A Trusted Computing Architecture for Secure Substation Automation
Most critical infrastructure systems can be modeled as cyber-physical systems whose cyber components control underlying physical processes so as to optimize specified system objectives based on physical properties, physical constraints, and the current and estimated state of the system. Such systems usually require support for security and performance guarantees: wrongly received or missed commands can render the entire system unstable. Yet, securing cyber-physical systems with heterogeneous components is still an open and challenging problem. In this paper, we propose techniques for resilient substation automation of power utility systems with security based on the trusted computing paradigm. By using trusted platform module (TPM)-enabled components and a novel access control structure that enforces need-to-get-now (availability) policies, we show how to develop IEC/TR 61850-90-5 compliant substation automation systems that are resilient. We demonstrate the feasibility of our approach by analyzing and experimenting with an open source IEC/TR 61850-90-5 implementation.
KeywordsCyber-physical systems critical infrastructures electricity grid IEC/TR 61850-90-5
Unable to display preview. Download preview PDF.
- 1.Bell, D.E., LaPadula, L.J.: Secure Computer Systems: Mathematical Foundations. MITRE Corporation (1973), http://www.albany.edu/acc/courses/ia/classics/belllapadula1.pdf
- 2.Biba, K.J.: Integrity Considerations for Secure Computer Systems. MITRE Corporation, Technical Report, ESD-TR-76-372, MTR-3135 (April 1977)Google Scholar
- 3.Blake, S., Clark, D., Carlson, M., Davies, E., Wang, Z., Weiss, W.: An Architecture for Differentiated Services. RFC 2475 (December 1998)Google Scholar
- 4.Braden, R., Clark, D., Shenker, S.: Integrated Services in the Internet Architecture: an Overview. RFC 1633 (June 1994)Google Scholar
- 6.International Electrotechnical Commission. IEC/TR 61850-90-5, Edition 1.0 2012-05, Technical Report, Power systems management and associated information exchange – Data and communications security (May 2012), http://webstore.iec.ch/preview/info_iec61850-90-5%7Bed1.0%7Den.pdf
- 7.International Electrotechnical Commission. IEC/TS 62351-1, First edition 2007-05, Technical Specifications (May 2012), http://webstore.iec.ch/preview/info_iec61850-90-5%7Bed1.0%7Den.pdf
- 10.SISCO. Cisco and SISCO Collaborate on Open Source Synchrophasor Framework, Press Release (2011), http://www.sisconet.com/downloads/90-5_Cisco_SISCO.pdf
- 11.Trusted Computing Group (TCG), http://www.trustedcomputinggroup.org/
- 12.Trusted Network Connect Architecture for Interoperability (TNC), Specification 1.3. Revision 6 (April 2008)Google Scholar
- 13.Trusted Platform Module (TPM) Structures, Level 2, Version 1.2. Revision 116, Communication Networks and Systems for Power Utility Automation (March 2011), http://www.trustedcomputinggroup.org/resources/tpm_main_specification