Abstract
In this chapter we discuss the susceptibility of critical information infrastructures to computer-borne attacks and faults, mainly due to their largely computerized nature, and to the pervasive interconnection of systems all over the world. We discuss how to overcome these problems and achieve resilience of critical information infrastructures, through adequate architectural constructs. The architecture we propose is generic and may come to be useful as a reference for modern critical information infrastructures. We discuss four main aspects: trusted components which induce prevention; middleware devices that achieve runtime automatic tolerance and protection; trustworthiness monitoring mechanisms detecting and adapting to non-predicted situations; organization-level security policies and access control models capable of securing global information flows.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This work was mainly supported by the EC, through project IST-FP6-STREP 027513 (CRUTIAL) and NoE IST-4-026764-NOE (ReSIST), by the FCT through the Large-Scale Informatic Systems Laboratory (LaSIGE) and the CMU-Portugal partnership.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bessani, A.N., Sousa, P., Correia, M., Neves, N.F., Verissimo, P.: Intrusion-tolerant protection for critical infrastructures. DI/FCUL TR 07–8, Department of Informatics, University of Lisbon (April 2007)
Bondavalli, A., Chiaradonna, S., Cotroneo, D., Romano, L.: Effective fault treatment for improving the dependability of COTS- and legacy-based applications. IEEE Transactions on Dependable and Secure Computing 11(4), 223–237 (2004)
Bondavalli, A., Chiaradonna, S., Di Giandomenico, F., Grandoni, F.: Threshold-based mechanisms to discriminate transient from intermittent faults. IEEE Transactions on Computers 49(3), 230–245 (2000)
Byres, E., Karsch, J., Carter, J.: NISCC good practice guide on firewall deployment for SCADA and process control networks. Technical report, NISCC, Revision 1.4 (February 2005)
North American Electric Reliability Council. Urgent action standard 1200 (2003)
Daidone, A., Di Giandomenico, F., Bondavalli, A., Chiaradonna, S.: Hidden Markov models as a support for diagnosis: Formalization of the problem and synthesis of the solution. In: 25th IEEE Symposium on Reliable Distributed Systems (SRDS 2006), pp. 245–256 (October 2006)
Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: A proposed standard for role-based access control. ACM Transactions on Information and System Security 4(3) (2001)
Gong, L., Lincoln, P., Rushby, J.: Byzantine agreement with authentication: Observations and applications in tolerating hybrid and link faults. Dependable Computing for Critical Applications, IFIP WG 10.4, preliminary proceedings 5, 79–90 (1995)
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Communications of the ACM 19(8), 461–471 (1976)
El Kalam, A.A., Deswarte, Y., Baina, A., Kaaniche, M.: Access control for collaborative systems: A web services based approach. In: Proceedings of the IEEE International Conference on Web Services, pp. 1064–1071 (2007)
El Kalam, A.A., Elbaida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miége, A., Saurel, C., Trouessin, G.: Organization-based access control. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks, pp. 277–288 (June 2003)
Kilman, D., Stamp, J.: Framework for SCADA security policy. Technical report, Sandia Corporation (2005)
Lala, J.H. (ed.): Foundations of Intrusion Tolerant Systems. IEEE Computer Society Press, Los Alamitos (2003)
Mongardi, G.: Dependable computing for railway control systems. In: Proceedings of the International Conference on Dependable Computing for Critical Applications, pp. 255–277 (1993)
International Standards Organization. ISO/IEC Standard 15408-1, Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and general model 3 (July 2005)
Pizza, M., Strigini, L., Bondavalli, A., Di Giandomenico, F.: Optimal discrimination between transient and permanent faults. In: Proceedings of the 3rd IEEE High Assurance System Engineering Symposium, pp. 214–223 (1998)
Romano, L., Bondavalli, A., Chiaradonna, S., Cotroneo, D.: Implementation of threshold-based diagnostic mechanisms for COTS-based applications. In: Proceedings of the 21st IEEE Symposium on Reliable Distributed Systems, pp. 296–303, October 13-16 (2002)
Serafini, M., Bondavalli, A., Suri, N.: Online diagnosis and recovery: On the choice and impact of tuning parameters. IEEE Transactions on Dependable and Secure Computing 4(4), 295–312 (2007)
Siewiorek, D.P., Swartz, R.S.: Reliable Computer Systems: Design and Evaluation. A.K. Peters (1998)
Sousa, P., Neves, N.F., Verissimo, P.: How resilient are distributed f fault/intrusion-tolerant systems? In: Proceedings of the IEEE International Conference on Dependable Systems and Networks (June 2005)
Thomas, R., Sandhu, R.: Task-based authorization controls. In: Proceedings of the 11th IFIP Working Conference on Database Security, pp. 166–181 (1997)
Verissimo, P., Neves, N.F., Cachin, C., Poritz, J., Powell, D., Deswarte, Y., Stroud, R., Welch, I.: Intrusion-tolerant middleware: The road to automatic security. IEEE Security & Privacy 4(4), 54–62 (2006)
Verissimo, P., Neves, N.F., Correia, M.: The CRUTIAL reference critical information infrastructure architecture: A blueprint. International Journal of System of Systems Engineering (to appear, 2008)
Vitek, J., Jensen, C.: A view-based access control model for CORBA. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603. Springer, Heidelberg (1999)
W3C. SOAP, version 1.2. W3C Recommendation (June 2003)
W3C. Extensible markup language (XML). W3C Recommendation (February 2004)
W3C. WSDL, version 2.0. W3C Candidate Recommendation (March 2006)
Walter, C.J., Lincoln, P., Suri, N.: Formally verified on-line diagnosis. IEEE Transactions Software Engineering 23(11), 684–721 (1997)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Veríssimo, P. et al. (2008). The CRUTIAL Architecture for Critical Information Infrastructures. In: de Lemos, R., Di Giandomenico, F., Gacek, C., Muccini, H., Vieira, M. (eds) Architecting Dependable Systems V. Lecture Notes in Computer Science, vol 5135. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85571-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-85571-2_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85570-5
Online ISBN: 978-3-540-85571-2
eBook Packages: Computer ScienceComputer Science (R0)