Skip to main content
SpringerLink
Log in

Critical Infrastructures Security Modeling, Enforcement and Runtime Checking

  • Conference paper
Critical Information Infrastructure Security (CRITIS 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5508))

Abstract

This paper identifies the most relevant security requirements for critical infrastructures (CIs), and according to these requirements, proposes an access control framework. The latter supports the CI security policy modeling and enforcement. Then, it proposes a runtime model checker for the interactions between the organizations forming the CIs, to verify their compliance with previously signed contracts. In this respect, not only our security framework handles secure local and remote accesses, but also audits and verifies the different interactions. In particular, remote accesses are controlled, every deviation from the signed contracts triggers an alarm, the concerned parties are notified, and audits can be used as evidence for sanctioning the party responsible for the deviation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Massoud, A.: North America’s Electricity Infrastructure: Are We Ready for More Perfect Storms? IEEE Security and Privacy 1(5), 19–25 (2003)

    Article  MathSciNet  Google Scholar 

  2. NERC, Critical Infrastructure Protection Standards CIP-001-1 to CIP-009-1, http://www.nerc.com/page.php?cid=2|20

    Google Scholar 

  3. Sources: Staged cyber attack reveals vulnerability in power grid, http://edition.cnn.com/2007/US/09/26/power.at.risk/index.html

  4. Kilman, D., Stamp, J.: Framework for SCADA Security Policy. Sandia Corp., 10 (2005)

    Google Scholar 

  5. Abou El Kalam, A., Baina, A., Beitollahi, H., Bessani, A., Bondavalli, A., Correia, M., Daidone, A., Deconinck, G., Deswarte, Y., Grandoni, F., Neves, N., Rigole, T., Sousa, P., Verissimo, P.: CRUTIAL Project: Preliminary Architecture Specification. CRUTIAL project, Deliverable D4 (January 2007), http://crutial.cesiricerca.it/content/files/Documents/Deliverables%20P1/WP1-D2-final.pdf

  6. Information Technology Security Evaluation Criteria (ITSEC): Preliminary Harmonised Criteria. Document COM(90) 314, V 1.2. Commission of the European Communities (June 1991), http://www.ssi.gouv.fr/site_documents/ITSEC/ITSEC-uk.pdf

  7. Abou El Kalam, A., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y.: Organization Based Access Control. In: IEEE 4th Int. Workshop on Policies for Distributed Systems, POLICY 2003, June 4-6, pp. 120–131. IEEE Computer Society Press, Como (2003)

    Chapter  Google Scholar 

  8. Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  9. Abou El Kalam, A., Deswarte, Y.: Multi-OrBAC: a New Access Control Model for Distributed, Heterogeneous and Collaborative Systems. In: 8th International Symposium on Systems and Information Security, SSI 2006, Sao Jose Dos Campos, Sao Paulo, Brazil (2006)

    Google Scholar 

  10. Abou El Kalam, A., Deswarte, Y., Baina, A., Kaåniche, M.: Access Control for Collaborative Systems: A Web Services Based Approach. In: IEEE Int. Conference on Web Services, ICWS 2007, July 9-13, pp. 1064–1071. IEEE Computer Society Press, Salt Lake City (2007)

    Google Scholar 

  11. Baina, A., Abou El Kalam, A., Deswarte, Y., Kaåniche, M.: A Collaborative Access Control Framework for Critical Infrastructures. In: IFIP 11.10 Conference on Critical Infrastructure Protection, ITCIP 2008, Washington, DC, USA, March 16-19 (2008)

    Google Scholar 

  12. W3C, Extensible Markup Language (XML), W3C Recommendation (February 2004)

    Google Scholar 

  13. W3C, SOAP, Version 1.2 W3C Recommendation (June 2003)

    Google Scholar 

  14. W3C, WSDL, Version 2.0, W3C Candidate Recommendation (March 2006)

    Google Scholar 

  15. OASIS, UDDI Specifications TC, Universal Description, v3.0.2 (February 2005)

    Google Scholar 

  16. Alur, R., Dill, D.L.: A theory of Timed Automata. Theoritical Computer Science 126(2), 183–235 (1994)

    Article  MathSciNet  MATH  Google Scholar 

  17. UPPAAL, tool, http://www.uppaal.com

  18. Larsen, K.G., Pettersson, P., Yi, W.: UPPAAL in a nutshell. Journal of Software Tools for Technology Transfer 1(1-2), 134–152 (1997)

    Article  MATH  Google Scholar 

  19. Bérard, B., Bidiot, M., Finkel, A., Larousinie, F., Petit, A., Petrucci, L., Schnoebelen, P., McKenzie, P.: Systems and Software Verification, Model Checking Techniques and Tools. Springer, Heidelberg (2001)

    Book  MATH  Google Scholar 

  20. Totel, E., Blanquart, J.P., Deswarte, Y., Powell, D.: Supporting multiple levels of criticality. In: 28th IEEE Fault Tolerant Computing Symposium, Munich, Germany, June 1998, pp. 70–79 (1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Université de Toulouse, IRIT - CNRS, ENSEEIHT - INPT, France

    Anas Abou El Kalam

  2. Université de Toulouse, LAAS-CNRS, France

    Yves Deswarte

Authors
  1. Anas Abou El Kalam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yves Deswarte
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Complex Systems & Security Lab, University CAMPUS Bio-Medico of Roma, Italy

    Roberto Setola

  2. IABG mbH Germany, InfoCom, Safety and Security, Dept. for Critical Infrastructures, Einsteinstr. 20, 855211, Ottobrunn, Germany

    Stefan Geretshuber

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Abou El Kalam, A., Deswarte, Y. (2009). Critical Infrastructures Security Modeling, Enforcement and Runtime Checking. In: Setola, R., Geretshuber, S. (eds) Critical Information Infrastructure Security. CRITIS 2008. Lecture Notes in Computer Science, vol 5508. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03552-4_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03552-4_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03551-7

  • Online ISBN: 978-3-642-03552-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation