Titolo: Enabling Collaborative Network Security with...
Casa editrice: Shaker Verlag Jul 2011
Data di pubblicazione: 2011
Condizione libro: Neu
Neuware - Today, there is a fundamental imbalance in cybersecurity. While attackers act more and more globally and coordinated, e.g., by using botnets, their counterparts trying to manage and defend networks are limited to examine local information only. Collaboration across network boundaries would substantially strengthen network defense by enabling collaborative intrusion and anomaly detection. Also, general network management tasks, such as multi-domain traffic engineering and collection of performance statistics, could substantially profit from collaborative approaches. Unfortunately, privacy concerns largely prevent collaboration in multi-domain networking. Data protection legislation makes data sharing illegal in certain cases, especially if PII (personally identifying information) is involved. Even if it were legal, sharing sensitive network internals might actually reduce security if the data fall into the wrong hands. Furthermore, if data are supposed to be aggregated with those of a competitor, sensitive business secrets are at risk. To address these privacy concerns, a large number of data anonymization techniques and tools have been developed. The main goal of these techniques is to sanitize a data set before it leaves an administrative domain. Sensitive information is obscured or completely stripped off the data set. Sanitized properly, organizations can safely share their anonymized data sets and aggregate information. However, these anonymization techniques are generally not lossless. Therefore, organizations face a delicate privacy-utility tradeoff. While stronger sanitization improves data privacy, it also severely impairs data utility. In the first part of this thesis, we analyze the effect of state-of-the-art data anonymization techniques on both data utility and privacy. We find that for some use cases only requiring highly aggregated data, it is possible to find an acceptable tradeoff. However, for anonymization techniques which do not destroy a significant portion of the original information, we show that attackers can easily de-anonymize data sets by injecting crafted traffic patterns into the network. The recovery of these patterns in anonymized traffic makes it easy to map anonymized to real data objects. We conclude that network trace anonymization does not properly protect the privacy of users, hosts, and networks. In the second part of this thesis we explore cryptographic alternatives to anonymization. In particular, we apply secure multiparty computation (MPC) to the problem of aggregating network data from multiple domains. Unlike anonymization, MPC gives information-theoretic guarantees for input data privacy. However, although MPC has been studied substantially for almost 30 years, building solutions that are practical in terms of computation and communication cost is still a major challenge, especially if input data are voluminous as in our scenarios. Therefore, we develop new MPC operations for processing high volume data in near real-time. The prevalent paradigm for designing MPC protocols is to minimize the number of synchronization rounds, i.e., to build constant-round protocols. However, the resulting protocols tend to be inefficient for large numbers of parallel operations. By challenging the constant-round paradigm, we manage to significantly reduce the CPU time and bandwidth consumption of parallel MPC operations. We then implement our optimized operations together with a complete set of basic MPC primitives in the SEPIA library. For parallel invocations, SEPIA's operations are between 35 and several hundred times faster than those of comparable MPC frameworks. Using the SEPIA library, we then design and implement a number of privacy-preserving protocols for aggregating network statistics, such as time series, histograms, entropy values, and distinct item counts. In addition, we devise generic protocols for distributed event correlation and top-k reports. We extensively evaluate the pe. Codice inventario libreria 9783844002454
Metodi di pagamento
La libreria accetta i seguenti metodi di pagamento:
Libreria AbeBooks dal: 11 gennaio 2012
Allgemeine Geschäftsbedingungen (abebooks.de)
Rhein-Team Lörrach, Inhaber Ivano Narducci e.K., Mühlestr. 1
D-79539 Lörrach, nachfolgend als Verkäufer bezeichnet.
§ 1 Allgemeines, Begriffsbestimmungen
(1) Der Verkäufer bietet unter dem Nutzernamen rhein-team unter der Plattform abebooks.de insbesondere Bücher an. Die folgenden Allgemeinen Geschäftsbedingungen (AGB) gelten für die Geschäftsbeziehung zwischen dem Verkäufer und dem Kunden in ihrer zum Zeitpunkt der Bestellung gültigen Fassung. Ferne...[Ulteriori informazioni]
Die Ware wird innerhalb von 1-3 Tagen nach Bestelleingang verschickt. Bitte entnehmen Sie den voraussichtlichen Liefertermin Ihrer Bestellbestätigung. Die Versandkostenpauschalen basieren auf Durchschnittswerten für 1 kg schwere Bücher. Über abweichende Kosten (z.B. wegen eines sehr schweren Buches) werden Sie gegebenenfalls vom Verkäufer informiert.