.net/
Autrel, F., Cuppens-Boulahia, N., Cuppens, F.: Reaction Policy Model Based on Dynamic Organizations and Threat Context. In: Gudes, E., Vaidya, J. (eds.) Data and Applications Security XXIII. LNCS, vol. 5645, pp. 49–64. Springer, Heidelberg (2009)
Awduche, D., Malcolm, J., Agogbua, J., O’Dell, M., McManus, J.: Requirements for Traffic Engineering Over MPLS. RFC 2702 (Informational) (September 1999)
Brunner, M., Quittek, J.: MPLS Management using Policies. In: 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings, pp. 515–528 (2001)
Cuppens, F., Alexandre, M.: Modelling Contexts in the Or-BAC Model. In: Proceedings of the 19th Annual Computer Security Applications Conference, ACSAC 2003, pp. 416–425. IEEE Computer Society, Washington, DC (2003)
Cuppens, F., Boulahia-Cuppens, N., Sans, T., Miege, A.: A Formal Approach to Specify and Deploy a Network Security Policy. In: Dimitrakos, T., Martinelli, F. (eds.) Formal Aspects in Security and Trust. IFIP, vol. 173, pp. 203–218. Springer, Boston (2005)
Cuppens, F., Cuppens-Boulahia, N., Miege, A.: Inheritance Hierarchies in the OrBAC Model and Application in a Network Security Environment. In: Second Foundations of Computer Security Workshop, FCS 2004 (2004)
Damianou, N., Dulay, N., Lupu, E.C., Sloman, M.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)
Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format (IDMEF). RFC 4765 (Experimental) (March 2007)
Debar, H., Thomas, Y., Boulahia-Cuppens, N., Cuppens, F.: Using Contextual Security Policies for Threat Response. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064, pp. 109–128. Springer, Heidelberg (2006)
Debar, H., Thomas, Y., Cuppens, F., Boulahia-Cuppens, N.: Enabling Automated Threat Response through the Use of a Dynamic Security Policy. Journal in Computer Virology 3(4), 195–210 (2007)
Le Faucheur, F., Wu, L., Davie, B., Davari, S., Vaananen, P., Krishnan, R., Cheval, P., Heinanen, J.: Multi-Protocol Label Switching (MPLS) Support of Differentiated Services. RFC 3270 (Proposed Standard), Updated by RFC 5462 (May 2002)
Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N.: Aggregating and Deploying Network Access Control Policies. In: Proceedings of the Second International Conference on Availability, Reliability and Security, ARES 2007, pp. 532–542. IEEE Computer Society, Washington, DC (2007)
Hachem, N., Debar, H., Garcia-Alfaro, J.: HADEGA: a Novel MPLS-based Mitigation Solution to Handle Network Attacks. In: 2012 IEEE 31st International Performance Computing and Communications Conference (IPCCC), pp. 171–180. IEEE (December 2012)
Han, W., Lei, C.: Survey Paper: a Survey on Policy Languages in Network and Security Management. Computer Networks 56(1), 477–489 (2012)
Hassan, A., Hudec, L.: Role Based Network Security Model: A Forward Step towards Firewall Management. In: Workshop on Security of Information Technologies (2003)
Isoyama, K., Brunner, M., Yoshida, M., Quittek, J., Chadha, R., Mykoniatis, G., Poylisher, A., Vaidyanathan, R., Kind, A., Reichmeyer, F.: Policy Framework MPLS Information Model for QoS and TE. IETF Internet Draft – expired 01 (December 2000)
Kagal, L.: Rei: a Policy Language for the Me-Centric Project. Technical report, HP labs (2002)
Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: 4th International Workshop on Policies for Distributed Systems and Networks (Policy 2003), pp. 120–131. IEEE (2003)
Lobo, J., Bhatia, R., Naqvi, S.: A Policy Description Language. In: Proceedings of the Sixteenth National Conference on Artificial Intelligence and the Eleventh Innovative Applications of Artificial Intelligence Conference Innovative Applications of Artificial Intelligence, AAAI 1999/IAAI 1999, pp. 291–298. American Association for Artificial Intelligence, Menlo Park (1999)
Lymberopoulos, L., Lupu, E., Sloman, M.: An Adaptive Policy based Management Framework for Differentiated Services Networks. In: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), pp. 147–158. IEEE Computer Society, Washington, DC (2002)
Lymberopoulos, L., Lupu, E., Sloman, M.: An Adaptive Policy-based Framework for Network Services Management. J. Netw. Syst. Manage. 11(3), 277–303 (2003)
Rosen, E., Viswanathan, A., Callon, R.: Multiprotocol Label Switching Architecture. RFC 3031 (Proposed Standard) (January 2001)
Samarati, P., di Vimercati, S.d.C.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 137. Springer, Heidelberg (2001)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. Computer 29(2), 38–47 (1996)
Sloman, M.: Policy Driven Management for Distributed Systems. Journal of Network and Systems Management 2, 333–360 (1994)
Snir, Y., Ramberg, Y., Strassner, J., Cohen, R., Moore, B.: Policy Quality of Service (QoS) Information Model. RFC 3644 (Proposed Standard) (November 2003)
Sophos: Security Threat Report 2012 (2012)
Stone, G.N., Lundy, B., Xie, G.G.: Network Policy Languages: a Survey and a New Approach. IEEE Network 15(1), 10–21 (2001)
The OASIS technical commitee. XACML: eXtensible Access Control Markup Language (2005)
Verma, D., Beigi, M., Jennings, R.: Policy Based SLA Management in Enterprise Networks. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 137–152. Springer, Heidelberg (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hachem, N., Garcia-Alfaro, J., Debar, H. (2013). An Adaptive Mitigation Framework for Handling Suspicious Network Flows via MPLS Policies. In: Riis Nielson, H., Gollmann, D. (eds) Secure IT Systems. NordSec 2013. Lecture Notes in Computer Science, vol 8208. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41488-6_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-41488-6_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41487-9
Online ISBN: 978-3-642-41488-6
eBook Packages: Computer ScienceComputer Science (R0)