Intrusion-Tolerant Protection for Critical Infrastructures

Today’s critical infrastructures like the Power Grid are essentially physical processes controlled by computers connected by networks. They are usually as vulnerable as any other interconnected computer system, but their failure has a high socio-economic impact. The paper describes a new construct for the protection of these infrastructures, based on distributed algorithms and mechanisms implemented between a set of devices called CIS. CIS collectively ensure that incoming/outgoing traffic satisfies the security policy of an organization in the face of accidents and attacks. However, they are not simple firewalls but distributed protection devices based on a sophisticated access control model. Likewise, they seek perpetual unattended correct operation, so they are designed with intrusion-tolerant capabilities and hardened with proactive recovery. The paper discusses the rationale behind the use of CIS to improve the resilience of critical infrastructures and presents a design using logical replication based on virtual machines.

[1]  Wa Halang,et al.  REAL-TIME SYSTEMS .1. , 1990 .

[2]  Gabriel Bracha,et al.  An asynchronous [(n - 1)/3]-resilient consensus protocol , 1984, PODC '84.

[3]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[4]  Paulo Veríssimo,et al.  On the Resilience of Intrusion-Tolerant Distributed Systems , 2006 .

[5]  Matthew K. Franklin,et al.  The Omega Key Management Service , 1996, J. Comput. Secur..

[6]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[7]  Miguel Correia,et al.  The Design of a COTSReal-Time Distributed Security Kernel , 2002, EDCC.

[8]  Christian Cachin,et al.  Secure distributed DNS , 2004, International Conference on Dependable Systems and Networks, 2004.

[9]  E. Byres,et al.  The Myths and Facts behind Cyber Security Risks for Industrial Control Systems , 2004 .

[10]  Thomas P. von Hoff,et al.  Security for Industrial Communication Systems , 2005, Proceedings of the IEEE.

[11]  Fred B. Schneider,et al.  CODEX: a robust and secure secret distribution system , 2004, IEEE Transactions on Dependable and Secure Computing.

[12]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[13]  Rüdiger Kapitza,et al.  VM-FIT: Supporting Intrusion Tolerance with Virtualisation Technology , 2007 .

[14]  DahlinMike,et al.  Separating agreement from execution for byzantine fault tolerant services , 2003 .

[15]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[16]  Miguel Correia,et al.  CRUTIAL: The Blueprint of a Reference Critical Information Infrastructure Architecture , 2006, CRITIS.

[17]  Miguel Correia,et al.  Intrusion-Tolerant Architectures: Concepts and Design , 2002, WADS.

[18]  S. Kent IP Authentication Header , 2002 .

[19]  V. Madani,et al.  Getting a grip on the grid , 2005, IEEE Spectrum.

[20]  Arun Venkataramani,et al.  Separating agreement from execution for byzantine fault tolerant services , 2003, SOSP '03.

[21]  Robbert van Renesse,et al.  COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[22]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[23]  Yvo Desmedt,et al.  Shared Generation of Authenticators and Signatures (Extended Abstract) , 1991, CRYPTO.

[24]  Michael K. Reiter,et al.  Byzantine quorum systems , 1997, STOC '97.

[25]  Carl H. Hauser,et al.  Security, trust, and QoS in next-generation control and communication for large power systems , 2008, Int. J. Crit. Infrastructures.

[26]  S. Bellovin Distributed Firewalls , 1994 .

[27]  Paulo Veríssimo,et al.  Travelling through wormholes: a new look at distributed systems models , 2006, SIGA.

[28]  Miguel Correia,et al.  How Practical Are Intrusion-Tolerant Distributed Systems? , 2006 .

[29]  David Powell,et al.  A fault- and intrusion- tolerant file system , 1985 .

[30]  D. Hoffman,et al.  The special needs of SCADA/PCN firewalls: architectures and test results , 2005, 2005 IEEE Conference on Emerging Technologies and Factory Automation.

[31]  Jonathan Kirsch,et al.  Scaling Byzantine Fault-Tolerant Replication toWide Area Networks , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[32]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[33]  Paulo Sousa Proactive Resilience∗ , 2006 .

[34]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[35]  K. Carlsen,et al.  Operating under stress and strain [electrical power systems control under emergency conditions] , 1978, IEEE Spectrum.

[36]  Lui Sha,et al.  Aperiodic task scheduling for Hard-Real-Time systems , 2006, Real-Time Systems.

[37]  R. Power CSI/FBI computer crime and security survey , 2001 .

[38]  B SchneiderFred Implementing fault-tolerant services using the state machine approach: a tutorial , 1990 .

[39]  P. Reynier,et al.  Active replication in Delta-4 , 1992, [1992] Digest of Papers. FTCS-22: The Twenty-Second International Symposium on Fault-Tolerant Computing.

[40]  Fred B. Schneider,et al.  COCA: a secure distributed online certification authority , 2002 .

[41]  Paulo Veríssimo,et al.  How resilient are distributed f fault/intrusion-tolerant systems? , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[42]  Eric James Byres,et al.  NISCC good practice guide on ?rewall de-ployment for SCADA and process control networks , 2005 .

[43]  Miguel Correia,et al.  How to tolerate half less one Byzantine nodes in practical distributed systems , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..