Skip to main content
SpringerLink
Log in
Book cover

Transactions on Engineering Technologies pp 161–175Cite as

Distributed Protection for the Enterprise

  • Conference paper
  • First Online:

  • 652 Accesses

Abstract

Entities in the enterprise are deployed with a standard configuration. Over time, patches, updates, new software versions, and mistakes or malicious activity all lead to deviations across the enterprise from this standard baseline. Malicious or unknown software on a system can cause harm or unexpected behavior. To mitigate these problems where possible, and help fix them in other cases, an enterprise plan for quality of protection is needed. This involves eliminating certain actions on machines that could harm the machine itself or the enterprise. The level of protection is dependent upon the type of enclave (an enclave is defined as a collection of entities with a common set of security and assurance mechanisms in place). Certain mitigations will be exercised based upon the cyber environment and enclave, and they may be exercised in different ways when communication is needed across enclaves of differing security and assurance. Mitigations include virus scanners and disabling of devices or interfaces. These mitigations also involve identifying and fixing issues that were not stopped. This requires a central visualization of the enterprise to quickly identify potential issues and a method of remotely taking action to either fix the affected system or freeze it until further action can be taken. This chapter discusses the current approach to centralized monitoring of communication as opposed to a more distributed approach. The latter relies on a well-formed security paradigm for the enterprise. The paper concludes with a proposal for a distributed inspection system that is currently being developed and tested.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Chandersekaran C, Foltz K Simpson WR (2014) Distributed versus centralized protection schema for the enterprise. In: Proceedings world congress on engineering and computer science 2014, WCECS2014. Lecture notes in engineering and computer science, San Francisco, USA, pp 68–73

    Google Scholar 

  2. Oppliger R (1997) Internet security: FIREWALLS and beyond. Commun ACM 40(5):94

    Article  Google Scholar 

  3. Ingham K, Forrest S (2002) A history and survey of network firewalls (pdf)

    Google Scholar 

  4. Alkharobi T, Firewalls, presentation found at http://www.ccse.kfupm.edu.sa/~talal/Sec/Firewall.pdf

  5. Ingham K, Forrest S (2002) A history and survey of network firewalls (pdf). p 4. Retrieved 25 Nov 2011

    Google Scholar 

  6. Cheswick WR, Bellovin SM, Rubin AD (2003) Google books link. Firewalls and internet security: repelling the wily hacker

    Google Scholar 

  7. Duhigg C (2003) Virus may elude computer defenses. Washington Post

    Google Scholar 

  8. Conway R (204). Code hacking: a developer’s guide to network security. Charles River Media, Hingham, p 281. ISBN 1-58450-314-9

    Google Scholar 

  9. Chang R (2002) Defending against flooding-based distributed denial-of-service attacks: a tutorial. IEEE Commun Mag 40(10):42–43

    Article  Google Scholar 

  10. Almeida V, Bestavros A, Crovella M, de Oliveira A (1996) Characterizing reference locality in the WWW. In: Proceedings of the fourth international conference on parallel and distributed information systems, Miami Beach, Florida, USA, 18–20 December 1996, pp 92–107

    Google Scholar 

  11. Altinel M, Bornhövd C, Krishnamurthy S, Mohan C, Pirahesh H, Reinwald B (2003) Cache tables: paving the way for an adaptive database cache. In: Proceedings of the 29th international conference on Very large data bases, Berlin, Germany, 09–12 Sept 2003, pp 718–729

    Google Scholar 

  12. Amiri K, Tewari R, Park S, Padmanabhan S (2002) On space management in a dynamic edge cache. In: Proceedings of the fifth international workshop on the web and databases (WebDB 2002) (Madison, Wisc.). ACM, New York, pp 37–42

    Google Scholar 

  13. Anton J, Jacobs L, Liu X, Parker J Zeng Z, Zhong T (2002) Web caching for database applications with Oracle web cache. In: Proceedings of the 2002 ACM SIGMOD international conference on management of data, 03–06 June 2002, Madison, Wisconsin. doi: 10.1145/564691.564762

  14. Apache HTTP Server Project (2003) Apache HTTP server. http://httpd.apache.org/

    Google Scholar 

  15. BEA Systems (2003) Weblogic application server. http://www.bea.com

  16. CacheFlow (1999) Accelerating e-commerce with cacheflow internet caching appliances (a CacheFlow white paper)

    Google Scholar 

  17. Cain B, Spatscheck O, May M, Barbir A (2001) Request-routing requirements for content internetworking. http://www.ietf.org/internet-drafts/draft-cain-request-routing-req-03.txt

  18. Candan KS, Li WS, Luo Q, Hsiung WP, Agrawal D (2001) Enabling dynamic content caching for database-driven web sites. In: Proceedings of the 2001 ACM SIGMOD international conference on management of data, Santa Barbara, California, USA, 21–24 May 2001, pp 532–543. doi: 10.1145/375663.375736

  19. Challenger J, Dantzig P, Iyengar A (1999) A scalable system for consistently caching dynamic web data. In: Proceedings of the 18th annual joint conference of the IEEE computer and communications societies (INFOCOM) (New York, NY). IEEE Computer Society Press, Los Alamitos, California, pp 294–303

