MUSES: A Corporate User-Centric System which Applies Computational Intelligence Methods

Download MUSES: A Corporate User-Centric System which Applies Computational Intelligence Methods

Post on 10-May-2015

168 views

Category:

Technology

0 download

Embed Size (px)

DESCRIPTION

This work presents the description of the architecture of a novel enterprise security system, still in development, which can prevent and deal with the security flaws derived from the users in a company. Thus, the Multiplatform Usable Endpoint Security system (MUSES) considers diverse factors such as the information distribution, the type of accesses, the context where the users are, the category of users, or the mix between personal and private data, among others. This system includes an event correlator and a risk and trust analysis engine to perform the decision process. MUSES follows a set of defined security rules, according to the enterprise security policies, but it is able to self-adapt the decisions and even create new security rules depending on the user behaviour, the specific device, and the situation or context. To this aim MUSES applies machine learning and computational intelligence techniques which can also be used to predict potential unsafe or dangerous users behaviour.

TRANSCRIPT

<ul><li>1.Project No. 318508 FP7-ICT-2011-8 A corporate user-centric system which applies computational intelligence methods Antonio Mora, Paloma de las Cuevas, J.J. Merelo Sergio Zamarripa, Anna I. Esparcia, Miguel Juan Markus Burvall, Henrik Arfwedson Zardost Hodaie The 29th Annual ACM Symposium on Applied Computing, SAC 2014 Track on Trust, Reputation, Evidence and other Collaboration Know-how (TRECK 2014) Gyeongju (Korea) - 25 March 2014 </li></ul> <p>2. MUSES Project Aims. Architecture Overview. Client Architecture. Server Architecture. Example Self-adaptive Event Correlation. Index 2 SAC 2014 TRECK Gyeongju (Korea) - 25 March 2014 3. Why? - Motivation Perception of the user as the enemy in corporate security. Users perception of security as a hindrance. Need to engage users in security issues: in a friendly way respecting their privacy increasing their trust New challenges: multiple devices, mobility, BYOD policies, vanishing borders between personal &amp; work environments 3 SAC 2014 TRECK Gyeongju (Korea) - 25 March 2014 4. What? - Solution A corporate security system that is device independent user-centric self-adaptive able to analyse risk and trust in real time multiplatform open source Takes into account the corporate, technical, legal, social and economic contexts. 4 SAC 2014 TRECK Gyeongju (Korea) - 25 March 2014 5. Architecture Overview 5 SAC 2014 TRECK Gyeongju (Korea) - 25 March 2014 6. High computational power will be needed: Real-Time Event Correlation + Risk and Trust analysis. Data mining and Computational Intelligence methods. There are two different sides in the system: Mobile and portable devices (client). Enterprise (server). Client/Server Rationale 6 SAC 2014 TRECK Gyeongju (Korea) - 25 March 2014 7. Architecture Overview Web MUSES ClientMUSES Server Secure Channel HTTPS / REST / Web Service Connection Manager Connection Manager 7 SAC 2014 TRECK Gyeongju (Korea) - 25 March 2014 8. Online (device can connect with the MUSES server): It is possible to request the server to make a decision. Offline (device cannot connect with the MUSES server): All the decisions should be made in the device. The information gathered should be stored for later submission (when a connection is available). Working Modes 8 SAC 2014 TRECK Gyeongju (Korea) - 25 March 2014 9. General Architecture Overview 9 SAC 2014 TRECK Gyeongju (Korea) - 25 March 2014 10. Client Architecture MUSES Client Connection Manager 10 SAC 2014 TRECK Gyeongju (Korea) - 25 March 2014 11. Client Architecture. Modules z MUSES Aware App Non MUSES aware App OS MUSES User Interface Access Control System (MusACS) Device Monitor (MusDM) Local Database Info DB Info SS Info M Info CT Info U Info UInfo AP Info AP Info SS* Connection Manager Info D External Communications Internal Communications Developed by MUSES Not entirely developed by MUSES Info OS 11 12. Client Architecture. Submodules Security Policy Receiver MUSES Aware App Non MUSES aware App OS MUSES User Interface MusACS User, Context, Event Handler Decision Maker MusDM Local Database Event Cache Decision Table Local Security Info DB Info D Info SS Info D User Context Monitoring System Actuator Info M Info CT Info DC Info U Info UInfo AP Info U Info OS Info SS* Connection Manager External Communications Internal Communications Developed by MUSES Not entirely developed by MUSES 12 13. Server Architecture MUSES Server Connection Manager 13 SAC 2014 TRECK Gyeongju (Korea) - 25 March 2014 14. Server Architecture. Modules Security Policies/Risk Management Info PV Info PD Privacy Enhancing System Info SS User, Context, Event Data Receiver Info DB Info M Info DB-RT Info SS* Info M DATABASE Enterprise Security Log Security