Criação e Gerenciamento de Composições de IDSs
Resumo
Este artigo apresenta uma nova abordagem para a construção de composições de Sistemas de Detecção de Intrusão (IDSs) baseada no conceito de orquestração de serviços. Esta abordagem permite a construção de IDSs mais cooperativos, flexíveis e adequados para ambientes heterogêneos, sobretudo aqueles formados por sistemas de larga escala que fazem uso da Internet. Os IDSs e seus componentes são combinados utilizando a arquitetura orientada a serviço, suportada pela tecnologia de Web Services. A interoperabilidade entre os diversos elementos de uma composição é obtida a partir do amplo emprego de esforços de padronização, sobretudo da IETF, W3C e OASIS. Este documento descreve uma infraestrutura de serviços e suportes proposta para a criação e operação destas composições de IDSs, focando na criação e gerenciamento das composições.Referências
Alessandri, D., et al. (2001). Towards a taxonomy of intrusion detection systems and attacks. MAFTIA Deliverable D3, EU Project IST-1999-11583 Malicious-and Accidental-Fault Tolerance for Internet Applications (MAFTIA). Version 1.01.
Andrews, T., et al. (2003). Business Process Execution Language for Web Services. Version 1.1 - 5 May 2003.
Austin, D., et al. (2004). Web services choreography requirements. W3c working draft 11.
Axelsson, S. (2000). Intrusion detection systems: A survey and taxonomy. Technical Report 99-15, Department of Computer Engineering, Chalmers University of Technology, SE-412 96 Göteborg, Sweden.
Bace, R. and Mell P. (2001). Intrusion Detection Systems. NIST Special Publication on Intrusion Detection System.
Bass, T. (2004). Service-oriented horizontal fusion in distributed coordination-based systems. IEEE MILCOM 2004.
Bray, T., Paoli, J., and Sperberg-McQueen, C. M. (2004). Extensible markup language (XML) 1.0 (third edition)”. Technical report, W3C.
Brandão, J. E., Fraga, J. S. , and Mafra, P. M. (2005). Composição de IDSs Usando Web Services. Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg2005). p. 339-342.
Brandão, J. E., Fraga, J. S. , and Mafra, P. M. (2006). A New Approach for IDS Composition. In IEEE International Conference on Communications (ICC 2006), Istambul, Turquia. IEEE.
Danyliw, R., Meijer, J., and Demchenko, Y. (2006). The incident object description exchange format data model and xml implementation. Technical Report draft-inch-ietfiodef-06.txt, IETF Extended Incident Handling WG.
Debar, H., Curry, D., and Feinstein, B. (2006). The intrusion detection message exchange format. Technical Report draft-ietfidwg-idmef-xml-16, IETF.
Debar, H., Dacier, M., and Wespi, A. (2000). A revised taxonomy for intrusion detection systems. Annales des Telecommunications, 55(7–8):361–378.
Eastlake, D., Reagle, J., and Solo, D. (2002). (extensible markup language) xml-signature syntax and processing. Request for Comments 3275, Internet Engineering Task Force.
Esfandiari, B. and Tosic, V. (2005). Towards a web service composition management framework. In proceedings of IEEE International Conference on Web Services (ICWS’05), pages 419–426. IEEE.
Feinstein, B., Matthews, G., and White, J. (2002). The intrusion detection exchange protocol (idxp). Technical Report draft-ietf-idwg-beep-idxp-07, IETF.
Imamura, T., Dillaway, B., and Simon, E. (2002). Xml encryption syntax and processing, w3c recommendation. Technical report, W3C.
ITU-T (1993). ITU-T recommendation x.509.
Keeni, G., Danyliw, R., and Demchenko, Y., (2006). Requirements for the Format for Incident Information Exchange (FINE). Technical Report draft-ietf-inch-requirements-08.txt, IETF.
Leu, F.-Y., et al.. (2005). Integrating grid with intrusion detection. In AINA, pages 304–309.
McHugh, J. (2001). Intrusion and intrusion detection. Int. J. Inf. Sec., 1(1):14–35.
OASIS (2004a). UDDI version 3.0.2. OASIS UDDI Spec Technical Committee Draft.
