Getting Security Objectives Wrong: A Cautionary Tale of an Industrial Control System

We relate a story about an Industrial Control System in order to illustrate that simple security objectives can be deceptive: there are many things that can and do go wrong when deploying the system. Rather than trying to define security explicitly, this paper takes the position that one should consider the security of a system by comparing it against others whose security we consider to be acceptable: Alice is satisfied if her system is no less secure than Bob’s system.

[1]  Simon N. Foley The specification and implementation of “commercial” security requirements including dynamic segregation of duties , 1997, CCS '97.

[2]  Mary Ellen Zurko,et al.  User-centered security , 1996, NSPW '96.

[3]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[4]  Shari Lawrence Pfleeger,et al.  Security through Information Risk Management , 2009, IEEE Security & Privacy.

[5]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[6]  Peter Y. A. Ryan,et al.  Mathematical Models of Computer Security , 2000, FOSAD.

[7]  Heiko Mantel,et al.  Information Flow and Noninterference , 2011, Encyclopedia of Cryptography and Security.

[8]  Simon N. Foley,et al.  A nonfunctional approach to system integrity , 2003, IEEE J. Sel. Areas Commun..

[9]  Simon N. Foley A model for secure information flow , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[10]  Bruce Schneier,et al.  Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2) , 1999, CQRE.

[11]  Jeremy L. Jacob,et al.  Security specifications , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[12]  Simon N. Foley,et al.  Security risk management using internal controls , 2009, WISG '09.

[13]  Simon N. Foley,et al.  A firewall algebra for OpenStack , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[14]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[15]  Karen A. Scarfone,et al.  The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 , 2009 .

[16]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[17]  Simon N. Foley,et al.  Reasoning About Firewall Policies Through Refinement and Composition , 2016, DBSec.

[18]  Simon N. Foley,et al.  Avoiding inconsistencies in the Security Content Automation Protocol , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[19]  Miao Yu,et al.  Dancing with Giants: Wimpy Kernels for On-Demand Isolated I/O , 2014, 2014 IEEE Symposium on Security and Privacy.