A CONTRACT-BASED EVENT DRIVEN MODEL FOR COLLABORATIVE SECURITY IN FINANCIAL INFORMATION SYSTEMS

Roberto Baldoni, Georgio Lodi, Gregory Chockler, Eliezer Dekel, Barry P. Mulcahy, Giuseppe Martufi

Abstract

This paper introduces a new collaboration abstraction, called em Semantic Room (SR) , specifically targeted to facilitating sharing and processing large volumes of data produced and consumed in real time by a collection of networked participants. The model enables constructing flexible collaborative event-driven distributed systems with well-defined and contractually regulated properties and behavior. The contract determines the set of services provided by SR, the software and hardware resources required for its operation along with a collection of non-functional requirements, such as, data protection, isolation, trust, security, availability, fault-tolerance, and performance. We show how the SR model can be leveraged for creating trusted information processing systems for the sake of protecting financial institutions against coordinated security threats (e.g., stealthy scans, worm outbreaks, Distributed Denial of Service). To this end, we present several use-cases demonstrating a variety of the SR administration task flows, and briefly discuss possible ways of implementing the SR abstraction using the collaborative intrusion detection as an example.

References

  1. (2009). Basel II Accord. http://www.bis.org/bcbs/ bcbscp3.htm.
  2. (2009). Where Complex Event Processing meets Open Source: Esper and NEsper. http://esper.codehaus.org/.
  3. Balakrshnan, B. M. and Stonebraker, H. M. (2004). Contract-based load management in federated distributed systems. In 1st Symposium on Networked Systems Design and Implementation, San Francisco, CA, USA.
  4. Chandy, M. K. (2006). Event-Driven Applications: Costs, Benefits and Design Approaches. Presented at the Gartner Application Integration and Web Services Summit, http://www.infospheres.caltech.edu/node/ 38.
  5. Krügel, C., Toth, T., and Kerer, C. (2001). Decentralized event correlation for intrusion detection. In ICISC, pages 114-131.
  6. Lamanna, D., Skene, J., and Emmerich, W. (2003). Slang: A language for defining service level agreements. In FTDCS 7803: Proceedings of the The Ninth IEEE Workshop on Future Trends of Distributed Computing Systems, page 100, Washington, DC, USA. IEEE Computer Society.
  7. Locasto, M. E., Parekh, J. J., Keromytis, A. D., and Stolfo, S. J. (2005). Towards collaborative security and p2p intrusion detection. In IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY.
  8. Lodi, G., Baldoni, R., Bortnikov, V., Chockler, G., Dekel, E., Laventman, G., and Angori, E. G. (2010a). A Collaborative Environment for Customizable Complex Event Processing in Financial Information Systems. Technical Report MIDLAB 5/2010.
  9. Lodi, G., Baldoni, R., Elshaafi, H., Mulcahy, B., Csertain, G., and Gonczy, L. (2010b). Trust Management in Monitoring Financial Critical Information Infrastructures. In The 2nd International Conference on Mobile Lightweight Wireless Systems - Critical Information Infrastructure Protection Track.
  10. Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., and Weaver, N. (2003a). Inside the Slammer Worm. IEEE Security and Privacy, 1(4):33-39.
  11. Moore, D., Shannon, C., Voelker, G. M., and Savage, S. (2003b). Internet quarantine: Requirements for containing self-propagating code. In INFOCOM.
  12. Xie, Y., Sekar, V., Reiter, M. K., and Zhang, H. (2006). Forensic analysis for epidemic attacks in federated networks. In ICNP, pages 43-53.
Download


Paper Citation


in Harvard Style

Baldoni R., Lodi G., Chockler G., Dekel E., P. Mulcahy B. and Martufi G. (2010). A CONTRACT-BASED EVENT DRIVEN MODEL FOR COLLABORATIVE SECURITY IN FINANCIAL INFORMATION SYSTEMS . In Proceedings of the 12th International Conference on Enterprise Information Systems - Volume 4: ICEIS, ISBN 978-989-8425-07-2, pages 147-153. DOI: 10.5220/0002900001470153


in Bibtex Style

@conference{iceis10,
author={Roberto Baldoni and Georgio Lodi and Gregory Chockler and Eliezer Dekel and Barry P. Mulcahy and Giuseppe Martufi},
title={A CONTRACT-BASED EVENT DRIVEN MODEL FOR COLLABORATIVE SECURITY IN FINANCIAL INFORMATION SYSTEMS},
booktitle={Proceedings of the 12th International Conference on Enterprise Information Systems - Volume 4: ICEIS,},
year={2010},
pages={147-153},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002900001470153},
isbn={978-989-8425-07-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Enterprise Information Systems - Volume 4: ICEIS,
TI - A CONTRACT-BASED EVENT DRIVEN MODEL FOR COLLABORATIVE SECURITY IN FINANCIAL INFORMATION SYSTEMS
SN - 978-989-8425-07-2
AU - Baldoni R.
AU - Lodi G.
AU - Chockler G.
AU - Dekel E.
AU - P. Mulcahy B.
AU - Martufi G.
PY - 2010
SP - 147
EP - 153
DO - 10.5220/0002900001470153