Segurança na Internet das Coisas: uma abordagem de SIEM customizável e baseada em Consciência de Situação
Abstract
The objective of this paper is to present a proposal of a SIEM (Security Information and Event Management) academic solution, open-source and customizable, which employs the concepts of Situation Awareness. The proposed solution has been developed as a prototype software, based on middleware for Ubiquitous Computing. Simulations were developed to test the behavior of the solution in detecting security risk situations, which characterized the SIEM solution proposed as stable, flexible, scalable and suitable for Internet of Things.
References
Almeida, R. B. (2013). Segurança da informação e gerenciamento de eventos: Uma abordagem explorando consciência de situação. Monografia de graduação em ciência da computação, Universidade Federal de Pelotas.
Chuvakin, A., Schmidt, K., and Phillips, C. (2012). Logging and Log Management: The Authoritative Guide to Dealing with Syslog, Audit Logs, Events, Alerts and other IT ‘Noise’. Elsevier Science.
Gonzalez, M. H. and Djurica, J. (2015). ISACA Journal v2 - Internet of Things Offers Great Opportunities and Much Risk.
Hewlett-Packard (2014). Acesso em: 26 abr 2014. Hewlett-Packard - SIEM Solution for Enterprise Security Management. Disponível em: http://www8.hp.com/us/en/software-solutions/software.html?compURI=1340477#.UWZDpr_C6a5.
Kent, K. and Souppaya, M. (2006). National Institute of Standards and Tecnology - Special Publication 800-92. Recommendations of the National Institute of Standards and Technology - Guide to Computer Security Log Management.
Korolov, M. (2012). Acesso em: 04 abr 2015. NetworkWorld - Will opensource save the Internet of Things?. Disponível em: http://www.networkworld.com/article/2902231/internet-of-things/will-open-source-save-the-internet-of-things.html?nsdr=true.
Langheinrich, M. (2010). Privacy in Ubiquitous Computing. J. Krumm, ed., CRC Press.
Lopes, J. a. L., Souza, R. S., Geyer, C. R., Costa, C. A., Barbosa, J. V., Gusmão, M. Z., and Yamin, A. C. (2012). A model for context awareness in ubicomp. In Proceedings of the 18th Brazilian Symposium on Multimedia and the Web, WebMedia ’12, pages 161–168, New York, NY, USA. ACM.
McAfee (2013). Acesso em: 26 abr 2014. SIEM Requirements - Focus On Five. Disponível em: http://www.mcafee.com/sg/resources/brochures/br-focus-on-five-siem-requirements.pdf.
Nicolett, M. and Kavanagh, K. M. (2013). Magic quadrant for security information and event management. Technical report, Gartner Group.
Onwubiko, C. (2012). Situational Awareness in Computer Network Defense: Principles, Methods and Applications: Principles, Methods and Applications. Premier reference source. Information Science Reference.
Ponemon (2012). 2012 cost of cyber crime study: United states. Technical report, Ponemon Institute LLC.
Ponemon (2013). The risk of insider fraud: Second annual study. Technical report, Ponemon Institute LLC.
Swift, D. (2010). Successful siem and log management strategies for audit and compliance. Technical report, SANS Institute - InfoSec Reading Room.
Syslog (2013). Acesso em: 26 abr 2014. Logged | Event and Log Management. Disponível em: http://www.syslog.org.
Chuvakin, A., Schmidt, K., and Phillips, C. (2012). Logging and Log Management: The Authoritative Guide to Dealing with Syslog, Audit Logs, Events, Alerts and other IT ‘Noise’. Elsevier Science.
Gonzalez, M. H. and Djurica, J. (2015). ISACA Journal v2 - Internet of Things Offers Great Opportunities and Much Risk.
Hewlett-Packard (2014). Acesso em: 26 abr 2014. Hewlett-Packard - SIEM Solution for Enterprise Security Management. Disponível em: http://www8.hp.com/us/en/software-solutions/software.html?compURI=1340477#.UWZDpr_C6a5.
Kent, K. and Souppaya, M. (2006). National Institute of Standards and Tecnology - Special Publication 800-92. Recommendations of the National Institute of Standards and Technology - Guide to Computer Security Log Management.
Korolov, M. (2012). Acesso em: 04 abr 2015. NetworkWorld - Will opensource save the Internet of Things?. Disponível em: http://www.networkworld.com/article/2902231/internet-of-things/will-open-source-save-the-internet-of-things.html?nsdr=true.
Langheinrich, M. (2010). Privacy in Ubiquitous Computing. J. Krumm, ed., CRC Press.
Lopes, J. a. L., Souza, R. S., Geyer, C. R., Costa, C. A., Barbosa, J. V., Gusmão, M. Z., and Yamin, A. C. (2012). A model for context awareness in ubicomp. In Proceedings of the 18th Brazilian Symposium on Multimedia and the Web, WebMedia ’12, pages 161–168, New York, NY, USA. ACM.
McAfee (2013). Acesso em: 26 abr 2014. SIEM Requirements - Focus On Five. Disponível em: http://www.mcafee.com/sg/resources/brochures/br-focus-on-five-siem-requirements.pdf.
Nicolett, M. and Kavanagh, K. M. (2013). Magic quadrant for security information and event management. Technical report, Gartner Group.
Onwubiko, C. (2012). Situational Awareness in Computer Network Defense: Principles, Methods and Applications: Principles, Methods and Applications. Premier reference source. Information Science Reference.
Ponemon (2012). 2012 cost of cyber crime study: United states. Technical report, Ponemon Institute LLC.
Ponemon (2013). The risk of insider fraud: Second annual study. Technical report, Ponemon Institute LLC.
Swift, D. (2010). Successful siem and log management strategies for audit and compliance. Technical report, SANS Institute - InfoSec Reading Room.
Syslog (2013). Acesso em: 26 abr 2014. Logged | Event and Log Management. Disponível em: http://www.syslog.org.
Published
2015-07-20
How to Cite
ALMEIDA, Ricardo; MACHADO, Roger; DA ROSA, Diórgenes; DAVET, Patrícia; DONATO, Lucas; PERNAS, Ana; YAMIN, Adenauer.
Segurança na Internet das Coisas: uma abordagem de SIEM customizável e baseada em Consciência de Situação. In: INTEGRATED SOFTWARE AND HARDWARE SEMINAR (SEMISH), 42. , 2015, Recife.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2015
.
p. 35-46.
ISSN 2595-6205.
DOI: https://doi.org/10.5753/semish.2015.10197.
