Multi-Agents System Service

based Platform in
Telecommunication Security
Incident Reaction





Benjamin Gteau, Djamel Khadraoui, Christophe Feltus
Public Research Centre Henri Tudor
INTRODUCTION
Telecom and information systems are more
widely spread and heterogeneous
More complexity through their opening
More complexity through their interconnection





Many challenges
Security management :
Establish central or local permanent decision capabilities;
Have the necessary level of information;
Quickly collect the information, which is critical in case of an
attack on a critical system node;
Launch automated countermeasures to quickly block a detected
attack.
Previous work :
Reaction strategy consists of automating and adapting policies
when attack occurs
towards a policy regulation process
Security management challenges
From organisation business policy to
networks securitys state
Regulation loop
Agreement or automation
Conflict
management
Requirement analysis and design
Based on the requirement :
selected approach
MAS





Advantages :
- reactivity and pro-activity
- cooperation
- autonomous

XACML architecture







A policy language implemented in XML
A processing model, describing how to
interpret the policies

Agent based distributed architecture
Vertical dimension
Organizational layer
Allows adding abstraction
Higher level = global view

Horizontal dimension
Three basic components
Agent function


Agent based distributed architecture
Alert Correlation Engine
Collect, correlate and analyze alerts
Forward to the reaction decision component

Police Instantiation Engine
Decide if reaction is needed (based on
organization, behaviour, policy)
Modify, add or remove policy

Policy Deployment Point
Instantiate and deploy policy
Enforcement of new policy to the PEP
New security state of the network



Development of a policy enforcement engine



JADE
Java Agent DEvelopment framework
Software framework fully implemented in JAVA
Simplifies the implementation of multi-agent
systems through a middleware
The agent platform can be distributed across
machines
Configuration can be controlled via a remote GUI
Set of system services :
Naming services, yellow pages services, message
transport and parsing services
Policy enforcement engine
- Components
- PIE, PDP, PEP
- Information
flow
- FIPA-ACL
- Agents
- PIE, PDP, PEP
and Facilitator

Policy Decision Point /
Enforcement Point
- Interaction between PDP and the
Facilitator agents
- The Facilitator agent manage the
topology by retrieving PEP Agent
- According to their localization
(IP/Mac addresses)
- According to the action/type (FW, FS,
etc.)
- PDP decides PEP that is able to
implement the policies in terms of
rules or scripts on devices.
- PEP concretely apply the policy
CONCLUSIONS
From organisation business policy to
networks securitys state - Regulation loop
Requirement analysis and design
Agent based distributed architecture
Vertical / Horizontal layer
JADE platform