OASIS (2004b). Web Services distributed management: Management using Web Services (muws 1.0) part 2 - Web Services distributed management: Management of Web Services (wsdm-mows) 1.0. OASIS Web Services Distributed Management (WSDM) TC.
OASIS (2004c). Web Services security: SOAP message security 1.0. [link].
OASIS (2005a) Business Process Execution Language for Web Services. Version 2.0 - Committee Draft, 01 September 2005.
OASIS (2005b). Web Services Base Notification 1.3. OASIS Web Services Notification (WSN) TC.
Park, S., Kim, K., Jang, J., and Noh B. (2003). Supporting Interoperability to Heterogeneous IDS in Secure Networking Framework. APCC Communications, 2(21-24):844 – 848.
Peltz, C. (2003). Web Services orchestration and choreography. IEEE Computer, 36(10):46–52.
Reagle, J. (2000). XML signature requirements. Request for Comments 2807, Internet Engineering Task Force.
Reagle, J. (2002). Xml encryption requirements. Note 04, W3C.
Teo, L., Zheng, Y., and Ahn, G.-J. (2003). Intrusion detection force: An infrastructure for internet-scale intrusion detection. In First IEEE International Information Assurance Workshop (IWIA 2003), pages 73–88, Germany.
Tolba, M., et al. (2005). Gida: Toward enabling grid intrusion detection systems. 5 th IEEE International Symposium on Cluster Computing and the Grid.
Vambenepe, W., et al. (2005). Dealing with scale and adaptation of global Web Services management. In proceedings of IEEE International Conference on Web Services (ICWS’05), pages 339–346. IEEE.
Vigna, G., Valeur, F., and Kemmerer, R. A. (2003). Designing and implementing a family of intrusion detection systems. In ESEC/FSE-11: Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering, pages 88–97, New York, NY, USA. ACM Press.
W3C (2003). Soap version 1.2. W3C World Wide Web Consortium.
W3C (2004). Web Services Architecture. W3C Working Group Note 11.
W3C (2005). Web Services Description Language (WSDL) version 2.0 part 1: Core language. W3C Working Draft.
Wang, H., Huang, J. Z., Qu, Y., and Xie, J. (2004). Web Services: problems and future directions.
Web Semantics: Science, Services and Agents on the World Wide Web, 1(3):309–320.
Wood, M. and Erlinger, M. (2002). Intrusion detection message exchange requirements. Technical Report draft-ietf-idwg-requirements-10, IETF.
Yegneswaran, V., Barford, P., and Jha, S. (2004). Global intrusion detection in the domino overlay system. In NDSS, San Diego, California, USA. The Internet Society.
Andrews, T., et al. (2003). Business Process Execution Language for Web Services. Version 1.1 - 5 May 2003.
Austin, D., et al. (2004). Web services choreography requirements. W3c working draft 11.
Axelsson, S. (2000). Intrusion detection systems: A survey and taxonomy. Technical Report 99-15, Department of Computer Engineering, Chalmers University of Technology, SE-412 96 Göteborg, Sweden.
Bace, R. and Mell P. (2001). Intrusion Detection Systems. NIST Special Publication on Intrusion Detection System.
Bass, T. (2004). Service-oriented horizontal fusion in distributed coordination-based systems. IEEE MILCOM 2004.
Bray, T., Paoli, J., and Sperberg-McQueen, C. M. (2004). Extensible markup language (XML) 1.0 (third edition)”. Technical report, W3C.
Brandão, J. E., Fraga, J. S. , and Mafra, P. M. (2005). Composição de IDSs Usando Web Services. Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg2005). p. 339-342.
Brandão, J. E., Fraga, J. S. , and Mafra, P. M. (2006). A New Approach for IDS Composition. In IEEE International Conference on Communications (ICC 2006), Istambul, Turquia. IEEE.
Danyliw, R., Meijer, J., and Demchenko, Y. (2006). The incident object description exchange format data model and xml implementation. Technical Report draft-inch-ietfiodef-06.txt, IETF Extended Incident Handling WG.
Debar, H., Curry, D., and Feinstein, B. (2006). The intrusion detection message exchange format. Technical Report draft-ietfidwg-idmef-xml-16, IETF.
Debar, H., Dacier, M., and Wespi, A. (2000). A revised taxonomy for intrusion detection systems. Annales des Telecommunications, 55(7–8):361–378.
