System configuration check against security policies in industrial networks
- 1 June 2012
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 7th IEEE International Symposium on Industrial Embedded Systems (SIES'12)
Abstract
Awareness that networked embedded systems are vulnerable to cyber-threats has been constantly raising since some years ago. In the industrial arena recent severe attacks, such as the popular case of the Stuxnet worm, have completely debunked the myth of security of embedded devices based on their isolation. Indeed, the ever increasing dependence of many industrial systems on digital communication networks is causing the cyber-security requirements to become a priority in their planning, design, deployment and management. This paper deals with our experience in checking the conformance of a distributed industrial automation system, which includes several types of embedded devices, with respect to a set of security policies defined at the global system level. In particular, the focus of the paper is on the use of modeling techniques and semi-automated s/w tools to verify the configuration of devices and services with attention to the correct use of their security capabilities to support the desired set of policies.Keywords
This publication has 19 references indexed in Scilit:
- Roles in information security – A survey and classification of the research areaComputers & Security, 2011
- On the Complexity of Authorization in RBAC under Qualification and Security ConstraintsIEEE Transactions on Dependable and Secure Computing, 2010
- Automatic analysis of security policies in industrial networksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2010
- Experiences Validating the Access Policy Tool in Industrial SettingsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2010
- Automated analysis of security-design modelsInformation and Software Technology, 2009
- Detecting Chains of Vulnerabilities in Industrial NetworksIEEE Transactions on Industrial Informatics, 2009
- Towards Formal Verification of Role-Based Access Control PoliciesIEEE Transactions on Dependable and Secure Computing, 2008
- Conformance Checking of Access Control Policies Specified in XACMLIEEE Annual International Computer Software and Applications Conference (COMPSAC), 2007
- Verification and change-impact analysis of access-control policiesPublished by Association for Computing Machinery (ACM) ,2005
- Proposed NIST standard for role-based access controlACM Transactions on Information and System Security, 2001