Reasoning about Vulnerabilities in Dependent Information Infrastructures: A Cyber Range Experiment

  • Adedayo O. Adetoye
  • Sadie Creese
  • Michael H. Goldsmith
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7722)


Malice aside, even the pursuit of legitimate local goals such as cost minimisation, availability, and resilience in subsystems of a critical information infrastructure (CII) can induce subtle dynamic behaviours and dependencies that endanger higher-level goals and security of services. However, in practice, the subsystems of a CII may not be entirely cooperative, potentially having different and perhaps conflicting management goals; and some subsystems may be malicious or untrustworthy. Consequently, vulnerabilities may arise accidentally or deliberately through the dependency on subsystems with conflicting goals, or systems which might contain potentially rogue elements. We have developed an analytical framework for reasoning about vulnerabilities and risks in dependent critical infrastructure. To validate the analytical framework we have carried out a series of experiments on a Cyber Range facility, simulating dependent information infrastructures. This paper presents results obtained from the experiments.


Dependent Information Infrastructure Analytical Tools Cyber Range Experiment 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adetoye, A.O., Creese, S., Goldsmith, M.H.: Analysis of dependencies in critical infrastructures. In: Proceedings of the 6th International Conference on Critical Information Infrastructure Security (CRITIS 2011). LNCS, Springer, Heidelberg (2011)Google Scholar
  2. 2.
    Balakrishnan, A., Magnanti, T.L., Mirchandani, P.: Connectivity-splitting models for survivable network design. Networks 43(1), 10–27 (2004)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Creese, S., Goldsmith, M.H., Adetoye, A.O.: A logical high-level framework for critical infrastructure resilience and risk assessment. In: 2011 Third International Workshop on Cyberspace Safety and Security (CSS), pp. 7–14 (September 2011)Google Scholar
  4. 4.
    Dijkstra, E.W.: Self-stabilizing systems in spite of distributed control. Communications of the Association of the Computing Machinery 17(11), 643–644 (1974)CrossRefGoogle Scholar
  5. 5.
    Dolev, S.: Self-Stabilization. MIT Press, Cambridge (2000)CrossRefGoogle Scholar
  6. 6.
    Dudenhoeffer, D.D., Permann, M.R., Manic, M.: CIMS: a framework for infrastructure interdependency modeling and analysis. In: Felipe Perrone, L., Lawson, B., Liu, J., Wieland, F.P. (eds.) Proceedings of the Winter Simulation Conference WSC 2006, Monterey, California, USA, pp. 478–485 (2006)Google Scholar
  7. 7.
    Dudenhoeffer, D.D., Permann, M.R., Woolsey, S., Timpany, R., Miller, C., McDermott, A., Manic, M.: Interdependency modeling and emergency response. In: Wainer, G.A. (ed.) Proceedings of the 2007 Summer Computer Simulation Conference, SCSC 2007, San Diego, California, USA, July 16-19, pp. 1230–1237. Simulation Councils, Inc. (2007)Google Scholar
  8. 8.
    Haimes, Y., Jiang, P.: Leontief-based model of risk in complex interconnected infrastructures. Journal of Infrastructure Systems 7, 1–12 (2001)CrossRefGoogle Scholar
  9. 9.
    Masucci, V., Adinolfi, F., Servillo, P., Dipoppa, G., Tofani, A.: Ontology-Based Critical Infrastructure Modeling and Simulation. In: Palmer, C., Shenoi, S. (eds.) Critical Infrastructure Protection III, p. 229 (2009)Google Scholar
  10. 10.
    Neville, J., Jensen, D., Chickering, M.: Relational dependency networks. Journal of Machine Learning Research 8 (2007)Google Scholar
  11. 11.
    Nieuwenhuijs, A., Luiijf, E., Klaver, M.: Modeling Dependencies In Critical Infrastructures. In: Papa, M., Shenoi, S. (eds.) Critical Infrastructure Protection II. IFIP, vol. 290, pp. 205–213. Springer, Boston (2008)CrossRefGoogle Scholar
  12. 12.
    Oliva, G., Panzieri, S., Setola, R.: Agent-based input-output interdependency model. International Journal of Critical Infrastructure Protection 3, 76–82 (2010)CrossRefGoogle Scholar
  13. 13.
    Pederson, P., Dudenhoeffer, D., Hartley, S., Permann, M.: Critical infrastructure interdependency modeling: A survey of U.S. and international research. Technical Report INL/EXT-06-11464, Idaho National Laboratory, Idaho Falls, Idaho 83415 (August 2006)Google Scholar
  14. 14.
    Ragni, M., Scivos, A.: Dependency calculus reasoning in a general point relation algebra. In: Kaelbling, L.P., Saffiotti, A. (eds.) IJCAI 2005, Proceedings of the Nineteenth International Joint Conference on Artificial Intelligence, Edinburgh, Scotland, UK, July 30-August 5, pp. 1577–1578. Professional Book Center (2005)Google Scholar
  15. 15.
    Shamir, A.: How to share a secret. Communications of the ACM 22(11), 612–613 (1979)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Svendsen, N.K., Wolthusen, S.D.: Multigraph dependency models for heterogeneous infrastructures. In: Goetz, E., Shenoi, S. (eds.) Critical Infrastructure Protection. IFIP, vol. 253, pp. 337–350. Springer, Boston (2007)CrossRefGoogle Scholar
  17. 17.
    Walsh, S., Cherry, S., Roybal, L.: Critical infrastructure modeling: An approach to characterizing interdependencies of complex networks & control systems. In: 2nd Conference on Human System Interactions, HSI 2009, pp. 637–641 (May 2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Adedayo O. Adetoye
    • 1
  • Sadie Creese
    • 1
  • Michael H. Goldsmith
    • 1
  1. 1.Cyber Security Centre, Department of Computer ScienceUniversity of OxfordOxfordUK

Personalised recommendations