Critical Infrastructures Security Modeling, Enforcement and Runtime Checking

  • Anas Abou El Kalam
  • Yves Deswarte
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5508)

Abstract

This paper identifies the most relevant security requirements for critical infrastructures (CIs), and according to these requirements, proposes an access control framework. The latter supports the CI security policy modeling and enforcement. Then, it proposes a runtime model checker for the interactions between the organizations forming the CIs, to verify their compliance with previously signed contracts. In this respect, not only our security framework handles secure local and remote accesses, but also audits and verifies the different interactions. In particular, remote accesses are controlled, every deviation from the signed contracts triggers an alarm, the concerned parties are notified, and audits can be used as evidence for sanctioning the party responsible for the deviation.

Keywords

Security policies and models access control enforcement security of critical infrastructures runtime model checking 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Massoud, A.: North America’s Electricity Infrastructure: Are We Ready for More Perfect Storms? IEEE Security and Privacy 1(5), 19–25 (2003)MathSciNetCrossRefGoogle Scholar
  2. 2.
    NERC, Critical Infrastructure Protection Standards CIP-001-1 to CIP-009-1, http://www.nerc.com/page.php?cid=2|20Google Scholar
  3. 3.
    Sources: Staged cyber attack reveals vulnerability in power grid, http://edition.cnn.com/2007/US/09/26/power.at.risk/index.html
  4. 4.
    Kilman, D., Stamp, J.: Framework for SCADA Security Policy. Sandia Corp., 10 (2005)Google Scholar
  5. 5.
    Abou El Kalam, A., Baina, A., Beitollahi, H., Bessani, A., Bondavalli, A., Correia, M., Daidone, A., Deconinck, G., Deswarte, Y., Grandoni, F., Neves, N., Rigole, T., Sousa, P., Verissimo, P.: CRUTIAL Project: Preliminary Architecture Specification. CRUTIAL project, Deliverable D4 (January 2007), http://crutial.cesiricerca.it/content/files/Documents/Deliverables%20P1/WP1-D2-final.pdf
  6. 6.
    Information Technology Security Evaluation Criteria (ITSEC): Preliminary Harmonised Criteria. Document COM(90) 314, V 1.2. Commission of the European Communities (June 1991), http://www.ssi.gouv.fr/site_documents/ITSEC/ITSEC-uk.pdf
  7. 7.
    Abou El Kalam, A., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y.: Organization Based Access Control. In: IEEE 4th Int. Workshop on Policies for Distributed Systems, POLICY 2003, June 4-6, pp. 120–131. IEEE Computer Society Press, Como (2003)CrossRefGoogle Scholar
  8. 8.
    Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  9. 9.
    Abou El Kalam, A., Deswarte, Y.: Multi-OrBAC: a New Access Control Model for Distributed, Heterogeneous and Collaborative Systems. In: 8th International Symposium on Systems and Information Security, SSI 2006, Sao Jose Dos Campos, Sao Paulo, Brazil (2006)Google Scholar
  10. 10.
    Abou El Kalam, A., Deswarte, Y., Baina, A., Kaåniche, M.: Access Control for Collaborative Systems: A Web Services Based Approach. In: IEEE Int. Conference on Web Services, ICWS 2007, July 9-13, pp. 1064–1071. IEEE Computer Society Press, Salt Lake City (2007)Google Scholar
  11. 11.
    Baina, A., Abou El Kalam, A., Deswarte, Y., Kaåniche, M.: A Collaborative Access Control Framework for Critical Infrastructures. In: IFIP 11.10 Conference on Critical Infrastructure Protection, ITCIP 2008, Washington, DC, USA, March 16-19 (2008)Google Scholar
  12. 12.
    W3C, Extensible Markup Language (XML), W3C Recommendation (February 2004)Google Scholar
  13. 13.
    W3C, SOAP, Version 1.2 W3C Recommendation (June 2003)Google Scholar
  14. 14.
    W3C, WSDL, Version 2.0, W3C Candidate Recommendation (March 2006)Google Scholar
  15. 15.
    OASIS, UDDI Specifications TC, Universal Description, v3.0.2 (February 2005)Google Scholar
  16. 16.
    Alur, R., Dill, D.L.: A theory of Timed Automata. Theoritical Computer Science 126(2), 183–235 (1994)MathSciNetCrossRefMATHGoogle Scholar
  17. 17.
    UPPAAL, tool, http://www.uppaal.com
  18. 18.
    Larsen, K.G., Pettersson, P., Yi, W.: UPPAAL in a nutshell. Journal of Software Tools for Technology Transfer 1(1-2), 134–152 (1997)CrossRefMATHGoogle Scholar
  19. 19.
    Bérard, B., Bidiot, M., Finkel, A., Larousinie, F., Petit, A., Petrucci, L., Schnoebelen, P., McKenzie, P.: Systems and Software Verification, Model Checking Techniques and Tools. Springer, Heidelberg (2001)CrossRefMATHGoogle Scholar
  20. 20.
    Totel, E., Blanquart, J.P., Deswarte, Y., Powell, D.: Supporting multiple levels of criticality. In: 28th IEEE Fault Tolerant Computing Symposium, Munich, Germany, June 1998, pp. 70–79 (1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Anas Abou El Kalam
    • 1
  • Yves Deswarte
    • 2
  1. 1.Université de Toulouse, IRIT - CNRS, ENSEEIHT - INPTFrance
  2. 2.Université de Toulouse, LAAS-CNRSFrance

Personalised recommendations