Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Critical Information Infrastructures Security

CRITIS 2006: Critical Information Infrastructures Security pp 1–14Cite as

CRUTIAL: The Blueprint of a Reference Critical Information Infrastructure Architecture

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNCCN,volume 4347)

Abstract

In the past few decades, critical infrastructures have become largely computerised and interconnected all over the world. This generated the problem of achieving resilience of critical information infrastructures against computer-borne attacks and severe faults. Governments and industry have been pushing an immense research effort in information and systems security, but we believe the complexity of the problem prevents it from being solved using classical security methods.

The paper focuses on the computer systems behind electrical utility infrastructures. It proposes the blueprint of a distributed systems architecture that we believe may come to be useful as a reference for modern critical information infrastructures in general. The architecture is instantiated with a set of classes of techniques and algorithms, based on paradigms providing resilience to faults and attacks in an automatic way.

Keywords

  • Intrusion Detection
  • Critical Infrastructure
  • Access Control Model
  • Classical Security
  • Byzantine Fault

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This work was mainly supported by the EC, through project IST-4-027513-STP (CRUTIAL), and also by the FCT, through LASIGE and projects POSI/EIA/61643/2004 (AJECT) and POSI/EIA/60334/2004 (RITAS).

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ISO/IEC Standard 15408, Evaluation Criteria for IT Security, parts 1 to 3 (1999)

    Google Scholar 

  2. President’s Critical Infrastructure Protection Board and Office of Energy Assurance U.S. Department of Energy. 21 Steps to Improve Cyber Security of SCADA Networks. U.S. Department of Energy (2002)

    Google Scholar 

  3. Bondavalli, A., Chiaradonna, S., Cotroneo, D., Romano, L.: Effective fault treatment for improving the dependability of COTS and legacy-based applications. IEEE Transactions on Parallel and Distributed Systems 1(4), 223–237 (2004)

    Google Scholar 

  4. Byres, E., Karsch, J., Carter, J.: NISCC good practice guide on firewall deployment for SCADA and process control networks. Technical report, NISCC, Revision 1.4 (February 2005)

    Google Scholar 

  5. Cieslewicz, J.: Attacks and accidents: Policy to protect the power grid’s critical computing and communication needs. Senior interdisciplinary honors thesis in international security studies, Stanford University (May 2004)

    Google Scholar 

  6. Dondossola, G., Deconinck, G., Di Giandomenico, F., Donatelli, S., Kaaniche, M., Veríssimo, P.: Critical utiliy infrastructural resilience. In: International Workshop on Complex Network and Infrastructure Protection (March 2006)

    Google Scholar 

  7. US-Canada Power System Outage Task Force. Interim Report: Causes of the August 14th Blackout in the United States and Canada (November 2003)

    Google Scholar 

  8. Geer, D.: Security of critical control systems sparks concern. IEEE Computer, 20–23 (January 2006)

    Google Scholar 

  9. Gordon, L.A., Loeb, M.P., Lucyshyn, W., Richardson, R.: 2006 CSI/FBI computer crime and security survey. Computer Security Institute (2006)

    Google Scholar 

  10. El Kalam, A.A., Elbaida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miége, A., Saurel, C., Trouessin, G.: Organization-based access control. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks, June 2003, pp. 277–288 (2003)

    Google Scholar 

  11. Lamport, L., Shostak, R., Pease, M.: The Byzantine generals problem. ACM Transactions on Programming Languages and Systems 4(3), 382–401 (1982)

    CrossRef  MATH  Google Scholar 

  12. Li, H., Rosenwald, G.W., Jung, J., Liu, C.: Strategic power infrastructure defense. Proceedings of the IEEE 93(5), 918–933 (2005)

    CrossRef  Google Scholar 

  13. Littlewood, B., Strigini, L.: Redundancy and diversity in security. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 423–438. Springer, Heidelberg (2004)

    CrossRef  Google Scholar 

  14. Luiijf, H., Klaver, M.: The current state of threats. In: e-Security in Europe: Todays Status and The Next Step (October 2004)

    Google Scholar 

  15. Madani, V., Novosel, D.: Getting a grip on the grid. IEEE Spectrum 42(12), 42–47 (2005)

    CrossRef  Google Scholar 

  16. Neves, N.F., Antunes, J., Correia, M., Verfssimo, P., Neves, R.: Using attack injection to discover new vulnerabilities. In: Proceedings of the International Conference on Dependable Systems and Networks (June 2006)

    Google Scholar 

  17. Pollet, J.: Developing a solid SCADA security strategy. In: Proceedings of the ISA/IEEE Sensors for Industry Conference, November 2002, pp. 148–156 (2002)

    Google Scholar 

  18. Sousa, P., Neves, N.F., Verissimo, P.: How resilient are distributed f fault/intrusion-tolerant systems? In: Proceedings of the IEEE International Conference on Dependable Systems and Networks (June 2005)

    Google Scholar 

  19. Sousa, P., Neves, N.F., Veríssimo, P.: Resilient state machine replication. In: Proceedings of the 11th Pacific Rim International Symposium on Dependable Computing, December 2005, pp. 305–309 (2005)

    Google Scholar 

  20. Stamp, J., Dillinger, J., Young, W., DePoy, J.: Common vulnerabilities in critical infrastructure control systems. Technical report, Sandia National Laboratories (May 2003)

    Google Scholar 

  21. Stouffer, K., Falco, J., Kent, K.: Guide to supervisory control and data acquisition (SCADA) and industrial control systems security. Recommendations of the National Institute of Standards and Technology, Special Publication 800-82, NIST (September 2006) (Initial Public Draft)

    Google Scholar 

  22. Turner, D., Entwisle, S., Friedrichs, O., Ahmad, D., Blackbird, J., Fossi, M., Hanson, D., Gordon, S., Cole, D., Cowlings, D., Morss, D., Bradley, B., Szor, P., Chien, E., Ward, J., Gough, J., Talbot, J.: Symantec Internet security threat report. Trends for January 05–June 05. Symantec, vol. VIII (September 2005)

    Google Scholar 

  23. van Eeten, M., Roe, E., Schulman, P., de Bruijne, M.: The enemy within: System complexity and organizational surprises. In: Dunn, M., Mauer, V. (eds.) International CIIP Handbook 2006, vol. II, pp. 89–110. Center for Security Studies, ETH Zurich (2006)

    Google Scholar 

  24. Veríssimo, P.: Lessons learned with NavTech: a framework for reliable large-scale applications. DI/FCUL TR 02–17, Department of Informatics, University of Lisbon (December 2002)

    Google Scholar 

  25. Veríssimo, P.: Travelling through wormholes: a new look at distributed systems models. SIGACTN: SIGACT News (ACM Special Interest Group on Automata and Computability Theory) 37(1), 66–81 (2006)

    Google Scholar 

  26. Veríssimo, P., Neves, N.F., Cachin, C., Poritz, J., Powell, D., Deswarte, Y., Stroud, R., Welch, I.: Intrusion-tolerant middleware: The road to automatic security. IEEE Security & Privacy 4(4), 54–62 (2006)

    CrossRef  Google Scholar 

  27. Veríssimo, P., Neves, N.F., Correia, M.: Intrusion-tolerant architectures: Concepts and design. In: Lemos, R., Gacek, C., Romanovsky, A. (eds.) Architecting Dependable Systems, vol. 2677, pp. 3–36 (2003)

    Google Scholar 

  28. Wilson, C.: Terrorist capabilities for cyber-attack. In: Dunn, M., Mauer, V. (eds.) International CIIP Handbook 2006, vol. II, pp. 69–88. Center for Security Studies, ETH Zurich (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Sciences, University of Lisboa, Bloco C6, Campo Grande, 1749-016, Lisboa, Portugal

    Paulo Veríssimo, Nuno Ferreira Neves & Miguel Correia

Authors
  1. Paulo Veríssimo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nuno Ferreira Neves
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Miguel Correia
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information and Communication Technologies, University of A Coruña, Spain

    Javier Lopez

Rights and permissions

Reprints and Permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Veríssimo, P., Neves, N.F., Correia, M. (2006). CRUTIAL: The Blueprint of a Reference Critical Information Infrastructure Architecture. In: Lopez, J. (eds) Critical Information Infrastructures Security. CRITIS 2006. Lecture Notes in Computer Science, vol 4347. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11962977_1

Download citation

  • DOI: https://doi.org/10.1007/11962977_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-69083-2

  • Online ISBN: 978-3-540-69084-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

search

Navigation