On Building Secure SCADA Systems using Security Patterns. Outline



Similar documents
A methodology for secure software design

Two patterns for web services security

A Pattern Language for Firewalls

Incorporating database systems into a secure software development methodology

Two security patterns: Least Privilege and Security Logger and Auditor

Cloud Access Security Broker (CASB): A pattern for secure access to cloud services

Cipher Suite Rollback: A Misuse Pattern for the SSL/TLS Client/Server Authentication Handshake Protocol

Two patterns for HIPAA regulations

A Pattern for Whitelisting Firewalls (WLF)

A pattern language for security models

Security Patterns and Secure Systems Design

Patterns for cloud firewalls. Eduardo B. Fernandez 1, Nobukazu Yoshioka 2, and Hironori Washizaki 3

Security Patterns for Physical Access Control Systems

Secure Database Development

Two patterns for cloud computing: Secure Virtual Machine Image Repository and Cloud Policy Management Point

Analysis Patterns for Patient Treatment Records

Cloud Infrastructure Pattern

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION

A SECURITY REFERENCE ARCHITECTURE FOR CLOUD SYSTEMS Eduardo B. Fernandez

More patterns for operating systems access control

The ISDF Framework: Towards Secure Software Development

The Software Container pattern

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Markus Schumacher. Darmstadt University of Technology Department of Computer Science Wilhelminenstr Darmstadt, Germany

Cyber Essentials KAMI VANIEA 2

A Method for Eliciting Security Requirements from the Business Process Models

An Analysis Pattern for Invoice Processing Eduardo B. Fernandez 1 and Xiaohong Yuan 2

Analysis patterns for Customer Relationship Management (CRM)

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

NSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs

How Secure is Your SCADA System?

Down the SCADA (security) Rabbit Hole. Alberto Volpatto

Building Systems Using Analysis Patterns Eduardo B. Fernandez Florida Atlantic University Boca Raton, FL

DeltaV System Cyber-Security

OPC & Security Agenda

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Patterns for Session-Based Access Control

Patterns and Pattern Diagrams for Access Control

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

SCADA System Security, Complexity, and Security Proof

Bellevue University Cybersecurity Programs & Courses

Towards a Unifying Security Framework for Cyber- Physical Systems

Network/Cyber Security

Security Issues in SCADA Networks

Two patterns for cloud computing: Secure Virtual Machine Image Repository and Cloud Policy Management Point

05.0 Application Development

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

CYBERTRON NETWORK SOLUTIONS

Software Security Touchpoint: Architectural Risk Analysis

A Pattern-driven Generation of Security Policies for Service-oriented Architectures

A pattern for the WS-Trust standard for web services

APLRAC: A PATTERN LANGUAGE FOR DESIGNING AND IMPLEMENTING ROLE-BASED ACCESS CONTROL

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

Improving SCADA Control Systems Security with Software Vulnerability Analysis

Challenges and Perspectives in Security Measures for the SCADA System

Exploratory Analysis of Modbus and general IT network flows in Water SCADA System

Patterns for Secure Boot and Secure Storage in Computer Systems

Cyber Security of the Power Grid

A Systems Engineering Approach to Developing Cyber Security Professionals

Security as Architecture A fine grained multi-tiered containment strategy

The Devils Behind Web Application Vulnerabilities

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants

Catalog of Security Tactics linked to Common Criteria Requirements

New York State Energy Planning Board. Cyber Security and the Energy Infrastructure

Patterns in Software Engineering

DDoS Protection Technology White Paper

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

Security Aspects of SCADA and Corporate Network Interconnection: An Overview

Security aspects of e-tailing. Chapter 7

Keyword: Cloud computing, service model, deployment model, network layer security.

Cisco Advanced Services for Network Security

Internet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC

Industrial Security Solutions

8/27/2015. Brad Schuette IT Manager City of Punta Gorda (941) Don t Wait Another Day

Firewalls, Tunnels, and Network Intrusion Detection

How To Secure Your System From Cyber Attacks

Misuse Cases: earlier and smarter information security

SCADA SYSTEMS AND SECURITY WHITEPAPER

Understanding SCADA System Security Vulnerabilities

Product First Available September 11, 2006

Basics of Internet Security

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

E-Commerce Security Perimeter (ESP) Identification and Access Control Process

Security Testing. How security testing is different Types of security attacks Threat modelling

Rational AppScan & Ounce Products

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

A Framework for Exploiting Security Expertise in Application Development

BUY ONLINE FROM:

BM482E Introduction to Computer Security

Weighted Total Mark. Weighted Exam Mark

White paper. The Big Data Security Gap: Protecting the Hadoop Cluster

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Securing Service-Oriented Systems Using State-Based XML Firewall *

Scenario-based Evaluation of Software Architecture Styles from the Security Viewpoint

The SOAP Pattern for Medical Charts

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Information, Network & Cyber Security

