Abstract
This paper identifies the most relevant security requirements for critical infrastructures (CIs), and according to these requirements, proposes an access control framework. The latter supports the CI security policy modeling and enforcement. Then, it proposes a runtime model checker for the interactions between the organizations forming the CIs, to verify their compliance with previously signed contracts. In this respect, not only our security framework handles secure local and remote accesses, but also audits and verifies the different interactions. In particular, remote accesses are controlled, every deviation from the signed contracts triggers an alarm, the concerned parties are notified, and audits can be used as evidence for sanctioning the party responsible for the deviation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Massoud, A.: North America’s Electricity Infrastructure: Are We Ready for More Perfect Storms? IEEE Security and Privacy 1(5), 19–25 (2003)
NERC, Critical Infrastructure Protection Standards CIP-001-1 to CIP-009-1, http://www.nerc.com/page.php?cid=2|20
Sources: Staged cyber attack reveals vulnerability in power grid, http://edition.cnn.com/2007/US/09/26/power.at.risk/index.html
Kilman, D., Stamp, J.: Framework for SCADA Security Policy. Sandia Corp., 10 (2005)
Abou El Kalam, A., Baina, A., Beitollahi, H., Bessani, A., Bondavalli, A., Correia, M., Daidone, A., Deconinck, G., Deswarte, Y., Grandoni, F., Neves, N., Rigole, T., Sousa, P., Verissimo, P.: CRUTIAL Project: Preliminary Architecture Specification. CRUTIAL project, Deliverable D4 (January 2007), http://crutial.cesiricerca.it/content/files/Documents/Deliverables%20P1/WP1-D2-final.pdf
Information Technology Security Evaluation Criteria (ITSEC): Preliminary Harmonised Criteria. Document COM(90) 314, V 1.2. Commission of the European Communities (June 1991), http://www.ssi.gouv.fr/site_documents/ITSEC/ITSEC-uk.pdf
Abou El Kalam, A., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y.: Organization Based Access Control. In: IEEE 4th Int. Workshop on Policies for Distributed Systems, POLICY 2003, June 4-6, pp. 120–131. IEEE Computer Society Press, Como (2003)
Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Abou El Kalam, A., Deswarte, Y.: Multi-OrBAC: a New Access Control Model for Distributed, Heterogeneous and Collaborative Systems. In: 8th International Symposium on Systems and Information Security, SSI 2006, Sao Jose Dos Campos, Sao Paulo, Brazil (2006)
Abou El Kalam, A., Deswarte, Y., Baina, A., Kaåniche, M.: Access Control for Collaborative Systems: A Web Services Based Approach. In: IEEE Int. Conference on Web Services, ICWS 2007, July 9-13, pp. 1064–1071. IEEE Computer Society Press, Salt Lake City (2007)
Baina, A., Abou El Kalam, A., Deswarte, Y., Kaåniche, M.: A Collaborative Access Control Framework for Critical Infrastructures. In: IFIP 11.10 Conference on Critical Infrastructure Protection, ITCIP 2008, Washington, DC, USA, March 16-19 (2008)
W3C, Extensible Markup Language (XML), W3C Recommendation (February 2004)
W3C, SOAP, Version 1.2 W3C Recommendation (June 2003)
W3C, WSDL, Version 2.0, W3C Candidate Recommendation (March 2006)
OASIS, UDDI Specifications TC, Universal Description, v3.0.2 (February 2005)
Alur, R., Dill, D.L.: A theory of Timed Automata. Theoritical Computer Science 126(2), 183–235 (1994)
UPPAAL, tool, http://www.uppaal.com
Larsen, K.G., Pettersson, P., Yi, W.: UPPAAL in a nutshell. Journal of Software Tools for Technology Transfer 1(1-2), 134–152 (1997)
Bérard, B., Bidiot, M., Finkel, A., Larousinie, F., Petit, A., Petrucci, L., Schnoebelen, P., McKenzie, P.: Systems and Software Verification, Model Checking Techniques and Tools. Springer, Heidelberg (2001)
Totel, E., Blanquart, J.P., Deswarte, Y., Powell, D.: Supporting multiple levels of criticality. In: 28th IEEE Fault Tolerant Computing Symposium, Munich, Germany, June 1998, pp. 70–79 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Abou El Kalam, A., Deswarte, Y. (2009). Critical Infrastructures Security Modeling, Enforcement and Runtime Checking. In: Setola, R., Geretshuber, S. (eds) Critical Information Infrastructure Security. CRITIS 2008. Lecture Notes in Computer Science, vol 5508. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03552-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-03552-4_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03551-7
Online ISBN: 978-3-642-03552-4
eBook Packages: Computer ScienceComputer Science (R0)