INSPIRE: INcreasing Security and Protection through Infrastructure REsilience



Similar documents
INSPIRE: INcreasing Security and Protection through Infrastructure REsilience

P2P-Enabling for Critical Infrastructure Protection

Concept and Project Objectives

Thales Communications Perspectives to the Future Internet 2 nd June Luxembourg

CIPS 2011 Awarded Grants. Project number Applicant's name Ctry Title Description Grant

CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS

Enhancing Security and Trustworthiness with Next-Generation Security Information and Event Management

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

TOPOLOGIES NETWORK SECURITY SERVICES

Alessia Garofalo. Critical Infrastructure Protection Cyber Security for Wireless Sensor Networks. Fai della Paganella, 10-12/02/2014

Security for Ad Hoc Networks. Hang Zhao

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Cisco Advanced Services for Network Security

Deliverable D7.1. Project Website and Project Presentation

Sensing, monitoring and actuating on the UNderwater world through a federated Research InfraStructure Extending the Future Internet SUNRISE

3rd International Symposium on Big Data and Cloud Computing Challenges (ISBCC-2016) March 10-11, 2016 VIT University, Chennai, India

The Future of Network Marketing Research

A NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS

How To Protect Critical Infrastructure From Attack

Using MASSIF to Protect a Critical Infrastructure: Dam Use Case

Content Distribution over IP: Developments and Challenges

Wireless Sensor Networks Chapter 14: Security in WSNs

CHAPTER 1 INTRODUCTION

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

A Concentris Systems Paper

PROJECT FINAL REPORT

8 Conclusion and Future Work

Seminar: Security Metrics in Cloud Computing ( se)

Monitoring within an Autonomic Network: A. Framework

RailML use in the project

CONECT - Cooperative Networking for High Capacity Transport Architectures Overview. Leandros Tassiulas CERTH

Study of Different Types of Attacks on Multicast in Mobile Ad Hoc Networks

NETWORKED CRITICAL INFRASTRUCTURES: SECURE AND RESILIENT BY DESIGN

Denial of Service Resilience in Peer to Peer. D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica, W. Zwaenepoel Presented by: Ahmet Canik

How To Understand The Power Of Icdn

G-Lab: A Future Generation Internet Research Platform

Introduction to Wireless Sensor Network Security

544 Computer and Network Security

Inference, monitoring and recovery of large scale networks

Experimental Comparison of Routing and Middleware Solutions for Mobile Ad Hoc Networks: Legacy vs Cross-Layer Approach

Mobile Security Wireless Mesh Network Security. Sascha Alexander Jopen

Risk and Security Assessment. Zbigniew Kalbarczyk

!! "# $%!& $!$ +) * ', -./01.//1233/ "4, -./01.//12223 *, 565

Cyber Security RFP Template

Master of Science in Information Systems & Security Management. Courses Descriptions

A Security Architecture for. Wireless Sensor Networks Environmental

Wireless Sensor Network: Challenges, Issues and Research

Meeting Cyber Security Challenges

A Biologically Inspired Approach to Network Vulnerability Identification

Internet of Things (IoT): A vision, architectural elements, and future directions

Networking Systems (10102)

PRIVACY IMPLICATIONS FOR NEXT GENERATION SIEMs AND OTHER META-SYSTEMS

Online Network Traffic Security Inspection Using MMT Tool

Leveraging SDN and NFV in the WAN

Public Safety and Homeland Security. National Broadband Plan Recommendations

Network Resilience. From Concepts to Experimentation. FIRE Research Workshop - May 16 th 2011

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES

CHAPTER 6. VOICE COMMUNICATION OVER HYBRID MANETs

Resilient Networks. 00. Preliminaries. Who is who. Organizational Issues. P2P, TK What do we do. Exercise course Rough time line Examination

Demo 1. Network Path and Quality Validation in the Evolved Packet Core

International Journal of Advanced Research in Computer Science and Software Engineering

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50

Dependability in Web Services

A Systems Approach to Protecting the U.S. Air Traffic Control System Against Cyber-Terrorism

Network Mission Assurance

SUNSEED an evolutionary path to smart grid comms over converged telco and energy provider networks

Proposition of a new approach to adapt SIP protocol to Ad hoc Networks

Cyberspace Situational Awarness in National Security System

Denial of Service Attacks and Resilient Overlay Networks

ESCoRTS A European network for the Security of Control & Real Time Systems

International journal of Engineering Research-Online A Peer Reviewed International Journal Articles available online

Progetti di ricerca internazionali

European Network for Cyber Security

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

Robust Security Solution to Countermeasure of Malicious Nodes for the Security of MANET

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Christian Bettstetter. Mobility Modeling, Connectivity, and Adaptive Clustering in Ad Hoc Networks

Assessing Internet Resilience at a Key Node. Michael Thompson Cyber Security Analyst Argonne National Laboratory thompsonm@anl.gov

P2P and IMS Cooperation / Integration

LINK EPA Requirements, audit & Safety

Content Delivery Network (CDN) and P2P Model

Comparison of Various Passive Distributed Denial of Service Attack in Mobile Adhoc Networks

CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS. Massimo Petrini (*), Emiliano Casale TERNA S.p.A.

Technical Document on Vehicular Networks

An Implementation of Secure Wireless Network for Avoiding Black hole Attack

The VIKING Project: An Initiative on Resilient Control of Power Networks

Cybersecurity for Energy Delivery Systems 2010 Peer Review. William H. Sanders University of Illinois TCIPG Center Overview

Ashok Kumar Gonela MTech Department of CSE Miracle Educational Group Of Institutions Bhogapuram.

Representing the CRUTIAL project domain by means of UML diagrams

Update On Smart Grid Cyber Security

Energy Efficient Load Balancing among Heterogeneous Nodes of Wireless Sensor Network

Cloud Resilient Architecture (CRA) -Design and Analysis. Hamid Alipour Salim Hariri Youssif-Al-Nashif

Principles of Information Assurance Syllabus

Hybrid Overlay Multicast Framework draft-irtf-sam-hybrid-overlay-framework-01.txt. John Buford, Avaya Labs Research

Panagiotis Rizomiliotis University of the Aegean, Greece. Effectsplus 1st technical cluster meeting March 29th & 30th 2011

The Cyber Security Modeling Language and Cyber Security research at department for Industrial Information and Control Systems

Simulating a File-Sharing P2P Network

NFV ISG PoC Proposal VNF Router Performance with DDoS Functionality

Course Design Document. Information Security Management. Version 2.0

Transcription:

INSPIRE: INcreasing Security and Protection through Infrastructure REsilience Salvatore D Antonio Consorzio Interuniversitario Nazionale per l Informatica saldanto@unina.it CRITIS 2008 - Frascati (Italy) - October 14th, 2008 EC Grant Agreement n. 225553

Project summary INSPIRE is a two-year small or mediumscale focused research project (STREP) Start date: November 1 st 2008 End date: October 31 st 2010 Call for proposals: Joint Call FP7-ICT- SEC-2007-1 (Critical Infrastructure Protection)

The Consortium ACADEMY Consorzio Interuniversitario Nazionale per l Informatica (Coordinator) (ITA) Technical University of Darmstadt (GER) INDUSTRY Elsag Datamat (ITA) Thales Communications (FRA) ITTI (SME) (POL) S21Sec Information Security labs (SME) (SPA) KITE Solutions (SME) (ITA) Centre for European Security Strategies (GER)

Concept and objectives Design and development of innovative mechanisms capable to differentiate and prioritize SCADA and Process Control Systems traffic flows Design and development of novel techniques which allow network security frameworks to protect traffic flows produced by SCADAs and prevent cyber attacks against networked Process Control Systems Dissemination and contributions to standards Definition of a roadmap for improving the protection of critical information infrastructures

