The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - November/December (2008 vol.6)
pp: 44-51
Alysson Neves Bessani , University of Lisbon
Paulo Sousa , University of Lisbon
Miguel Correia , University of Lisbon
Nuno Ferreira Neves , University of Lisbon
Paulo Veríssimo , University of Lisbon
ABSTRACT
Critical infrastructures such as the power grid are essentially physical processes controlled by computers connected by networks. They're usually as vulnerable as any other interconnected computer system, but their failure has a high socioeconomic impact. The Critical Utility Infrastructural Resilience (Crutial) project designed an information switch (CIS) to protect these infrastructures. These devices help ensure that incoming and outgoing traffic satisfies the security policy of an infrastructure in face of cyberattacks. A CIS isn't a firewall, but a distributed protection device based on a sophisticated access control model. Furthermore, a CIS is intrusion-tolerant and self-healing, seeking perpetual unattended correct operation.
INDEX TERMS
Critical infrastructures, security, power grid, intrusion tolerance, resilience
CITATION
Alysson Neves Bessani, Paulo Sousa, Miguel Correia, Nuno Ferreira Neves, Paulo Veríssimo, "The Crutial Way of Critical Infrastructure Protection", IEEE Security & Privacy, vol.6, no. 6, pp. 44-51, November/December 2008, doi:10.1109/MSP.2008.158
REFERENCES
1. SANS Institute, "CIA Confirms Cyber Attack Caused Multi-City Power Outage," SANS NewsBites, vol. 10, no. 5, 2008; www.sans.org/newsletters/newsbitesnewsbites.php?vol=10&issue=5 .
2. P. Veríssimo, N.F. Neves, and M. Correia, "The Crutial Reference Critical Information Infrastructure Architecture: A Blueprint," Int'l J. System of Systems Eng., vol. 1, nos. 1/2, 2008, pp. 78–95.
3. S.M. Bellovin, "Distributed Firewalls," ;login:, Nov. 1999; www.usenix.org/publications/login/1999-11/ featuresfirewalls.html.
4. A. Abou El Kalam et al., "Access Control for Collaborative Systems: A Web Services Based Approach," Proc. IEEE Int'l Conf. Web Services, 2007, pp. 1064–1071.
5. P. Veríssimo et al., "Intrusion-Tolerant Middleware: The Road to Automatic Security," IEEE Security &Privacy, vol. 4, no. 4, 2006, pp. 54–62.
6. F.B. Schneider and L. Zhou, "Implementing Trustworthy Services Using Replicated State Machines," IEEE Security &Privacy, vol. 3, no. 5, 2005, pp. 34–43.
7. L.H. Fink and K. Carlsen, "Operating Under Stress and Strain," IEEE Spectrum, Mar. 1978, pp. 48–53.
8. P. Sousa, N.F. Neves, and P. Veríssimo, "How Resilient Are Distributed fFault/Intrusion-Tolerant Systems?" Proc. 35th IEEE/IFIP Int'l Conf. Dependable Systems and Networks, 2005, pp. 98–107.
9. P. Sousa et al., "Resilient Intrusion Tolerance through Proactive and Reactive Recovery," Proc. 13th IEEE Pacific Rim Int'l Symp. Dependable Computing, 2007, pp. 373–380.
10. S. Kent, IP Authentication Header, IETF RFC 4302, Dec. 2005; www.ietf.org/rfcrfc2402.txt.
11. P. Veríssimo, "Traveling through Wormholes: A New Look at Distributed Systems Models," ACM SIGACT News, vol. 37, no. 1, 2006.
12. P. Barham et al., "Xen and the Art of Virtualization," Proc. 19th ACM Symp. Operating Systems Principles, 2003, pp. 164–177.
13. F. Garrone et al., "Analysis of New Control Applications," Project Deliverable D2, Crutial European Commission project IST-2004-27513, Jan. 2007.
6 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool