secure systems research group - fau dependable infrastructure systems e.b. fernandez
TRANSCRIPT
Secure Systems Research Group - FAU
Dependable infrastructure systems
E.B. Fernandez
Secure Systems Research Group - FAU
What is infrastructure
• One of the most important directions in homeland security is the protection of critical infrastructure.
• These are the systems that support our everyday life and environment
• The Dept. of Homeland Security has identified 14 areas of concern including agriculture, information and telecommunications, food, energy, water, transportation, public health, and finance
Secure Systems Research Group - FAU
Complex systems
• All these functions are controlled by systems which are complex and which are becoming increasingly interdependent
• Some are even mutually dependent, e.g. electric power generation may require oil and oil production may require electricity
• They are usually distributed, real-time systems, may use the Internet as communication medium, and may include wireless and embedded devices.
• They must be available always
Secure Systems Research Group - FAU
Threats
• These systems are vulnerable to unintentional errors: equipment failure, human errors, weather, and accidents
• They are also the object of intentional attacks: external (hackers) and insiders (internal attacks).
Secure Systems Research Group - FAU
Defenses
• We need to protect the information necessary to control and coordinate these systems against intentional attacks and accidental events.
• Also physical threats, access to buildings and installations
• It is necessary to extend the standard models of security and reliability to consider this combination
Secure Systems Research Group - FAU
Process Control Systems
Secure Systems Research Group - FAU
ICSs
• ICSs are implemented as: supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and Programmable Logic Controllers (PLCs)
• SCADA systems are highly distributed systems that control geographically scattered units (field devices) using centralized data acquisition and control (control center)
• Field devices control local operations such as opening and closing valves, collecting data from sensors, and monitoring for alarm conditions
• Typical uses include electric power systems,oil and gas pipelines, water utilities, transportation nets, intelligent buildings, and any application that requires remote monitoring and control.
Secure Systems Research Group - FAU
SCADA
• SCADA architectures typically use layered architectures: a hierarchy of architectural layers
• Typical requirements include: 24x7 operation, real-time behavior, remote control, distribution
• To communicate between the Master control and its units the DNP3 (Distributed Network Protocol) is typically used
• From a security point of view, these systems are the most interesting because they are the most vulnerable: the remote units are subject to physical attacks while the communication lines are subject to information attacks
• The main security objectives here include availability and integrity, confidentiality and non-repudiation are not very important..
Secure Systems Research Group - FAU
Convergence of access control
• Homeland security has brought an interest in control of access to buildings and other physical structures.
• The need to protect assets in buildings and to control access to restricted areas such as airports, naval ports, government agencies, and nuclear plants, created a great business opportunity for the physical access control industry and a good amount of interest in the research community.
• Recognition that access control to information and access control to physical locations have many common aspects. The most basic model of access control uses a tuple (s,o,t), subject, object, access type. If we interpret s as a person (instead of an acting executing entity), o as a physical structure (instead of a computational resource), and t as a physical access type (instead of resource access), we can make an analogy where we can apply known results or approaches from information access control.
Secure Systems Research Group - FAU
Access control unification
• One way to achieve this unification is using a conceptual abstraction for the definition of security requirements: analysis and security patterns
• A pattern is an encapsulated solution to a recurrent problem in a given context. A security pattern defines a solution to a security problem.
• The use of patterns has been increasing in industry because of their potential to improve software quality. Security patterns have only recently become accepted by industry and Microsoft, IBM, and Sun have web pages on this topic. Also, two books have appeared recently. We have presented several security patterns for access control to information
• We examined existing systems, industry standards, and government regulations to find as patterns a core set of features that a physical access control system should have.
• From these patterns, it is possible to define more specific patterns that can be used to build systems for a given protocol or to define new protocols.
Secure Systems Research Group - FAU
Pattern diagram
AlarmMonitoring
RelaysPhysicalStructure
ReferenceMonitor
Scheduler
Role-BasedAccess Control
Authenticator
Access Control toPhysical Structures
raise alarms
times
switch instruction
describes
authorizes
enforcedBy
authenticates
Secure Systems Research Group - FAU
Access Control to Physical Structures
• Applies authentication and authorization to the control of access to physical units including alarm monitoring, relays, and time schedules that can control when things will happen.
• Example Building management wants to put in place an access control system to control access to certain zones and to control who can access the zones. They need to deny all access to certain zones after 5pm. They want to generate alarms when someone tries to access a zone for which they do not have permission and start monitoring alarms for all the exterior doors at 8pm. Moreover, they want to turn on the main door light at 7pm.
• Context Physical environment with access control system where we need to control access and turn on/off devices based on time constrains.
Secure Systems Research Group - FAU
Solution
Define the structure of an access control system using an RBAC pattern. Integrate the Alarms Monitoring and Relays patterns and introduce the concept of a time schedule to control when things can/must happen. Time Schedules have two uses: to control access times and to configure automatic actions.
Secure Systems Research Group - FAU
Secure Systems Research Group - FAU
Ideas
• Describe through patterns the basic features and concepts for any Physical Access Control system, specialize models for specific environments
• Patterns can guide the design of physical access control systems or they can be used to evaluate current products or standards
• Extensions: dynamic restriction of the locations where a suspicious user could go or reconfiguration of exits in case of emergencies
• Privacy-oriented restrictions• Combination with context-based access control
Secure Systems Research Group - FAU
More ideas
• Patterns for SCADA systems and for dependable SCADA systems
• Dependability patterns in general• Models to combine information and
physical access control• Use of identity and context for
authentication and access control