ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A privacy-preserving interdomain audit framework
Full text PdfPdf (4.55 MB)
Source Workshop On Privacy In The Electronic Society archive
Proceedings of the 5th ACM workshop on Privacy in electronic society table of contents
Alexandria, Virginia, USA
SESSION: Privacy preservation and social issues table of contents
Pages: 99 - 108  
Year of Publication: 2006
ISBN:1-59593-556-8
Authors
Adam J. Lee  University of Illinois at Urbana-Champaign, Urbana, IL
Parisa Tabriz  University of Illinois at Urbana-Champaign, Urbana, IL
Nikita Borisov  University of Illinois at Urbana-Champaign, Urbana, IL
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): n/a,   Downloads (12 Months): n/a,   Citation Count: 2
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1179601.1179620
What is a DOI?

ABSTRACT

Recent trends in Internet computing have led to the popularization of many forms of virtual organizations. Examples include supply chain management, grid computing, and collaborative research environments like PlanetLab. Unfortunately, when it comes to the security analysis of these systems, the whole is certainly greater than the sum of its parts. That is, local intrusion detection and audit practices are insufficient for detecting distributed attacks such as coordinated network reconnaissance, stepping-stone attacks, and violations of application-level trust constraints between security domains. A distributed process that coordinates information from each member could detect these types of violations, but privacy concerns between member organizations or safety concerns about centralizing sensitive information often restrict this level of information flow. In this paper, we propose a privacy-preserving framework for distributed audit that allows member organizations to detect distributed attacks without requiring the release of excessive private information. We discuss both the architecture and mechanisms used in our approach and comment on the performance of a prototype implementation.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
G. Aggarwal, N. Mishra, and B. Pinkas. Secure computation of the k-th ranked element. In Eurocrypt, May 2004.
2
Rakesh Agrawal , Alexandre Evfimievski , Ramakrishnan Srikant, Information sharing across private databases, Proceedings of the 2003 ACM SIGMOD international conference on Management of data, June 09-12, 2003, San Diego, California  [doi>10.1145/872757.872771]
3
Mikhail Atallah , Marina Bykova , Jiangtao Li , Keith Frikken , Mercan Topkara, Private collaborative forecasting and benchmarking, Proceedings of the 2004 ACM workshop on Privacy in the electronic society, October 28-28, 2004, Washington DC, USA  [doi>10.1145/1029179.1029204]
 
4
J. Bethencourt, J. Franklin, and M. Vernon. Mapping internet sensors with probe response attacks. In Proceedings of the USENIX Security Symposium, August 2005.
5
Burton H. Bloom, Space/time trade-offs in hash coding with allowable errors, Communications of the ACM, v.13 n.7, p.422-426, July 1970  [doi>10.1145/362686.362692]
6
Emmanuel Bresson , Olivier Chevassut , David Pointcheval , Jean-Jacques Quisquater, Provably authenticated group Diffie-Hellman key exchange, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA  [doi>10.1145/501983.502018]
 
7
California Senate Bill SB 1386, Sept. 2002. http://info.sen.ca.gov/pub/01-02/bill/sen/sb 1351-1400/ sb 1386 bill 20020926 chaptered.html.
 
8
H. Debar, D. Curry, and B. Feinstein. Intrusion detection message exchange format. IETF Internet-Draft, Jan. 2005. hhttp://www3.ietf.org/proceedings/05mar/ IDs/draft-ietf-idwg-idmef-xml-14.txti.
 
9
DeepSight analyzer. Web site, 2006. hhttp://analyzer.symantec.com/i.
 
10
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Oct. 1995. Available at http: //ec.europa.eu/justice home/fsj/privacy/law/index en.htm.
 
11
DShield-distributed intrustion detection system. Web Page, 2006. hhttp://www.dshield.orgi.
 
12
F. Emekci, D. Agrawal, and A. E. Abbadi. ABACUS: A distributed middleware for privacy preserving data sharing across private data warehouses. In Proceedings of Middleware 2005, volume 3790 of Lecture Notes in Computer Science, pages 21--41. Springer-Verlag, 2005.
 
13
Jinliang Fan , Jun Xu , Mostafa H. Ammar , Sue B. Moon, Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.46 n.2, p.253-272, 7 October 2004  [doi>10.1016/j.comnet.2004.03.033]
14
Tal Garfinkel , Ben Pfaff , Jim Chow , Mendel Rosenblum , Dan Boneh, Terra: a virtual machine-based platform for trusted computing, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
 
15
O. Goldreich. Secure multi-party computation. Working draft, Version 1.4, Oct. 2002. hhttp://www.wisdom.weizmann.ac.il/~odedg/pp.htmli.
 
16
Hillol Kargupta , Souptik Datta , Qi Wang , Krishnamoorthy Sivakumar, Random-data perturbation techniques and privacy-preserving data mining, Knowledge and Information Systems, v.7 n.4, p.387-414, May 2005  [doi>10.1007/s10115-004-0173-6]
 
17
S. Katti, B. Krishnamurthy, and D. Katabi. Collaborating against common enemies. In Internet Measurement Conference, 2005.
 