Research challenges Analysis and modelling of dependencies between critical infrastructures and underlying communication networks; Exploiting peer-to-peer overlay routing mechanisms for improving the resilience of SCADA systems; Designing and implementing traffic engineering algorithms to provide SCADA traffic with quantitative guarantees; Defining a self-reconfigurable architecture for SCADA systems; Development of diagnosis and recovery techniques for SCADA systems;

Critical Information Infrastructures Complexity - Characterizing the structural properties of the networks is of paramount importance for understanding the complex dynamics of the systems built upon them. Mobility - New kinds of links requiring a proper protection are used to connect critical infrastructures and this protection seems to be even more difficult due to their highly distributed nature, possibility of break away and wireless technology inherent characteristics Interdependency - Protection of a critical infrastructure requires a detailed and comprehensive knowledge of the intradependencies within and interdependencies between the critical systems and the communication network. Adaptability - Communication networks consist of complex collections of non-linear, highly interactive components. To a great extent, they do not have any centralized control, located in a master centre and can therefore be understood as a set of complex adaptive systems (CAS).

Applicability of INSPIRE

Expected project results and innovation Analysis of dependencies between critical infrastructures and communication networks Models and tools for representing and simulating Large Complex Critical Infrastructures (LCCI) Adoption of P2P architecture to SCADA systems to enhance their resilience Mechanisms for multi-path P2P routing and for secure distributed storage of SCADA data allowing for faulttolerant data transport Definition of an innovative approach to SCADA system diagnosis A distributed framework capable to process in real-time the information produced by multiple data feeds which are scattered over the infrastructure

Peer-to-peer overlay routing for resilient SCADA systems P2P overlay networks create a fully decentralized architecture as in SCADA systems P2P overlays provide for self-organization and self-healing properties which emphasize the potentials that P2P can play in building resilient SCADA systems P2P architectures allow for masking strong heterogeneities in both communication nodes and links making them very attractive for the interconnected by-nature-heterogeneous SCADA critical infrastructures P2P overlays suit well for dynamic topologies that future SCADA systems may show as they may integrate dynamic ad hoc networks

P2P overlays in INSPIRE - 1 The INSPIRE project aims at investigating the characteristics of P2P for the purpose of hardening SCADA systems against a cyber-attack In case real-time message delivery constraints are not being met (due, for example, to a denial of service attack), a P2P overlay network is used to route message floods in an effort to ensure delivery Full or partial functionality (graceful degradation) after failures or attacks will be maintained by ensuring the timeliness and reliability of the delivery of sensor data Path and data redundancy techniques will be implemented in order to maintain the required system responsiveness

P2P overlays in INSPIRE - 2 We propose an on-demand use of the P2P overlay network, e.g., upon intrusion detection, otherwise the P2P service is passive P2P deployment will not introduce new vulnerabilities to the system This can be preventively achieved through selection of closed P2P systems that enable attack detection and recovery. A closed P2P overlay is characterized by the fact that peers are authorized and known a priori, and that only authorized entities can add/remove peers explicitly/manually if needed. We aims at deriving a threat model for P2Penabled SCADA systems identifying potential vulnerabilities and designing counter-measures for them

Project WPs WP1 Project Management CINI WP2 Analysis and modeling of networked process control system vulnerabilities TCF Vulnerability models WP3 Design and development of techniques for protecting and securing critical information infrastructures CINI Tools Testbed specification WP4 Verification, validation and integration ITTI Testbed and prototype WP5 Trial and demonstration KITE WP6 Dissemination, exploitation and IPR management ED

Dissemination Clustering activity IRRIS (Integrated Risk Reduction of Information-based Infrastructure Systems) VIKING (Vital Infrastructure, networks, INformation and control systems management) SERSCIS (Semantically Enhanced Resilient and Secure Critical Infrastructure Services) MICIE (Tool for systemic risk analysis and secure mediation of data exchanged across linked CI information infrastructures) Participation to standardization bodies (IETF, ETSI) Group of Experts: Federutility, ACEA, Telespazio, RFI, AIIC, ENISA

Questions? saldanto@unina.it CRITIS 2008 - Frascati (Italy) - October 14th, 2008

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information