A Model for the Analysis of Security Policies in Industrial Networks

The analysis of security policies designed for ICS and SCADA can benefit significantly from the adoption of automatic/semi-automatic software tools that are able to work at a global (system) level. This implies the availability of a suitable model of the system, which is able to combine the abstractions used in the definition of policies with the access control and right management mechanisms usually present in the real system implementation. This paper introduces a modeling framework based on the Role Based Access Control (RBAC) technique that includes all the elements needed to support different kinds of automatic security analyses such as policy coherence checks and verifications of correct implementation of policies.

[1]  Martin C. Rinard,et al.  Automatic error finding in access-control policies , 2011, CCS '11.

[2]  Günter Karjoth An operational semantics of Java 2 access control , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[3]  Gail-Joon Ahn,et al.  Role-based access control on the web , 2001, TSEC.

[4]  SandhuRavi,et al.  Role-based access control on the web , 2001 .

[5]  Arif Ghafoor,et al.  Conformance Testing of Temporal Role-Based Access Control Systems , 2010, IEEE Transactions on Dependable and Secure Computing.

[6]  Serge Abiteboul,et al.  Foundations of Databases , 1994 .

[7]  Adriano Valenzano,et al.  Review of Security Issues in Industrial Networks , 2013, IEEE Transactions on Industrial Informatics.

[8]  Ulf Nilsson,et al.  Logic, programming and Prolog , 1990 .

[9]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[10]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[11]  Alessandro Armando,et al.  Efficient symbolic automated analysis of administrative attribute-based RBAC-policies , 2011, ASIACCS '11.

[12]  A. Valenzano,et al.  A unified class model for checking security policies in ICT infrastructures , 2012, 2012 IEEE First AESS European Conference on Satellite Telecommunications (ESTEL).

[13]  Elisa Bertino,et al.  On the Complexity of Authorization in RBAC under Qualification and Security Constraints , 2011, IEEE Transactions on Dependable and Secure Computing.

[14]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[15]  Toshinori Munakata Notes on implementing sets in Prolog , 1992, CACM.

[16]  Ramaswamy Chandramouli,et al.  Role-Based Access Control (2nd ed.) , 2007 .

[17]  Glenn Faden RBAC in UNIX administration , 1999, RBAC '99.

[18]  Mark Johnson Memoization in Constraint Logic Programming , 1993, PPCP.

[19]  Elisa Bertino,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.