How To Protect Power System From Attack From A Power System (Power System) From A Fault Control System (Generator) From An Attack From An External Power System

Transcription:

On Building Secure SCADA Systems using Security Patterns E.B.Fernandez, J.Wu, M.M. Larrondo-Petrie, and Y. Shao Dept. of Computer Science and Engineering Florida Atlantic University Boca Raton, FL, USA Outline SCADA Systems Security Issues Model of a General SCADA System Some potential attacks Patterns Security Patterns Securing a SCADA system by adding security using patterns Examine how security measures guard against attacks Conclusions and Future Work

SCADA To continuously monitor and control the different sections of a plant in order to ensure its appropriate operation we use SCADA systems Supervisory Control And Data Acquisition SCADA systems are applied for electric power generation, water treatment, oil refining, etc. Security issues SCADA systems were first designed to meet the basic requirements of process control systems where security issues were hardly a concern However, the growing demands for increased connectivity between a SCADA system and other network components, such as the corporate network and the Internet, expose the critical parts of a SCADA system to the public Therefore, security issues can no longer be ignored.

Attacks against SCADA Systems We systematically enumerate the threats against a system by considering its use cases and activities and possible ways of subverting them. A simplified approach looks at possible attacks against each unit of a system if its structure is predefined. Attacks against SCADA Systems considering attacks against/thru each unit Central controller, include T1: physical attacks T2: malicious settings of the field units T3: wrong commands to the field units T4: malicious alteration of the runtime parameters of the central controller T5: denial of service attacks Field Units, include T6: physical attacks T7: malicious alteration of the runtime parameters of the field unit T8: wrong commands to the field units T9: malicious alarms to the central controller T10: denial of service attacks Communication Networks, include T11: sniffing T12: spoofing T13: denial of service attacks

Patterns Many problems occur in similar ways in different contexts or environments. Generic solutions to these problems can be expressed as patterns. A pattern is an encapsulated solution to a problem in a given context and can be used to guide the design or evaluation of systems Analysis, design, and architectural patterns are well established and have proved their value in helping to produce good quality software Security patterns Security patterns have joined analysis, design and architectural patterns and they are becoming accepted by industry Security patterns are useful to guide the security design of systems by providing generic solutions that can stop a variety of attacks. We have produced a book on security patterns and many patterns that cover all architectural levels

Securing systems We add instances of security patterns to the functional models Possible patterns include authorization (Access matrix), Role-Based AccessControl (RBAC), Multilevel access, Logger, Authentication, Firewalls, Intrusion Detection Systems Secure controller * Firewall RBAC Pattern Role Right 1 Authorization 1 1 1 1 Authenticator Role Central Controller * 1 1 1 1 1 1 Logger * * * Human-Machine Interface Data Server IDS

Related Work SCADA Systems A. Miller. Trends in process control systems security. IEEE Security and Privacy, 3(5):57 60, 2005. V. M. Igure, S. A. Laughter, and R. D. Williams. Security issues in SCADA net-works. Computers & Security, 25(7):498 506, 2006. D. Goeke and H. Nguyen. SCADA system security, 2005 U.S. Department Of Energy. 21 steps to improve cyber security of SCADA networks. S. Cheung, B. Dutertre, M. Fong, U. Lindqvist, K. Skinner, and A. Valdes. Using model-based intrusion detection for SCADA networks. In Proc. of the SCADA Security Scientific Symposium, Miami Beach, FL, USA, January 2007

Related Work Security Patterns J. Yoder and J. Barcalow. Architectural pat-terns for enabling application security. In Proc. of PLoP, 1997. Also Chapter 15 in Pattern Languages of Program Design, vol. 4 (N. Harrison, B. Foote, and H. Rohnert, Eds.), Addison-Wesley, 2000. M. Schumacher, E. B. Fernandez, D. Hy-bertson, F. Buschmann, and P. Sommerlad. Security Patterns: Integrating Security and Systems Engineering. John Wiley & Sons, Inc., 2006. E. B. Fernandez. Security patterns. In Proc. of International Symposium on System and Information Security, 2006. E. B. Fernandez and R. Pan. A pattern lan-guage for security models. In Proc. of the 8th Annual Conference on the Pattern Languages of Programs (PLoP 2001), Urbana, Illinois, USA, 11-15 September 2001. Conclusions We considered the use of security patterns to analyze, build and evaluate a secure SCADA system In particular, we study the architecture of a general SCADA system and analyze the potential attacks against it We use security patterns as a tool to design secure SCADA systems that can control these attacks We believe our research work defines a new direction for future research on secure SCADA systems by indicating where security should be applied in the software lifecycle We will complete our methodology by applying more security patterns to different layers and types of SCADA systems Physical access control can also be integrated by using appropriate patterns

Acknowledgement This research was partly funded by the Department of Defense Questions Secure Systems Research Group www.cse.fau.edu/~security to join email: ed@cse.fau.edu

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information