Towards Experimental Assessment of Security Threats in Protecting the Critical Infrastructure

Janusz Zalewski, Steven Drager, William McKeever, Andrew J. Kornecki

2012

Abstract

Security is a system and software property essential in protecting infrastructure critical to the nation’s business and everyday operation. It is often related to and overlapping with other trustworthiness properties, such as safety and/or reliability. Mutual relationships of these properties and their interactions in real world systems have been studied by multiple authors in a recent decade; however, they are rarely viewed jointly in the context of critical infrastructure. The objective of this paper is to take a closer look at the relationship of security with safety in computing systems, and present a unified view for further research. In particular, the paper presents an overview of the state-of-the-art and focuses on the discussion of the unifying architecture, which leads to interesting observations how security and safety are related. Preliminary experiments on using safety concepts to assess security in industrial control systems with monitoring tools are discussed.

References

  1. Burns A., J. McDermid, J. Dobson (1992), On the Meaning of Safety and Security, The Computer Journal, Vol. 35, No. 1, pp. 3-15.
  2. Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems (2004), Report to Congressional Requesters, GAO-04-354, U.S. Government Accounting Office, Washington, DC.
  3. Goertzel K. M., T. Winograd (2011), Safety and Security Considerations for Component- Based Engineering of Software-Intensive Systems, Booz Allen Hamilton.
  4. Gumzej R., W. Halang (2009), A Safety Shell for UMLRT Projects Structure and Methods of UML Pattern, Innovations in Systems and Software Engineering: A NASA Journal, Vol. 5, No. 2, pp. 97-105.
  5. Hahn J., D. P. Guillen, T. Anderson (2005), Process Control Systems in the Chemical Industry: Safety vs. Security, Proc. 20th Annual CCPS International Conf., Report INL/CON-05-00001.
  6. Jaatun M. G., T. O. Grotan, M. B. Line (2008), Secure Safety: Secure Remote Access to Critical Safety Systems in Offshore Installations, Proc. ATC 2008, 5th Intern. Conf. on Autonomic and Trusted Computing, Oslo, Norway, June 23-25, pp. 121-133.
  7. Jalouneix J., P. Cousinou, J. Couturier, D. Winter (2009), A Comparative Approach to Nuclear Safety and Nuclear Security, IRSN, Tech. Rep. 2009/117.
  8. Kornecki A., J. Zalewski (2010), Safety and Security in Industrial Control, Proc. CSIIRW 2010, 6th Annual Workshop on Cyber Security and Information Intelligence Research, Oak Ridge, Tenn., April 21-23.
  9. Landwehr C. E. (1981), Formal Models for Security, ACM Computing Surveys, Vol. 13, No. 3, pp. 247-278.
  10. Leveson N. (1995), Safeware: System Safety and Computers. Addison-Wesley, Boston.
  11. Nordland O. (2007), Safety and Security - Two Sides of the Same Medal, European CIIP Newsletter, Vol. 3, No. 2, pp. 20-22, May/June.
  12. Novak T., A. Treytl (2008), Functional Safety and System Security in Automation Systems, Proc. ETFA'08, 13th IEEE Conf. on Emerging Technologies and Factory Automation, Hamburg, Germany, pp. 311-318.
  13. Pietre-Cambacedes L., C. Chaudet (2010), The SEMA Referential Framework: Avoiding Ambiguities in the Terms “Security” and “Safety”, Intern. Journal of Critical Infrastructure Protection, Vol. 3, pp. 55-66.
  14. Romanski G. (2009), Safe and Secure Partitioned Systems and Their Certification, Proc. WRTP 2009, 30th IFAC Workshop on Real-Time Programming, Mragowo, Poland, October 12-14.
  15. Sanz R., J. Zalewski (2003), Pattern Based Control Systems Engineering, IEEE Control Systems, Vol. 23, No. 3, pp. 43-60.
  16. Schoitsch E. (2004), Design for Safety and Security of Complex Embedded Systems: A Unified Approach, Proc. NATO Advanced Research Workshop on Cyberspace Security and Defense: Research Issues, Gdansk, Poland, September 6-9, pp. 161-174.
  17. Schwartz M. D. et al. (2010), Control System Devices: Architectures and Supply Channels Overview, Report SAND2010-5183, Sandia National Laboratories, Albuquerque, NM.
  18. Smith J., S. Russell, M. Looi (2003), Security as a Safety Issue in Rail Communications, Proc. SCS 2003, 8th Australian Workshop on Safety Critical Systems and Software, Canberra, October 9-10, pp. 79-88.
  19. Top 125 Network Security Tools (2012). URL: http://sectools.org/
Download


Paper Citation


in Harvard Style

Zalewski J., Drager S., McKeever W. and Kornecki A. (2012). Towards Experimental Assessment of Security Threats in Protecting the Critical Infrastructure . In Proceedings of the 7th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE, ISBN 978-989-8565-13-6, pages 207-212. DOI: 10.5220/0004098502070212


in Bibtex Style

@conference{enase12,
author={Janusz Zalewski and Steven Drager and William McKeever and Andrew J. Kornecki},
title={Towards Experimental Assessment of Security Threats in Protecting the Critical Infrastructure},
booktitle={Proceedings of the 7th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,},
year={2012},
pages={207-212},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004098502070212},
isbn={978-989-8565-13-6},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 7th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,
TI - Towards Experimental Assessment of Security Threats in Protecting the Critical Infrastructure
SN - 978-989-8565-13-6
AU - Zalewski J.
AU - Drager S.
AU - McKeever W.
AU - Kornecki A.
PY - 2012
SP - 207
EP - 212
DO - 10.5220/0004098502070212