This work presents the description of the architecture of a novel enterprise security system, still in development, which can prevent and deal with the security flaws derived from the users in a company. Thus, the Multiplatform Usable Endpoint Security system (MUSES) considers diverse factors such as the information distribution, the type of accesses, the context where the users are, the category of users, or the mix between personal and private data, among others.
This system includes an event correlator and a risk and trust analysis engine to perform the decision process. MUSES follows a set of defined security rules, according to the enterprise security policies, but it is able to self-adapt the decisions and even create new security rules depending on the user behaviour, the specific device, and the situation or context.
To this aim MUSES applies machine learning and computational intelligence techniques which can also be used to predict potential unsafe or dangerous user’s behaviour.
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
MUSES: A Corporate User-Centric System which Applies Computational Intelligence Methods
1. Project No. 318508 FP7-ICT-2011-8
A corporate user-centric system
which applies
computational intelligence methods
Antonio Mora, Paloma de las Cuevas, J.J. Merelo
Sergio Zamarripa, Anna I. Esparcia, Miguel Juan
Markus Burvall, Henrik Arfwedson
Zardost Hodaie
The 29th Annual ACM Symposium on Applied Computing, SAC 2014
Track on Trust, Reputation, Evidence and other Collaboration Know-how
(TRECK 2014)
Gyeongju (Korea) - 25 March 2014
2. • MUSES Project Aims.
• Architecture Overview.
• Client Architecture.
• Server Architecture.
• Example
• Self-adaptive Event Correlation.
Index
2 SAC 2014 – TRECK – Gyeongju (Korea) - 25 March 2014
3. Why? - Motivation
• Perception of the user as “the enemy” in corporate
security.
• Users’ perception of security as a hindrance.
• Need to engage users in security issues:
– in a friendly way
– respecting their privacy
– increasing their trust
• New challenges: multiple devices, mobility, BYOD policies,
vanishing borders between personal & work
environments…
3 SAC 2014 – TRECK – Gyeongju (Korea) - 25 March 2014
4. What? - Solution
• A corporate security system that is
– device independent
– user-centric
– self-adaptive
– able to analyse risk and trust in real time
– multiplatform
– open source
• Takes into account the corporate, technical, legal,
social and economic contexts.
4 SAC 2014 – TRECK – Gyeongju (Korea) - 25 March 2014
6. • High computational power will be needed:
– Real-Time Event Correlation + Risk and Trust analysis.
– Data mining and Computational Intelligence methods.
• There are two different sides in the system:
– Mobile and portable devices (client).
– Enterprise (server).
Client/Server Rationale
6 SAC 2014 – TRECK – Gyeongju (Korea) - 25 March 2014
7. Architecture Overview
Web
MUSES ClientMUSES Server
Secure Channel
HTTPS / REST / Web Service
Connection
Manager
Connection
Manager
7 SAC 2014 – TRECK – Gyeongju (Korea) - 25 March 2014
8. • Online (device can connect with the MUSES server):
– It is possible to request the server to make a decision.
• Offline (device cannot connect with the MUSES server):
– All the decisions should be made in the device.
– The information gathered should be stored for later
submission (when a connection is available).
