Abstract
Most critical infrastructure systems can be modeled as cyber-physical systems whose cyber components control underlying physical processes so as to optimize specified system objectives based on physical properties, physical constraints, and the current and estimated state of the system. Such systems usually require support for security and performance guarantees: wrongly received or missed commands can render the entire system unstable. Yet, securing cyber-physical systems with heterogeneous components is still an open and challenging problem. In this paper, we propose techniques for resilient substation automation of power utility systems with security based on the trusted computing paradigm. By using trusted platform module (TPM)-enabled components and a novel access control structure that enforces need-to-get-now (availability) policies, we show how to develop IEC/TR 61850-90-5 compliant substation automation systems that are resilient. We demonstrate the feasibility of our approach by analyzing and experimenting with an open source IEC/TR 61850-90-5 implementation.
This material is based upon work supported by the National Science Foundation Grant No. 1027217.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bell, D.E., LaPadula, L.J.: Secure Computer Systems: Mathematical Foundations. MITRE Corporation (1973), http://www.albany.edu/acc/courses/ia/classics/belllapadula1.pdf
Biba, K.J.: Integrity Considerations for Secure Computer Systems. MITRE Corporation, Technical Report, ESD-TR-76-372, MTR-3135 (April 1977)
Blake, S., Clark, D., Carlson, M., Davies, E., Wang, Z., Weiss, W.: An Architecture for Differentiated Services. RFC 2475 (December 1998)
Braden, R., Clark, D., Shenker, S.: Integrated Services in the Internet Architecture: an Overview. RFC 1633 (June 1994)
Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)
International Electrotechnical Commission. IEC/TR 61850-90-5, Edition 1.0 2012-05, Technical Report, Power systems management and associated information exchange – Data and communications security (May 2012), http://webstore.iec.ch/preview/info_iec61850-90-5%7Bed1.0%7Den.pdf
International Electrotechnical Commission. IEC/TS 62351-1, First edition 2007-05, Technical Specifications (May 2012), http://webstore.iec.ch/preview/info_iec61850-90-5%7Bed1.0%7Den.pdf
Reed, I.S., Solomon, G.: Polynomial Codes Over Certain Finite Fields. SIAM Journal of Applied Math. 8, 300–304 (1960)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2) (1996)
SISCO. Cisco and SISCO Collaborate on Open Source Synchrophasor Framework, Press Release (2011), http://www.sisconet.com/downloads/90-5_Cisco_SISCO.pdf
Trusted Computing Group (TCG), http://www.trustedcomputinggroup.org/
Trusted Network Connect Architecture for Interoperability (TNC), Specification 1.3. Revision 6 (April 2008)
Trusted Platform Module (TPM) Structures, Level 2, Version 1.2. Revision 116, Communication Networks and Systems for Power Utility Automation (March 2011), http://www.trustedcomputinggroup.org/resources/tpm_main_specification
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Guidry, D., Burmester, M., Liu, X., Jenkins, J., Easton, S., Yuan, X. (2013). A Trusted Computing Architecture for Secure Substation Automation. In: Hämmerli, B.M., Kalstad Svendsen, N., Lopez, J. (eds) Critical Information Infrastructures Security. Lecture Notes in Computer Science, vol 7722. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41485-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-41485-5_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41484-8
Online ISBN: 978-3-642-41485-5
eBook Packages: Computer ScienceComputer Science (R0)