    Google Scholar 

  20. Cunha C, Bestavros A, Crovella M (1995) Characteristics of WWW Client-based traces. Boston University, Boston

    Google Scholar 

  21. ESI Consortium (2001) Edge side includes http://www.esi.org

  22. Gadde S, Rabinovich M, Chase J (1997) Reduce, reuse, recycle: an approach to building large internet caches. In: Proceedings of the 6th workshop on hot topics in operating systems (HotOS-VI), 05–06 May 1997, p 93

    Google Scholar 

  23. Gamma E, Helm R, Johnson R, Vlissides J (1995) Design patterns: elements of reusable object-oriented software. Addison-Wesley Longman Publishing Co. Inc, Boston

    MATH  Google Scholar 

  24. Simpson WR, Chandersekaran C, Trice A (2008) A persona-based framework for flexible delegation and least privilege. In: Electronic digest of the 2008 system and software technology conference, Las Vegas, Nevada, USA May 2008, pp 12–18

    Google Scholar 

  25. Simpson WR, Chandersekaran C, Trice A (2008) Cross-domain solutions in an era of information sharing. In: The 1st international multi-conference on engineering and technological innovation: IMET2008, vol I, Orlando, FL., USA, June 2008, pp 313–318

    Google Scholar 

  26. Chandersekaran C, Simpson WR (2008) The case for bi-lateral end-to-end strong authentication. World Wide Web consortium (W3C) workshop on security models for device APIs, London, England, December 2008, 4 pp

    Google Scholar 

  27. Simpson WR, Chandersekaran C (2009) Information sharing and federation. In: The 2nd international multi-conference on engineering and technological innovation: IMETI 2009, vol I, Orlando, FL., USA, July 2009, pp 300–305

    Google Scholar 

  28. Chandersekaran C Simpson WR (2010) A SAML framework for delegation, attribution and least privilege. In: The 3rd international multi-conference on engineering and technological innovation: IMETI 2010, vol 2, Orlando, FL., July 2010, pp 303–308

    Google Scholar 

  29. Simpson WR, Chandersekaran C (2010) Use case based access control. In: The 3rd international multi-conference on engineering and technological innovation: IMETI 2010, vol 2, Orlando, FL., USA, July 2010, pp 297–302

    Google Scholar 

  30. Chandersekaran C Simpson WR (2012) A model for delegation based on authentication and authorization. In: The first international conference on computer science and information technology (CCSIT-2011). Lecture notes in computer science, Springer, Berlin-Heidelberg, 2–4 Jan 2012, Bangalore, India, 20 pp

    Google Scholar 

  31. Simpson WR, Chandersekaran C (2011) An agent based monitoring system for web services. In: The 16th international command and control research and technology symposium: CCT2011, vol II, Orlando, FL., USA, April 2011, pp 84–89

    Google Scholar 

  32. Simpson WR, Chandersekaran C (2011) An agent-based web-services monitoring system. Int J Comput Technol Appl (IJCTA) 2(9):675–685

    Google Scholar 

  33. Simpson WR, Chandersekaran C Wagner R (2011) High assurance challenges for cloud computing. In: Proceedings world congress on engineering and computer science 2011 WCECS 2011. Lecture notes in engineering and computer science, 19–21 Oct 2011, San Francisco, USA, pp 61–66

    Google Scholar 

  34. Chandersekaran C, Simpson WR (2012) Claims-based enterprise-wide access control. In: Proceedings world congress on engineering 2012. Lecture notes in engineering and computer science, WCE 2012, pp 524–529

    Google Scholar 

  35. Simpson WR, Chandersekaran C (2012) Assured content delivery in the enterprise. In: Proceedings world congress on engineering 2012, WCE 2012. Lecture notes in engineering and computer science, 4–6 July 2012, London, UK, pp 555–560

    Google Scholar 

  36. Simpson WR, Chandersekaran C (2012) Enterprise high assurance scale-up. In: Proceedings world congress on engineering and computer science 2012, WCECS 2012. Lecture notes in engineering and computer science, 24–26 Oct 2012, San Francisco, USA, pp 54–59

    Google Scholar 

  37. Chandersekaran C Simpson WR (2012) A uniform claims-based access control for the enterprise. Int J Sci Comput 6(2):1–23. ISSN: 0973–578X

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Defense Analyses, 4850 Mark Center Drive, Alexandria, VA, 22311, USA

    William R. Simpson

Authors
  1. William R. Simpson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to William R. Simpson .

Editor information

Editors and Affiliations

  1. Computer & Communication, Catholic University of DaeGu Engineering College, DaeGu, Korea, Republic of (South Korea)

    Haeng Kon Kim

  2. College of Engineering, California State Polytechnic University, Pomona, California, USA

    Mahyar A. Amouzegar

  3. IAENG Secretariat, International Association of Engineers, Hong Kong, Hong Kong SAR

    Sio-long Ao

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer Science+Business Media Dordrecht

About this paper

Cite this paper

Simpson, W.R. (2015). Distributed Protection for the Enterprise. In: Kim, H., Amouzegar, M., Ao, Sl. (eds) Transactions on Engineering Technologies. Springer, Dordrecht. https://doi.org/10.1007/978-94-017-7236-5_12

Download citation

  • DOI: https://doi.org/10.1007/978-94-017-7236-5_12

  • Published:

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-94-017-7235-8

  • Online ISBN: 978-94-017-7236-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation