Khadraoui, Djamel and Feltus, Christophe (2015): Designing Security Policies for Complex SCADA Systems Protection. Published in:
Preview |
PDF
MPRA_paper_82384.pdf Download (541kB) | Preview |
Abstract
The management and protection of these SCADA systems must constantly evolve towards integrated decision making and policy driven by cyber security requirements. The current research stream in this domain aims, accordingly, to foster the smartness of the field equipment which exist through the generic concept of SCADA management and operation. Those components are governed by policies which depend on the components roles, as well as on the evolution of the crisis which also confer to the latter the latitude to react based on their own perception of the crisis evolution. Their latitude is calculated based on the component smartness and is strongly determined by, and depending on, the cyber safety of the component environment. Existing work related to crisis management tends to consider that components evolve and are organized in systems but as far as we know, no systemic solution exists which integrates all of the above requirements. This paper proposes an innovative version of ArchiMate® for the SCADA components modelling purpose to enrich their collaborations and, more particularly, the description of their behavior endorsed in the cyber-policy. Our work has been illustrated in the frame of a critical infrastructure in the field of petroleum supply and storage networks.
Item Type: | MPRA Paper |
---|---|
Original Title: | Designing Security Policies for Complex SCADA Systems Protection |
English Title: | Designing Security Policies for Complex SCADA Systems Protection |
Language: | French |
Keywords: | ArchiMate; metamodel; SCADA; multi-components system; trust; petroleum supply chains: critical infrastructure |
Subjects: | L - Industrial Organization > L5 - Regulation and Industrial Policy L - Industrial Organization > L6 - Industry Studies: Manufacturing L - Industrial Organization > L8 - Industry Studies: Services P - Economic Systems > P0 - General > P00 - General Z - Other Special Topics > Z0 - General > Z00 - General |
Item ID: | 82384 |
Depositing User: | Dr Christophe Feltus |
Date Deposited: | 03 Nov 2017 15:16 |
Last Modified: | 28 Sep 2019 05:31 |
References: | F. Zambonelli, N. R. Jennings, and M. Wooldridge, 2003, “Developing multicomponent systems: The Gaia methodology”. ACM Trans. Softw. Eng. Methodol. 12, 3 (July 2003), 317-370. V. Torres da Silva, R. Choren, and C. J. P. de Lucena, 2004, “A UML Based Approach for Modeling and Implementing Multi-Component Systems”. In Proceedings of the Third AAMAS, Vol. 2. IEEE Computer Society, Washington, DC, USA, 914-921. J. J. Gomez-Sanz, J. Pavon, and F. Garijo, 2002, ”Metamodels for building multi-component systems”. Proceedings of ACM symposium on Applied computing (SAC '02). ACM, New York, , USA, 37-41. G. Beydoun, C. Gonzalez-Perez, G. and Low, B. Henderson-Sellers, 2005, ” Synthesis of a generic MAS metamodel”. SIGSOFT Softw. Eng. Notes 30, 4, 1-5. AUML (Component UML), http://www.auml.org/ [accessed: 2015-03-12] G. Guemkam, C. Feltus, P. Schmitt, C. Bonhomme, D. Khadraoui, and Z. Guessoum, 2011, ”Reputation Based Dynamic Responsibility to Agent Assignement for Critical Infrastructure”. In Proceedings of the 2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology - Volume 02 (WI-IAT '11), Vol. 2. C. Feltus, E. Dubois, E. Proper, I. Band, and M. Petit, 2012, ”Enhancing the ArchiMate® standard with a responsibility modeling language for access rights management”. In Proceedings of the Fifth International Conference on Security of Information and Networks (SIN '12). ACM, New York, NY, USA, 12-19. Daneels, Axel, and Wayne Salter, "What is SCADA." International Conference on Accelerator and Large Experimental Physics Control Systems. 1999. C. Feltus, M. Ouedraogo, and D. Khadraoui, “Towards Cyber-Security Protection of Critical Infrastructures by Generating Security Policy for SCADA Systems”, The 1st International Conference on Information and Communication Technologies for Disaster Management (ICT-DM'2014), 24-25/3/2014, Algiers, Algeria. Khadraoui, D., and Feltus, C., "Critical Infrastructures Governance, Exploring SCADA Cybernetics through Architectured Policy Semantic," Systems, Man, and Cybernetics (SMC), 2013 IEEE International Conference on , pp.4766-4771. Blangenois, J., Guemkam, G., Feltus, C., and Khadraoui, D., "Organizational Security Architecture for Critical Infrastructure," Availability, Reliability and Security (ARES), 2013 Eighth International Conference on , vol., no., pp.316,323, 2-6 Sept. 2013 C. Feltus, D. Khadraoui, and J. Aubert, “A Security Decision-Reaction Architecture for Heterogeneous Distributed Network”. 2012 Seventh Int. Conference on Availability, Reliability and Security. IEEE. J. Sabater, and C. Sierra, “Review on computational trust and reputation models”, Artificial Intelligence Review, vol. 24, no. 1, pp. 33–60 W. Jiao, and Z. Shi; ”A dynamic architecture for multi-agent systems”, Technology of Object-Oriented Languages and Systems, 1999. TOOLS 31. pp.253-260. G. Eason, B. Noble, and I.N. Sneddon, “On certain integrals of Lipschitz-Hankel type involving products of Bessel functions,” Phil. Trans. Roy. Soc. London, vol. A247, pp. 529-551, April 1955. J. C. Maxwell, “A Treatise on Electricity and Magnetism”, vol. 2. Oxford: Clarendon, 1892. Davidson, Euan M., et al. "Applying multi-agent system technology in practice: automated management and analysis of SCADA and digital fault recorder data." Power Systems, IEEE Transactions on 21.2 (2006). C. Feltus, D. Khadraoui, B. de Rémont, and A. Rifaut, “Business Governance based Policy Regulation for Security Incident Response”, International Conference on Risks and Security of Internet and Systems 2-5/7/2007, Marrakech, Morocco. C. Feltus, “Conceptual Trusted Incident-Reaction Architecture”, The 6th International Network Conference 2010 (INC2010), June 2010, Heidelberg, Germany Y. Yorozu, M. Hirano, K. Oka, and Y. Tagawa, “Electron spectroscopy studies on magneto-optical media and plastic substrate interface,” IEEE Transl. J. Magn. Japan, vol. 2, pp. 740-741, August, p. 301, 1982. C. Feltus, “Preliminary Literature Review of Policy Engineering Methods - Toward Responsibility Concept”, International Conference on Information & Communication Technologies: from Theory to Applications (IEEE ICTTA2008), Damascus, Syria. M.S. Neiro, and J. M. Pinto, “A general modeling framework for the operational planning of petroleum supply chains”, Computers & Chemical Engineering, Volume 28, Issues 6–7, 2004, Pages 871–896. C. Feltus, M. Petit, and M. Sloman, “Enhancement of Business IT Alignment by Including Responsibility Components in RBAC”, 5th International Workshop on Business/IT Alignment and Interoperability (BUSITAL 2010), 2010, Hammamet, Tunisia. G. Guemkam, J. Blangenois, C. Feltus, and D. Khadraoui, “Metamodel for Reputation based Agents System - Case Study for Electrical Distribution SCADA Design”, 6th ACM International Conference on Security of Information and Networks (ACM SIN 2013), November 2013, Aksaray, Turkey. Feltus, C. and Petit, M., “Building a Responsibility Model Including Accountability, Capability and Commitment”, Availability, Reliability and Security, 2009. ARES '09. International Conference on , vol., no., pp.412,419, 16-19 March 2009.5 Gateau, B., Khadraoui, D., and Feltus, C., "Multi-agents system service based platform in telecommunication security incident reaction," Information Infrastructure Symposium, 2009. GIIS '09. Global , vol., no., pp.1,6, 23-26 June 2009 Patel, S. C., Bhatt, G. D., and Graham, J. H. (2009), “Improving the cyber security of SCADA communication networks”. Communications of the ACM, 52(7), 139-142. Bailey, D., and Wright, E, (2003), “Practical SCADA for industry”. Newnes. Donghyun C.I, Hakman K., Dongho W., and Seungjoo K., "Advanced Key-Management Architecture for Secure SCADA Communications," Power Delivery, IEEE Transactions, vol.24, no.3, pp.1154,1163, 2009 Beaver, C., Gallup, D., Neumann, W. and Torgerson, M. (2002), “Key management for SCADA,” Technical report, Sandia. R. Dawson, C. Boyd, E. Dawson, J. Manuel, and G. Nieto, “SKMA A Key Management Architecture for SCADA Systems,” In Proc. Fourth Australasian Information Security Workshop, Vol. 54, pp. 138-192, 2006. C. Feltus, and D. Khadraoui, “On Designing Automatic Reaction Strategy for Critical Infrastructure SCADA System”, 6th ACM International Conference on Security of Information and Networks (ACM SIN 2013), 26-28/11/2013, Aksaray, Turkey. http://pubs.opengroup.org/architecture/archimate2-doc/ Prometheus Methodology. http://www.cs.rmit.edu.au/agents/SAC2/methodology. html Chan, M. L. (1991, April), “Interrelation of distribution automation and demand-side management”. In Rural Electric Power Conference, 1991. Papers Presented at the 35th Annual Conference (pp. B1-1). IEEE. Kato, K., and Fudeh, H. R. (1992), “Performance simulation of distributed energy management systems. Power Systems”, IEEE Transactions on, 7(2), 820-827. Choi, D., Kim, H., Won, D., and Kim, S, 2009, Advanced key-management architecture for secure SCADA communications. Power Delivery, IEEE Transactions on, 24(3), 1154-1163. |
URI: | https://mpra.ub.uni-muenchen.de/id/eprint/82384 |