Secured Access Control in Security Information and Event Management Systems
Subject Areas : Expert SystemsLeila Rikhtechi 1 , Vahid Rafeh 2 , Afshin Rezakhani 3 *
1 - Arak University
2 - Arak University
3 - Ayatollah Borojerdi University
Keywords: Software, Logs, Security Information and Event Management, Integrated Access Control,
Abstract :
Nowadays, Security Information and Event Management (SIEM) is very important in software. SIEM stores and monitors events in software and unauthorized access to logs can prompt different security threats such as information leakage and violation of confidentiality. In this paper, a novel method is suggested for secured and integrated access control in the SIEM. First, the key points where the SIEM accesses the information within the software is specified and integrated policies for access control are developed in them. Accordingly, the threats entered into the access control module embedded in this system are carefully detected. By applying the proposed method, it is possible to provide the secured and integrated access control module for SIEM as well as the security of the access control module significantly increases in these systems. The method is implemented in the three stages of the requirements analysis for the establishment of a secure SIEM system, secure architectural design, and secure coding. The access control module is designed to create a secured SIEM and the test tool module is designed for evaluating the access control module vulnerabilities. Also, to evaluate the proposed method, the dataset is considered with ten thousand records, and the accuracy is calculated. The outcomes show the accuracy of the proposed method is significantly improved. The results of this paper can be used for designing an integrated and secured access control system in SIEM systems.
[1] D. Godoy and A. Corbellini, "Folksonomy-Based Recommender Systems: A State-of-the-Art Review," Int. J. Intell. Syst., vol. 31, no. 4, pp. 314-346, 2016.#
[2] Mohammed, N. M., Niazi, M., Alshayeb, M., & Mahmood, S. (2017). Exploring software security approaches in software development lifecycle: A systematic mapping study. Computer Standards & Interfaces, 50, 107-115.#
[3] DURAIRAJ, S. K. J., & Singla, A. (2017). U.S. Patent Software No. 15/303,771.#
[4] Detken, K. O., Jahnke, M., Kleiner, C., & Rohde, M. (2017, September). Combining Network Access Control (NAC) and SIEM functionality based on open source. In Proceedings of the 9th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Software (IDAACS), Bucharest, September 20th till September 23rd.#
[5] Miller, D. R., Harris, S., Harper, A., VanDyke, S., & Blask, C. (2010). Security Information and Event Management (SIEM) Implementation (Network Pro Library). McGraw Hill.#
[6] Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance. Auerbach Publications.#
[7] Piessens, F., & Verbauwhede, I. (2016, March). Software security: Vulnerabilities and countermeasures for two attacker models. In Proceedings of the 2016 Conference on Design, Automation & Test in Europe (pp. 990-999). EDA Consortium.#
[8] Shostack, A. (2014). Threat modeling: Designing for security. John Wiley & Sons.#
[9] Aydan, U., Yilmaz, M., Clarke, P. M., & O’Connor, R. V. (2017). Teaching ISO/IEC 12207 software lifecycle processes: a serious game approach. Computer Standards & Interfaces, 54, 129-138.#
[10] López-Lira Hinojo, F. J. (2014). Agile, CMMI®, RUP®, ISO/ IEC 12207...: is there a method in this madness? ACM SIGSOFT Software Engineering Notes, 39(2), 1-5.#
[11] Hu, V. C., Kuhn, D. R., & Ferraiolo, D. F. (2015). Attribute-based access control. Computer, 48(2), 85-88.#
[12] Nazir, A., Alam, M., Malik, S. U., Akhunzada, A., Cheema, M. N., Khan, M. K., ... & Khan, A (October 2016). A high-level domain- specific language for SIEM (design, development, and formal verification). Cluster Computing, 1-15.#
[13] Di Sarno, C., Garofalo, A., Matteucci, I., & Vallini, M. (2016). A novel security information and event management system for enhancing cybersecurity in a hydroelectric dam. International Journal of Critical Infrastructure Protection, 13, 39-51.#
[14] Granadillo, G. G., El-Barbori, M., & Debar, H. (2016, November). New Types of Alert Correlation for Security Information and Event Management Systems. In New Technologies, Mobility and Security (NTMS), 2016 8th IFIP International Conference on (pp. 1-7). IEEE.#
[15] Grambow, G., Oberhauser, R., & Reichert, M. (2016). Context-Aware and Process- Centric Knowledge Provisioning: An Example from the Software Development Domain. Innovations in Knowledge Management (pp. 179-209). Springer Berlin Heidelberg.#
[16] Rezakhani, A., Shirazi, H., & Modiri, N. (2018). A novel multilayer AAA model for integrated software. Neural Computing and Software, 29(10), 887-901.#
[17] Grispos, G. (2016). On the enhancement of data quality in security incident response investigations (Doctoral dissertation, University of Glasgow).#
[18] Betz, L. (2016). An Analysis of the Relationship between Security Information Technology Enhancements and Computer Security Breaches and Incidents. (Doctoral dissertation, Nova Southeastern University).#
[19] Babu, B. M., & Bhanu, M. S. (2015). Prevention of insider attacks by integrating behavior analysis with risk-based access control model to protect the cloud. Procedia Computer Science, 54, 157-166.
[20] Bhatt, S., Manadhata, P. K., & Zomlot, L. (2014). The operational role of security information and event management systems. IEEE Security & Privacy, (5), 35-41.#
[21] Boucher, P., Wright, M., Cranny, T., Nault, G., & Smith, M. (2015). U.S. Patent No. 9, 197, 668. Washington, DC: U.S. Patent and Trademark Office.#
[22] ISO, I. IEC 12207: 2017 Systems and software Engineering-Software life cycle processes., (2017). International Organization for Standardization.#
[23] Verbeek, H. M. W., Buijs, J. C., Van Dongen, B. F., & Van Der Aalst, W. M. (2010, June). Xes, xesame, and prom 6. In Forum at the Conference on Advanced Information Systems Engineering (CAiSE) (pp. 60-75). Springer, Berlin, Heidelberg.#
[24] IEEE Standard for eXtensible Event Stream (XES) for Achieving Interoperability in Event Logs and Event Streams, (2016), IEEE Std, pp. 1849-2016.#
[25] Kent, K., & Souppaya, M. (2006). Guide to computer security log management: recommendations of the National Institute of Standards and Technology. US Department of Commerce, Technology Administration, National Institute of Standards and Technology.#
[26] Erturk, E., & Rajan, A. (2017). Web Vulnerability Scanners: A Case Study. arXiv preprint arXiv:1706.08017.#
[27] Hsu, C. L., Chen, W. X., & Le, T. V. (2020). An Autonomous Log Storage Management Protocol with Blockchain Mechanism and Access Control for the Internet of Things. Sensors, 20(22), 6471.#
[28] Liang, D. (2020). U.S. Patent No. 10,616,258. Washington, DC: U.S. Patent and Trademark Office.#
[29] De Oliveira, M. G., & Jatoba, P. (2020). U.S. Patent No. 10,579,995. Washington, DC: U.S. Patent and Trademark Office.#