Conviction Model for Incident Reaction Architecture Monitoring Based on Automatic Sensors Alert...

8/12/2019 Conviction Model for Incident Reaction Architecture Monitoring Based on Automatic Sensors Alert Detection

1/20

1

Conviction Model for Incident Reaction Architecture

Monitoring based on Automatic Sensors Alert

Detection

Christophe Feltus - Djamel Khadraoui

Public Research Centre Henri Tudor, Luxembourg-Kirchberg, Luxembourg

[email protected]

October 13-16, 2013
mailto:[email protected]:[email protected]:[email protected]:[email protected]


2/20

Table of contents

2

Introduction

Leading Case Study

Modelling the agents responsibility

Conviction analysis

Case Study validation

Conclusions

October 2013 SMC IEEE conference


3/20

Introduction

- CI are infrastructure essential for the functioning of a society and

economy

- CI are monitored and protected by SCADA system (Supervisory

Control and Data Acquisition)

- SCADA operates at different abstraction levels of the CI and aregenerally composed of agents system which needs to accurately

collaborate

We observe :

- No integrated approach to support the agents behavior in crisissituationsi.e. no guarantee about the agent ability to perform its

responsibilities after delegation/assignment

October 2013 SMC IEEE conference 3


4/20

Leading Case

October 2013 SMC IEEE conference 4

PEP (Policy Enforcement Point)

enforces security policies

provided by the PDP

PIE (Policy Instantiation

Engine) is the agent that

receives information about

attacks from the ACE and

instantiates new security

policies to react to the

attack

PDP (Policy Decision Point) receives the new

security policies defined by the PIE and deploys

(validates) them at the enforcement points

(PEP);

ACE (Agent Correlation

Engine) is the agent in

charge of receiving alerts

coming from network nodes,

to correlates the information

and to forward confirmedalert to the PIE


5/20

SCADA inside

5

Conviction of

responsibility

performance ?


6/20

The Agent Responsibility model

6

Commitment


7/20

Responsibility concepts definitions

The taskis an action to use or transform an object performed by an agent

The responsibilityis a state assigned to an agent to signify him its

obligations and accountabilities regarding a task

The accountability is a duty tojustify the performance of a task to someone

else under threat of sanction. Accountability is a type of obligation to report

the achievement, maintenance or avoidance of some given state to an

authority and, as consequence, is associated to an obligation.

The assignment is the action of linking an agent to a responsibility.

Delegation process is the transfer of an agents responsibility assignment to

another agent.

7


8/20

Responsibility concepts definitions

The capabilitydescribes the requisite qualities, skills or resources

necessary to perform a task. Capability may be declined through knowledge

or know-how, possessed by the agent such as ability to make decision, its

processing time, its faculty to analyze a problem, and its position on the

network.

The rightencompasses facilities required by an agent to fulfill his obligations

e.g. the access right that the agent gets once he is assigned responsible.The commitment pledged by the agent related to this assignment represents

his required engagement to fulfill a task and the conviction that he does it

in respect of good practices.

The trust is the reliance that an agent act as it is requested.

For didactic reason, we consider in this paper that a trust level of 10 is

high and a trust level of 0 is low.

8


9/20

Agent responsibility in the case study

Because of the size of the paper, only the four most importantconcepts are instantiated requirements

The obligations concerning the task (in red),

The capabilities (in blue),

The rights (in green),

The Commitment represented as a trust value (in black).

Cf tables

9


10/20

Case study PEPs requierments

10


11/20

11

Case study PDPs and ACEs requierments


12/20

Guarantee about the agent ability to

perform its responsibilities

It is necessary, for an agent, that:

Rights:should be appropriate to satisfy the agents obligations.

Capability: should be below its capability. Moreover such capability should enable it to fulfill

its obligations

Level of Trust: should be higher or equal to the minimum level required specified

Based on the value of the Right, the Capability and the Trust:

The Conviction A for fulfillment of Obligation O by an Agent with right R,

Capability C and Trust T is:

A0(R, C, T) = 0 if (R0R) (C0C) (TpT)

Otherwise:

A0(R, C, T) = 1

12


13/20

Case study analysis:

If a failing PEP needs to delegate O1: Must retr ieve the logs fromthe component i t moni tors to another PEP, the latter must

have at least the following capability:

- be on the same network than the component to control (C1),

- have enough computing resource to monitor the component to

control (C4),

- be able to encrypt data (C6)

- be able to communicate securely with the ACE (C7).

13October 2013 SMC IEEE conference


14/20

The PEP must also have the following rights to perform O1 :

- R1: is allowed to read log file on the concerned network

component

- R2: is allowed to write log in the central logs database

- R4: is allowed to read and write in the alert database.

The minimum level for the trust parameter expected from the PEP

is set to 3.




15/20

Validation for the case study

15

However, in practice, we observed :


16/20

As a result, in the case of the PEP, the obligation to provide animmediate reaction is hampered by the fact that the

PEP lacks the capability to communicate with the PDP (C2).

This means that any appropriate responsibility cannot be

assigned to the PEP and be implemented in case of abnormally

within the system.




17/20

Validation for the case study

17

Equally, the value for the other agents are


18/20

CI are more and more present and need to be seriously managed and monitorregarding the increasing amount of threats.

This paper presents a solution to automatically react after an incident on a

wireless network based on MAS architecture.

The system initially based on static assignments of function to agents needed

more dynamicity in order to stay aligned with the new arising risks:

We provide a conceptual representation of the agent responsibilities

Based on that definition of the agents responsibilities, a conviction level

can be estimated in order to determine the confidence that the agent can

meet its responsibilities. In the event of such conviction level being low,

decisions can be made to shift the fulfillmentof such a responsibility to a

different agent.


Conclusions


19/20

Acknowledgments

The research described in this paper is funded by the

CockpitCI research project within the 7th frameworkProgramme (FP7) of the European Union (EU) (topic SEC-

2011.2.5-1Cyber-attacks against critical infrastructures

Capability Project).


20/20

Thank you for your attention !

Any questions ?

Date post:	03-Jun-2018
Category:	Documents
Upload:	christophe-feltus
View:	217 times
Download:	0 times

Conviction Model for Incident Reaction Architecture Monitoring Based on Automatic Sensors Alert...

Documents