A broad-spectrum strategy for runtime risk management in VoIP enterprise architectures

12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops Pub Date : 2011-05-23 DOI:10.1109/INM.2011.5990549

O. Dabbebi, Rémi Badonnel, O. Festor

{"title":"A broad-spectrum strategy for runtime risk management in VoIP enterprise architectures","authors":"O. Dabbebi, Rémi Badonnel, O. Festor","doi":"10.1109/INM.2011.5990549","DOIUrl":null,"url":null,"abstract":"Telephony over IP (ToIP) has known a large scale deployment and is supported by the standardization of dedicated signalling protocols. This service is less confined than traditional telephony and is exposed to multiple security attacks. In the meantime, protection mechanisms may seriously impact on its performance. Risk management provides new opportunities for dynamically controlling the service exposure while maintaining low security costs. We propose in this paper a broad-spectrum strategy for runtime risk management in VoIP networks and services. We first analyse and model VoIP attacks based on their observability properties. We then generalize a runtime risk model capable of automatically assessing and treating risks based on dynamic safeguards. In particular, we quantify the potentiality of VoIP attacks and the induced risks with respect to their observability. We evaluate the benefits as well as the limits of our solution through an implementation prototype and an extensive set of simulations.","PeriodicalId":433520,"journal":{"name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INM.2011.5990549","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

Telephony over IP (ToIP) has known a large scale deployment and is supported by the standardization of dedicated signalling protocols. This service is less confined than traditional telephony and is exposed to multiple security attacks. In the meantime, protection mechanisms may seriously impact on its performance. Risk management provides new opportunities for dynamically controlling the service exposure while maintaining low security costs. We propose in this paper a broad-spectrum strategy for runtime risk management in VoIP networks and services. We first analyse and model VoIP attacks based on their observability properties. We then generalize a runtime risk model capable of automatically assessing and treating risks based on dynamic safeguards. In particular, we quantify the potentiality of VoIP attacks and the induced risks with respect to their observability. We evaluate the benefits as well as the limits of our solution through an implementation prototype and an extensive set of simulations.

查看原文本刊更多论文

VoIP企业架构中运行时风险管理的广谱策略

IP电话(ToIP)已经有了大规模的部署，并得到了专用信令协议标准化的支持。这种服务不像传统电话那样受限制，而且容易受到多种安全攻击。同时，保护机制可能会严重影响其性能。风险管理为动态控制服务公开提供了新的机会，同时保持较低的安全成本。本文提出了一种用于VoIP网络和服务运行时风险管理的广谱策略。我们首先根据VoIP攻击的可观察性特性对其进行分析和建模。然后，我们泛化一个运行时风险模型，该模型能够基于动态保障自动评估和处理风险。特别是，我们量化了VoIP攻击的可能性以及相对于其可观察性的诱导风险。我们通过一个实现原型和一组广泛的模拟来评估我们的解决方案的优点和局限性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops

自引率

0.00%

发文量