Eastlake, D., Reagle, J., and Solo, D. (2002). (extensible markup language) xml-signature syntax and processing. Request for Comments 3275, Internet Engineering Task Force.
Esfandiari, B. and Tosic, V. (2005). Towards a web service composition management framework. In proceedings of IEEE International Conference on Web Services (ICWS’05), pages 419–426. IEEE.
Feinstein, B., Matthews, G., and White, J. (2002). The intrusion detection exchange protocol (idxp). Technical Report draft-ietf-idwg-beep-idxp-07, IETF.
Imamura, T., Dillaway, B., and Simon, E. (2002). Xml encryption syntax and processing, w3c recommendation. Technical report, W3C.
ITU-T (1993). ITU-T recommendation x.509.
Keeni, G., Danyliw, R., and Demchenko, Y., (2006). Requirements for the Format for Incident Information Exchange (FINE). Technical Report draft-ietf-inch-requirements-08.txt, IETF.
Leu, F.-Y., et al.. (2005). Integrating grid with intrusion detection. In AINA, pages 304–309.
McHugh, J. (2001). Intrusion and intrusion detection. Int. J. Inf. Sec., 1(1):14–35.
OASIS (2004a). UDDI version 3.0.2. OASIS UDDI Spec Technical Committee Draft.
OASIS (2004b). Web Services distributed management: Management using Web Services (muws 1.0) part 2 - Web Services distributed management: Management of Web Services (wsdm-mows) 1.0. OASIS Web Services Distributed Management (WSDM) TC.
OASIS (2004c). Web Services security: SOAP message security 1.0. [link].
OASIS (2005a) Business Process Execution Language for Web Services. Version 2.0 - Committee Draft, 01 September 2005.
OASIS (2005b). Web Services Base Notification 1.3. OASIS Web Services Notification (WSN) TC.
Park, S., Kim, K., Jang, J., and Noh B. (2003). Supporting Interoperability to Heterogeneous IDS in Secure Networking Framework. APCC Communications, 2(21-24):844 – 848.
Peltz, C. (2003). Web Services orchestration and choreography. IEEE Computer, 36(10):46–52.
Reagle, J. (2000). XML signature requirements. Request for Comments 2807, Internet Engineering Task Force.
Reagle, J. (2002). Xml encryption requirements. Note 04, W3C.
Teo, L., Zheng, Y., and Ahn, G.-J. (2003). Intrusion detection force: An infrastructure for internet-scale intrusion detection. In First IEEE International Information Assurance Workshop (IWIA 2003), pages 73–88, Germany.
Tolba, M., et al. (2005). Gida: Toward enabling grid intrusion detection systems. 5 th IEEE International Symposium on Cluster Computing and the Grid.
Vambenepe, W., et al. (2005). Dealing with scale and adaptation of global Web Services management. In proceedings of IEEE International Conference on Web Services (ICWS’05), pages 339–346. IEEE.
Vigna, G., Valeur, F., and Kemmerer, R. A. (2003). Designing and implementing a family of intrusion detection systems. In ESEC/FSE-11: Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering, pages 88–97, New York, NY, USA. ACM Press.
W3C (2003). Soap version 1.2. W3C World Wide Web Consortium.
W3C (2004). Web Services Architecture. W3C Working Group Note 11.
W3C (2005). Web Services Description Language (WSDL) version 2.0 part 1: Core language. W3C Working Draft.
Wang, H., Huang, J. Z., Qu, Y., and Xie, J. (2004). Web Services: problems and future directions.
Web Semantics: Science, Services and Agents on the World Wide Web, 1(3):309–320.
Wood, M. and Erlinger, M. (2002). Intrusion detection message exchange requirements. Technical Report draft-ietf-idwg-requirements-10, IETF.
Yegneswaran, V., Barford, P., and Jha, S. (2004). Global intrusion detection in the domino overlay system. In NDSS, San Diego, California, USA. The Internet Society.
Publicado
28/08/2006
Como Citar
BRANDÃO, José Eduardo M. S.; FRAGA, Joni da Silva; MAFRA, Paulo Manoel.
Criação e Gerenciamento de Composições de IDSs. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 6. , 2006, Santos.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2006
.
p. 152-165.
DOI: https://doi.org/10.5753/sbseg.2006.20946.