Protecting grids from cross-domain attacks using security alert sharing mechanisms

In single administrative domain networks there is only one security policy which can be evaluated by the IT security manager, thanks to monitoring and reporting tools. Grid networks are often composed of different administrative domains owned by different organizations dispersed globally. Such networks are referred to asmulti-administrative domain networks. Each domainmight have its own security policy and may not want to share its security data with less-protected networks, making it more complex to ensure the security of such networks and protecting them from cross-domain attacks. We propose a Security Event Manager (SEM) called the Grid Security Operation Center (GSOC), which facilitates IT security managers in giving a viewof the security of thewhole grid networkwithout compromising confidentiality of security data. To do so, GSOC provides a security evaluation of each administrative domain (AD) and a parametric security alert sharing scheme. Alert sharing can then be tuned in order to meet local security policy rules. © 2012 Elsevier B.V. All rights reserved.