Rules Event Correlation User Behaviour Trust Data and Profiles Connection Manager Info KN Info DB Knowledge Refinement System (MusKRS) Continuous Real-Time Event Processor (MusCRTEP) RT2AE (Real Time - Risk and Trust Analysis Engine) External Communications Internal Communications Developed by MUSES Not entirely developed by MUSES 14 15. Server Architecture. Submodules Security Policies/Risk Management Info PV Info PD Privacy Enhancing System Info SS User, Context, Event Data Receiver Info DB Info M Info DB-RT Info SS* MusKRS Knowledge Compiler Data Miner Info DM MusCRTEP Event Processor RT2AE Policy Selector Policy Transmitter Info E Info D Info M DATABASE Enterprise Security Log Security Rules Event Correlation User Behaviour Trust Data and Profiles Connection Manager Info RT Info KN Info DB External Communications Internal Communications Developed by MUSES Not entirely developed by MUSES 15 16. 16 Web Users DeviceCompany Server Non-Secure Connection Connection Manager Connection Manager Workflow Example: Attempt to upload file via a non-secure connection SAC 2014 TRECK Gyeongju (Korea) - 25 March 2014 17. vSystem Actuator Event Cache Local Security Workflow Example: Attempt to upload file using a MUSES-aware application via a non-secure connection Security Policy Receiver Non MUSES aware App OS MUSES User Interface MusACS Decision Maker MusDM Local Database Decision Table Connection Manager User, Context, Event Handler User Context Monitoring MUSES Aware App 17 18. vSystem Actuator Event Cache Local Security Workflow Example: Attempt to upload file using a MUSES-aware application via a non-secure connection Security Policy Receiver Non MUSES aware App OS MUSES User Interface MusACS Decision Maker MusDM Local Database Decision Table Connection Manager User, Context, Event Handler User Context Monitoring MUSES Aware App 18 19. Security Policies/Risk Management Privacy Enhancing System MusKRS Knowledge Compiler Data Miner MusCRTEP RT2AE Policy Selector Policy Transmitter DATABASE Enterprise Security Log Security Rules Event Correlation User Behaviour Trust Data and Profiles Connection Manager User, Context, Event Data Receiver Workflow Example: Attempt to upload file using a MUSES-aware application via a non-secure connection Event Processor 19 20. g Security Policies/Risk Management Privacy Enhancing System MusKRS Knowledge Compiler Data Miner MusCRTEP Event Processor RT2AE Policy Selector Policy Transmitter DATABASE Enterprise Security Log Security Rules Event Correlation User Behaviour Trust Data and Profiles Connection Manager User, Context, Event Data Receiver Workflow Example: Attempt to upload file using a MUSES-aware application via a non-secure connection 20 21. Event Cache Local Security v User Context Monitoring MUSES Aware App Non MUSES aware App OS MUSES User Interface MusACS MusDM Local Database Decision Table Connection Manager System Actuator Security Policy Receiver Workflow Example: Attempt to upload file using a MUSES-aware application via a non-secure connection User, Context, Event Handler Decision Maker 21 22. v User Context Monitoring Local Security Event Cache Security Policy Receiver MUSES Aware App Non MUSES aware App OS MUSES User Interface MusACS MusDM Local Database Decision Table Connection Manager User, Context, Event Handler System Actuator Workflow Example: Attempt to upload file using a MUSES-aware application via a non-secure connection Decision Maker 22 23. Self-adaptive Event Correlation 23 SAC 2014 TRECK Gyeongju (Korea) - 25 March 2014 24. Rule refinement example Application: Corporate application that takes pictures and it uploads them to a server. Policy: Any employee of the company is allowed to take and upload pictures to corporate servers, only using corporate applications. Long term observation: If the application is used outside of the building, some security risks are observed. Proposed refined rules would require stronger authentication depending on location, to allow uploading pictures 24 SAC 2014 TRECK Gyeongju (Korea) - 25 March 2014 25. Conceptual model (1) Initial rules Data mining Rule refinement Rule adjustment Evaluation 25 SAC 2014 TRECK Gyeongju (Korea) - 25 March 2014 26. Conceptual model (2) Knowledge Compiler Data Miner KRS BigData Event Processor Policy Selector Refined rules Event Event Event RT2AE 26 SAC 2014 TRECK Gyeongju (Korea) - 25 March 2014 27. Data Miner: Classification assign classes to new patterns. Clustering group similar patterns (search for anomalous) Feature Selection remove less significant variables. Data Visualization show data information for a controller Knowledge Compiler: Adapt existing rules adjust them to improve the pattern covering (Evolutionary Algorithms). Infer/create new rules to deal with new detected situations (Genetic Programming). Knowledge Refinement System 27 SAC 2014 TRECK Gyeongju (Korea) - 25 March 2014 28. THANK YOU! QUESTIONS? Knowledge Refinement System 28 SAC 2014 TRECK Gyeongju (Korea) - 25 March 2014 </p>