• No results found

On Building Secure SCADA Systems using Security Patterns. Outline

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "On Building Secure SCADA Systems using Security Patterns. Outline"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

On Building Secure SCADA

Systems using Security

Patterns

E.B.Fernandez, J.Wu, M.M. Larrondo-Petrie, and Y. Shao

Dept. of Computer Science and Engineering Florida Atlantic University

Boca Raton, FL, USA

Outline

• SCADA Systems • Security Issues

• Model of a General SCADA System • Some potential attacks

• Patterns

• Security Patterns

• Securing a SCADA system by adding security using patterns

• Examine how security measures guard against attacks

(2)

SCADA

• To continuously monitor and control the

different sections of a plant in order to ensure

its appropriate operation we use SCADA

systems

Supervisory Control And Data Acquisition

• SCADA systems are applied for electric

power generation, water treatment, oil

refining, etc.

Security issues

• SCADA systems were first designed to meet the basic requirements of process control systems where security issues were hardly a concern • However, the growing demands for increased

connectivity between a SCADA system and other network components, such as the

corporate network and the Internet, expose the critical parts of a SCADA system to the public • Therefore, security issues can no longer be

(3)
(4)

Attacks against SCADA Systems

• We systematically enumerate the threats

against a system by considering its use

cases and activities and possible ways of

subverting them.

• A simplified approach looks at possible

attacks against each unit of a system if its

structure is predefined.

Attacks against SCADA Systems

considering attacks against/thru each unit

• Central controller, include

– T1: physical attacks

– T2: malicious settings of the field units

– T3: wrong commands to the field units

– T4: malicious alteration of the runtime parameters of the central controller

– T5: denial of service attacks

• Field Units, include

– T6: physical attacks

– T7: malicious alteration of the runtime parameters of the field unit

– T8: wrong commands to the field units

– T9: malicious alarms to the central controller

– T10: denial of service attacks

• Communication Networks, include

– T11: sniffing – T12: spoofing

(5)

Patterns

• Many problems occur in similar ways in different contexts or environments. Generic solutions to these problems can be expressed as patterns. • A pattern is an encapsulated solution to a

problem in a given context and can be used to guide the design or evaluation of systems • Analysis, design, and architectural patterns are

well established and have proved their value in helping to produce good quality software

Security patterns

• Security patterns have joined analysis, design and architectural patterns and they are becoming

accepted by industry

• Security patterns are useful to guide the security design of systems by providing generic solutions that can stop a variety of attacks.

• We have produced a book on security patterns and many patterns that cover all

(6)

Securing systems

• We add instances of security patterns to

the functional models

• Possible patterns include

– authorization (Access matrix),

– Role-Based AccessControl (RBAC), – Multilevel access,

– Logger,

– Authentication, – Firewalls,

– Intrusion Detection Systems

Secure controller

Firew all 1 A uthorization A uthenticator L ogger ID S C entral C ontroller R ole R ole R ight

H uman-Machine Interface D ata Server R B A C Pattern 1 1 1 1 1 1 1 1 1 1 * * * * *

(7)
(8)

Related Work

SCADA Systems

A. Miller. Trends in process control systems security. IEEE

Security and Privacy, 3(5):57–60, 2005.

• V. M. Igure, S. A. Laughter, and R. D. Williams. Security issues in SCADA net-works. Computers & Security, 25(7):498– 506, 2006.

• D. Goeke and H. Nguyen. SCADA system security, 2005 • U.S. Department Of Energy. 21 steps to improve cyber

security of SCADA networks.

• S. Cheung, B. Dutertre, M. Fong, U. Lindqvist, K. Skinner, and A. Valdes. Using model-based intrusion detection for SCADA networks. In Proc. of the SCADA Security Scientific

(9)

Related Work

Security Patterns

• J. Yoder and J. Barcalow. Architectural pat-terns for enabling application security. In Proc. of PLoP, 1997. Also Chapter 15 in Pattern Languages of Program Design, vol. 4 (N. Harrison, B. Foote, and H. Rohnert, Eds.), Addison-Wesley, 2000. • M. Schumacher, E. B. Fernandez, D. Hy-bertson, F.

Buschmann, and P. Sommerlad. Security Patterns:

Integrating Security and Systems Engineering. John Wiley &

Sons, Inc., 2006.

E. B. Fernandez. Security patterns. In Proc. of International

Symposium on System and Information Security, 2006.

• E. B. Fernandez and R. Pan. A pattern lan-guage for security models. In Proc. of the 8th Annual Conference on the Pattern

Languages of Programs (PLoP 2001), Urbana, Illinois, USA,

11-15 September 2001.

Conclusions

• We considered the use of security patterns to analyze, build and evaluate a secure SCADA system

• In particular, we study the architecture of a general SCADA system and analyze the potential attacks against it

• We use security patterns as a tool to design secure SCADA systems that can control these attacks

• We believe our research work defines a new direction for future research on secure SCADA systems by indicating where security should be applied in the software lifecycle

• We will complete our methodology by applying more security patterns to different layers and types of SCADA systems

• Physical access control can also be integrated by using appropriate patterns

(10)

Acknowledgement

This research was partly funded by the

Department of Defense

Questions

Secure Systems Research Group

www.cse.fau.edu/~security

References

Download now ( PDF - 10 Page - 102.26 KB )

Related documents

LSAT_PT_58

Each summer school student must take at least three courses from among the following seven: history, linguistics, music, physics, statistics, theater, and writing.. The summer

Nursing Research January/February 2011 Vol 60, No 1, 1 8. Nurses Work Schedule Characteristics, Nurse Staffing, and Patient Mortality

b Background: Although nurse staffing has been found to be related to patient mortality, there has been limited study of the independent effect of work schedules on patient

Impactos en el consumo de energía eléctrica por el uso de refrigeradores eficientes - caso Ecuador

The projection of domestic refrigerator acquisitions for the residential sector in Ecuador, submitted by the electricity companies for 2009 and prepared by MEER, establishes that

Systems analysis of host-parasite interactions.

Regulation of Parasite Gene Expression Understanding how parasites regulate gene expression throughout their life cycle within a host is necessary in order to fully appreciate the

Woonoverlast:Een analyse van de aanpak van woonoverlast en verloedering

Wanneer gewaarschuwd wordt voor toepassing van Victoria, moet wel sprake zijn van een situatie die onder het bereik van artikel 174a Gemeentewet valt?. 6 Aandachtspunt hierbij is

Extremal polynomials in stratified groups

In Section 3, we use extremal polynomials and Theorem 1.1 to give an algebraic characterization of abnormal extremals in stratified nilpotent Lie groups (Carnot groups).. This is

S/2004/86. Security Council. United Nations

In addition to its functions described at page 25 of the second report of Cyprus, please describe its role in coordinating the activities of the Central Bank and other

Evaluation of regular wave scour around a circular pile using data mining approaches

4 displays observed and predicted values of normalized scour depth for training and testing data of CART model trained by dimensionless data.. These values indicate an increase