Working Modes
8 SAC 2014 – TRECK – Gyeongju (Korea) - 25 March 2014
11. Client Architecture. Modules
z
MUSES
Aware App
Non MUSES
aware
App
OS
MUSES
User
Interface
Access Control
System
(MusACS)
Device
Monitor (MusDM)
Local Database
Info DB
Info SS
Info M
Info CT
Info U
Info UInfo AP
Info AP
Info SS*
Connection
Manager
Info D
External
Communications
Internal
Communications
Developed by
MUSES
Not entirely
developed by
MUSES
Info OS
11
12. Client Architecture. Submodules
Security Policy
Receiver
MUSES
Aware App
Non MUSES
aware
App
OS
MUSES
User
Interface
MusACS
User, Context,
Event Handler
Decision
Maker
MusDM
Local Database
Event Cache
Decision Table
Local Security
Info DB
Info D
Info SS
Info D
User Context Monitoring
System Actuator
Info M
Info CT
Info DC
Info U
Info UInfo AP
Info U
Info OS
Info SS*
Connection
Manager
External
Communications
Internal
Communications
Developed by
MUSES
Not entirely
developed by
MUSES
12
14. Server Architecture. Modules
Security
Policies/Risk
Management
Info PV
Info PD
Privacy
Enhancing
System
Info SS
User, Context,
Event
Data Receiver
Info DB Info M Info DB-RT
Info SS*
Info M
DATABASE
Enterprise
Security
Log
Security
Rules
Event
Correlation
User
Behaviour
Trust Data
and
Profiles
Connection
Manager
Info KN Info DB
Knowledge Refinement System
(MusKRS)
Continuous Real-Time Event Processor
(MusCRTEP)
RT2AE
(Real Time - Risk
and Trust
Analysis Engine)
External
Communications
Internal
Communications
Developed by
MUSES
Not entirely
developed by
MUSES
14
15. Server Architecture. Submodules
Security
Policies/Risk
Management
Info PV
Info PD
Privacy
Enhancing
System
Info SS
User, Context,
Event
Data Receiver
Info DB Info M Info DB-RT
Info SS*
MusKRS
Knowledge
Compiler
Data
Miner
Info DM
MusCRTEP
Event
Processor
RT2AE Policy Selector
Policy Transmitter
Info E
Info D
Info M
DATABASE
Enterprise
Security
Log
Security
Rules
Event
Correlation
User
Behaviour
Trust Data
and
Profiles
Connection
Manager
Info RT
Info KN Info DB
External
Communications
Internal
Communications
Developed by
MUSES
Not entirely
developed by
MUSES
15
16. 16
Web
User’s DeviceCompany Server
Non-Secure Connection Connection
Manager
Connection
Manager
Workflow Example:
Attempt to upload file via a non-secure connection
SAC 2014 – TRECK – Gyeongju (Korea) - 25 March 2014
17. vSystem Actuator
Event Cache
Local Security
Workflow Example:
Attempt to upload file using a MUSES-aware application via a non-secure connection
Security Policy
Receiver
Non MUSES
aware
App
OS
MUSES
User
Interface
MusACS
Decision
Maker
MusDM
Local Database
Decision Table
Connection
Manager
User, Context,
Event Handler
User Context Monitoring
MUSES
Aware App
17
18. vSystem Actuator
Event Cache
Local Security
Workflow Example:
Attempt to upload file using a MUSES-aware application via a non-secure connection
Security Policy
Receiver
Non MUSES
aware
App
OS
MUSES
User
Interface
MusACS
Decision
Maker
MusDM
Local Database
Decision Table
Connection
Manager
User, Context,
Event Handler
User Context Monitoring
MUSES
Aware App
18
21. Event Cache
Local Security
v
User Context Monitoring
MUSES
Aware App
Non MUSES
aware
App
OS
MUSES
User
Interface
MusACS MusDM
Local Database
Decision Table
Connection
Manager
System Actuator
Security Policy
Receiver
Workflow Example:
Attempt to upload file using a MUSES-aware application via a non-secure connection
User, Context,
Event Handler
Decision
Maker
21
22. v
User Context Monitoring
Local Security
Event Cache
Security Policy
Receiver
MUSES
Aware App
Non MUSES
aware
App
OS
MUSES
User
Interface
MusACS MusDM
Local Database
Decision Table
Connection
Manager
User, Context,
Event Handler
System Actuator
Workflow Example:
Attempt to upload file using a MUSES-aware application via a non-secure connection
Decision
Maker
22
24. Rule refinement example
– Application: Corporate application that takes pictures and
it uploads them to a server.
– Policy: Any employee of the company is allowed to take
and upload pictures to corporate servers, only using
corporate applications.
– Long term observation: If the application is used outside of
the building, some security risks are observed.
– Proposed refined rules would require stronger
authentication depending on location, to allow uploading
pictures
24 SAC 2014 – TRECK – Gyeongju (Korea) - 25 March 2014
27. • Data Miner:
– Classification assign classes to new patterns.
– Clustering group similar patterns (search for anomalous)
– Feature Selection remove less significant variables.
– Data Visualization show data information for a controller
• Knowledge Compiler:
– Adapt existing rules adjust them to improve the pattern covering
(Evolutionary Algorithms).
– Infer/create new rules to deal with new detected situations
(Genetic Programming).
Knowledge Refinement System
27 SAC 2014 – TRECK – Gyeongju (Korea) - 25 March 2014