18
Tadayoshi Kohno , Andre Broido , K. C. Claffy, Remote Physical Device Fingerprinting, IEEE Transactions on Dependable and Secure Computing, v.2 n.2, p.93-108, April 2005  [doi>10.1109/TDSC.2005.26]
 
19
H. Krawczyk , M. Bellare , R. Canetti, HMAC: Keyed-Hashing for Message Authentication, RFC Editor, 1997
 
20
P. Lincoln, P. Porras, and V. Shmatikov. Privacy-preserving sharing and correlation of security alerts. In Proceedings of the 13th USENIX Security Symposium, Aug. 2004.
 
21
McAfee IntruShield Security Manager. Web site, May 2006. hhttp: //www.mcafee.com/us/enterprise/products/network intrusion prevention/intrushield security management system.htmli.
 
22
A. Mounji , B. Le Charlier , D. Zampunieris , N. Habra, Distributed audit trail analysis, Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95), p.102, February 16-17, 1995
 
23
P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In J. Stern, editor, Advances in Cryptology-EUROCRYPT '99, volume 1592 of Lecture Notes in Computer Science, pages 223--238. Springer-Verlag, 1999.
24
Ruoming Pang , Mark Allman , Vern Paxson , Jason Lee, The devil and packet trace anonymization, ACM SIGCOMM Computer Communication Review, v.36 n.1, January 2006  [doi>10.1145/1111322.1111330]
25
Ruoming Pang , Vern Paxson, A high-level programming environment for packet trace anonymization and transformation, Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, August 25-29, 2003, Karlsruhe, Germany  [doi>10.1145/863955.863994]
 
26
Vern Paxson, Bro: a system for detecting network intruders in real-time, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.31 n.23-24, p.2435-2463, Dec. 1999  [doi>10.1016/S1389-1286(99)00112-7]
 
27
Planetlab. Web site, May 2006. hhttp://www.planet-lab.org/php/pr/i.
 
28
P. Roberts. Update: Hackers breach supercomputer centers. COMPUTERWORLD Security, Apr. 2004. hhttp: //www.teragrid.org/news/apps/0404/computerworld2.htmli.
 
29
M. Roesch. Snort, intrusion detection system. Web site, May 2006. hhttp://www.snort.orgi.
 
30
A. Slagell, K. Lakkaraju, and K. Luo. FLAIM: A multi-level anonymization framework for computer and network logs. In 20th USENIX Large Installation System Administration Conference, Dec. 2006.
 
31
S. R. Snapp, J. Brentano, G. V. Dias, T. L. Goan, L. T. Heberlein, C.-L. Ho, K. N. Levitt, B. Mukherjee, S. E. Smaha, T. Grance, D. M. Teal, and D. Mansur. DIDS (distributed intrusion detection system) -- motivation, architecture, and an early prototype. In Proc. 14th NIST-NCSC National Computer Security Conference, 1991.
32
Michael Steiner , Gene Tsudik , Michael Waidner, Diffie-Hellman key distribution extended to group communication, Proceedings of the 3rd ACM conference on Computer and communications security, p.31-37, March 14-15, 1996, New Delhi, India  [doi>10.1145/238168.238182]
 
33
Tcpdump public repository. Web site, May 2006. hhttp://www.tcpdump.orgi.
34
Vassilios S. Verykios , Elisa Bertino , Igor Nai Fovino , Loredana Parasiliti Provenza , Yucel Saygin , Yannis Theodoridis, State-of-the-art in privacy preserving data mining, ACM SIGMOD Record, v.33 n.1, March 2004  [doi>10.1145/974121.974131]
 
35
Yu-Sung Wu , Bingrui Foo , Yongguo Mei , Saurabh Bagchi, Collaborative Intrusion Detection System (CIDS): A Framework for Accurate and Efficient IDS, Proceedings of the 19th Annual Computer Security Applications Conference, p.234, December 08-12, 2003
 
36
A. C. Yao. Protocols for secure computation. In Proceedings of the 23rd IEEE Symposium on the Foundations of Computer Science, 1982.
 
37
V. Yegneswaran, P. Barford, and S. Jha. Global intrusion detection in the DOMINO overlay system. In Proceedings of the The 11th Annual Network and Distributed System Security Symposium (NDSS'04), 2004.
 
38
T. Ylonen and C. Lonvick. The secure shell (SSH) transport layer protocol. IETF RFC 4253, Jan. 2006. hhttp://www.ietf.org/rfc/rfc4253.txti.
 
39
Y. Zhang and V. Paxson. Detecting stepping stones. In Proceedings of the 9th Annual USENIX Security Symposium, Aug. 2000.

CITED BY  2
Norleyza Jailani , Noor Faezah Mohd Yatim , Yazrina Yahya , Ahmed Patel , Mazliza Othman, Secure and auditable agent-based e-marketplace framework for mobile users, Computer Standards & Interfaces, v.30 n.4, p.237-252, May, 2008
Florian Kerschbaum, Distance-preserving pseudonymization for timestamps and spatial data, Proceedings of the 2007 ACM workshop on Privacy in electronic society, October 29-29, 2007, Alexandria, Virginia, USA

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.3 INFORMATION STORAGE AND RETRIEVAL
      H.3.2 Information Storage

Additional Classification:
  E. Data
  E.2 DATA STORAGE REPRESENTATIONS
  E.3 DATA ENCRYPTION


General Terms:
Design, Security


Keywords:
data obfuscation, distributed audit, logging

Collaborative Colleagues:
Adam J. Lee: colleagues
Parisa Tabriz: colleagues
Nikita Borisov: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player