Το work with title Implementing a monitoring assessment event reasoning software system deployed on Kubernetes by Chatzimpyrros Emmanouil is licensed under Creative Commons Attribution 4.0 International
Bibliographic Citation
Emmanouil Chatzimpyrros, "Implementing a Monitoring Assessment Event Reasoning Software System Deployed on Kubernetes", Master Thesis, School of Electrical and Computer Engineering, Technical University of Crete, Chania, Greece, 2022
https://doi.org/10.26233/heallink.tuc.94571
During the last years, the contemporary cyber systems, in their majority, are crowning security as the primary concern. As data collection has become more sophisticated over the last decade, organizations that collect and hold Personal Identifiable Information (PII) or any form of sensitive data are obliged by the relevant data protection legislation to provide guarantees that this data is handled in a certain, manner. Furthermore, organizations employing data need to be in line with the common security policies, dictated by the international/local standards, and must act proactively by following the best practices and taking measures to ensure the data sustainability as well as the successful detection of any type of cyber-attack. Monitoring assessments are used to check for violations of security and dependability properties, which are necessary for the correct operation of the security solutions that are implied in a system. Events compose the necessary parts for these types of assessments, providing the fundamental abstraction for representing time-evolving information that may affect situations under certain circumstances. The research domain of complex event recognition and reasoning, focuses on tracking and analyzing streams of events in order to detect event patterns of special significance. The event streams may originate from various sources, such as sensors, computer networks, system log-files, video captors, etc. Additionally, the event stream's velocity and volume pose significant challenges to the event processing systems. The aim of this thesis is to report a ‘from-scratch-implementation’ of a scalable runtime tool that serves this security assessment procedure followed up by a performance evaluation analysis. It is based on Everest, a logical reasoning system that provides event recognition and evaluation. It employs the Event Calculus formalism using Business Rules Management Language for the logical operations that a security policy assessment indicates. It also operates on a Kubernetes clustered based architecture for scalable and distributed event recognition for the core part, combining it with cloud deployment compliancy that is crucial for introducing it as a microservice.