MASSIF: A Promising Solution to Enhance Olympic Games IT Security

Transcription

1 MAnagementof Security information and events in Service InFrastructures MASSIF: A Promising Solution to Enhance Olympic Games IT Security 7th ICGS3 / 4th e-democracy Joint Conferences 2011 August 25 th Thessaloniki (Greece) Elsa Prieto (Atos), R.Díaz (Atos), L.Romano (CINI), R. Rieke (Fraunhofer), M.Achemlal (F. Telecom). Project funded by the European Commission ICT workprogramme 2009 (FP7-ICT )

2 Outlook Olympic Games scenario MASSIF overview and proposal MASSIF progress and next steps 2

3 The Olympic Game Scenario 3

4 The Olympic Games in Numbers Vancouver 2010 Olympic Winter Games Coverage on 300 TV stations 3.5 billion worldwide television viewers 17 daysof competition 50,000 workforce members 50,000 hours of total broadcast 9 venues 275 million visitors in total to official website 96,409 people accredited 15 sport disciplines 10,800 media representatives more than 100 websites worldwide Source: Vancouver Organizing Committee ( 4

5 Olympic Games IT Infrastructure Objective: protect the IT infrastructure from any undesired and/or uncontrolled phenomena which can impact any parts of the result chain and associated services. 5

6 The Olympic Security Infrastructure (AHPS) Atos High Performance Security (AHPS): Millions of raw events reduced to a few considered critical with no impact on the Olympic Games. Challenges and limitations: Need for real-time solutions to Security Events. The number of security event types. The amount of generated events to be handled. Security is focused on Logical (IT) security. Limited service level (business process) events correlation: technology focused. Misuse cases (e.g: low & slow attacks) correlate d events alarms 201 million filtered events 90 critical events 6

7 MASSIF Overview & Proposal 7

8 Why MASSIF? Management of incidents and events (SIEM) Near-real time notification; Proactive management of incidents and events. Limitations of current SIEM solutions: Restriction to infrastructure Inability to interpret events and incidents from other layers Inability to provide high degree if trustworthiness or resilience in the event collection environment No scalability to provide posture of the environments when considering global deployment of ICT infrastructure. 8

9 MASSIF Objectives Development of a new generation SIEM framework for service infrastructures. Security event processing: multi-domain multi-level scalable elastic and distributed intelligent Predictive security monitoring. Trustworthiness & resilience of event collection framework 9

10 MASSIF results will be demonstrated in: Four field scenarios: MASSIF scenarios Olympic Games IT infrastructure Mobile phone based money transfer service Managed Enterprise Service Infrastructures Critical infrastructure process control Existing OS SIEM solutions: 10

11 MASSIF Architecture Overview 11

12 MASSIF Challenges Minimum impact on the monitored system. Collection (Generic Event Translator) High interoperability: heterogeneity of input sources (adaptable parsers) High scalability: handle and propagation of load peaks (no loss). Smart probes (complex event patterns) Processing (engine). High scalability: 100s of thousands of events per second. Parallelization in distributed collectors in a computing cloud. Elasticity: coupling the flow of events. Correlation: Cross-layer: logical security, physical security and service layer. 12

13 MASSIF Challenges (II) Predictive security monitoring: Attack/Process models to derive near-future security problems. Countermeasures selection (ontology-driven). Resilience: Resilient Event Bus (suite of protocols) to secure the information flow. MASSIF Information Switches (MIS) - MASSIF Information Agents (MIA). Overlay network able to deliver messages in a securely and timely way. Incremental resilience strategies. Trusted timestamp. Sensitive Information (forensic support) Least persistence principle. Privacy. Authenticity, confidentiality and unforgeability. 13

14 MASSIF Progress & Next Steps 14

15 2011: 2012: 2013: MASSIF Progress & Next Steps Scenarios characterization. Design & initial developments. Developments Tool adaptation & Integration. First MASSIF workshop. Final developments & integration. Adaptation to scenarios & Evaluation of results Final MASSIF Workshop. Our ambition is to leverage MASSIF results for future Olympic Games events. 15

16 Project Coordinator Contacts Pedro SORIA Scientific Coordinator Technical Coordinator Roland RIEKE Hervé DEBAR Project Website: 16

17 Thank you for your attention! Elsa PRIETO. 17