CT-T: Establishing a Cross-Institutional Platform for Cooperative Security Monitoring and Forensics

CT-T：建立跨机构合作安全监控和取证平台

• 批准号: 0716640
• 负责人: Vern Paxson
• 金额: $ 69.98万
• 依托单位: International Computer Science Institute
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2007
• 资助国家: 美国
• 起止时间: 2007-10-01 至 2011-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0716640&HistoricalAwards=false
• 关键词: CT; Establishing; Cross; Institutional; Platform

National Science FoundationCISE/CNSForm 7 Review Analysis and RecommendationProposal Number: 0716640PI: Vern PaxsonInstitution: International Computer Science Institute, University of California BerkeleyLeadProposal AbstractCT-T: Establishing a Cross-Institutional Platform for Cooperative Security Monitoring and ForensicsAlthough there has been much research in developing systems for globally sharing security information, often these approaches are fundamentally limited because their broad scope limits the trust that participants can place in the system. This project instead seeks to reap significantly greater utility by considering a more restricted scope: a system for coordinated security analysis based on exchanging information between a set of sites who have explicitly decided to work with each other. This more limited scope optimizes for the common case that in such an environment the participating sites will usually (but not always) act in a responsible manner.A key focus of the project concerns automating the steps commonly involved in security monitoring and forensic analysis while still keeping an analyst "in the loop" for significant decisions. As security problems arise, a site detecting an incident codifies a description of the attack in an "analysis script" to export to other sites. Analysts receiving such scripts inspect them to determine whether they are of interest. If so, they can instruct the system to conduct both a retrospective search for the activity in the past, and refine the site's monitoring configurations to detect future instances.As validating such an approach requires operational deployment, the project seeks to demonstrate a working system for coordinating analysis between the Lawrence Berkeley National Laboratory, the National Energy Research Scientific Computing Center, and the University of California at Berkeley.

美国国家科学基金会CISE/CNSForm 7评审分析和建议提案编号：0716640 PI：Vern Paxson机构：加州伯克利大学国际计算机科学研究所领导提案摘要CT-T：建立一个跨机构的合作安全监测和法医平台虽然在开发全球共享安全信息的系统方面已经有了很多研究，这些方法往往从根本上受到限制，因为它们的范围很广，限制了参与者对系统的信任。 相反，该项目试图通过考虑更有限的范围来获得更大的效用：一个基于一组明确决定相互合作的网站之间交换信息的协调安全分析系统。 这种更有限的范围优化了常见情况，即在这种环境中，参与站点通常（但不总是）以负责任的方式行事。该项目的一个关键重点是自动化安全监控和取证分析中通常涉及的步骤，同时仍让分析师“参与”重大决策。 当安全问题出现时，检测到事件的站点将攻击描述编入“分析脚本”中，以导出到其他站点。 收到这些脚本的分析师会检查它们，以确定它们是否感兴趣。 如果是这样，他们可以指示系统对过去的活动进行回顾性搜索，并改进现场的监测配置以检测未来的情况。由于验证这种方法需要操作部署，该项目试图展示一个工作系统，用于协调劳伦斯伯克利国家实验室，国家能源研究科学计算中心，和位于伯克利的加州大学。