ICTDM2014 _ Towards Cyber-Security Protection of Critical Infrastructures by Generating Security...

8/12/2019 ICTDM2014 _ Towards Cyber-Security Protection of Critical Infrastructures by Generating Security Policy for SCADA Systems

1/23

1

Towards Cyber-Security Protection of

Critical Infrastructures by GeneratingSecurity Policy for SCADA Systems

Djamel Khadraoui, Christophe Feltus

Public Research Centre Henri Tudor, Luxembourg-Kirchberg, Luxembourg

March, 2014


2/23

2

Table of contents

Introduction and ArchiMate theory

State of the art

Policy Concept and Metamodel Core

Agent System Metamodel

Organizational Layer

Application Layer Technical Layer

Inter-Layer Link

Policy modelling

Organizational Policy

Application policy Case study in Financial CI

Conclusions


3/23

Introduction

- Critical infrastructure monitored and protected by SCADA

system

- SCADA operate at different abstraction levels of the CI

- SCADA based on 3 functions:

data acquisition

alert correlation

policy instanciation and deployment

- SCADA based on agents and agent systems (MAS)

NO INTEGRATED MODELING APPROACH TO INTEGRATE ALL

DIMENSIONS.

3


4/23

ArchiMate theory

- http://pubs.opengroup.org/architecture/archimate2-doc/

- 3 abstraction layers (business, application and technical)

- ArchiMate core concepts:

- ArchiMate objective is to model enterprise architecture

4
http://pubs.opengroup.org/architecture/archimate2-doc/http://pubs.opengroup.org/architecture/archimate2-doc/http://pubs.opengroup.org/architecture/archimate2-doc/http://pubs.opengroup.org/architecture/archimate2-doc/http://pubs.opengroup.org/architecture/archimate2-doc/


5/23

State of the art

Gaia: is a framework for the development of agent architectures basedon a lifecycle approach

AUML andMAS-ML: are extensions of the UML language for the

modelling of MAS

Prometheus: defines a metamodel of the application layer and allowsto generate organizational diagrams, roles diagrams, classes

diagrams, sequences diagrams and so forth

CARBA: provides a dynamic architecture for MAS similar to the

middleware CORBA

Observation: No solution for modelling, in a common model, the

different abstractions layer of an SCADA system

5


6/23

Policy Concept and Metamodel Core

.the policy semantic :

Our goal is to introduce the Agents po l icy as a Core metamodel

concept as a intermediairy to handle passive and active structures

for realization of a behaviour

6

Event Context Responsibilities

Event: something done by a Structure

Element that generates an execution of

a Policy.

Context: configuration of Passive

Structure that allows the Policy to beexecuted

Responsibility: a state assigned to an

Agent (human or software) to signify him

its obligations and rights in a specific

context..


7/23

Agent System Metamodel

Organizational layer

7

Organizational Policies are

behavioural components ofthe organization whose

goals are to achieve an

Organizational Service to a

role depending on Events


8/23

Agent System Metamodel Application

layer

8

The Application layer is

used to represent theApplication Components

and their interactions with

the Application Service

derived from the

Organizational Policy of theOrganizational layer


9/23

Agent System Metamodel Technical

layer

9

Technical layer is used to

represent the structuralaspect of the system and

highlights the links

between the Technical

layer and the Application

layer and how physicalpieces of information called

Artifacts are produced or

used.


10/23

Agent System Metamodel Interlayer

links

10

Artefact of the TechnicalLayer realizes Data Object

of the Application Layer

which realizes

Organizational Object of

the Organizational layer

Application Service uses

the Organizational Policy to

determine the services it

proposes

Technical layer bases his

Infrastructure Service on

theApplication Policy of

the Application layer


11/23

ArchiMate

metamodel

for MAS

Allows defining:

1. Organizational policy

2. Application policy

11

1

2


12/23

Organizational policy

Organizational Policycan be represented as an UML Use Case

- Roles represent theActors which haverespon sibi l i t iesin theUse

Case

- Collaborat ion concepts show the connections between them.

- Products, Valueand Organizat ional Serviceprovide the Goalof the

Use Case.

- Preand Post cond i t ionsmodel the context of the Use Caseand are

symbol izedin the Metamodel as the Eventconcept (Precondition) and

the Organizat ional Object (Pre/Post condition).

12

The set of rules that defines the organizational Responsibilities andgoverns the execution, by the Organization domain, of behaviours that

serve the Product domain in response to a Process domain occurred in a

specific context, symbolized by a configuration of the Information

domain.


13/23

Application policy

UML provides support for modelling the behaviour performed by

the App l icat ion domainas Sequence Diagram.

Configuration of the Data domaincan be expressed asPrecondi t ionsof the Sequence Diagramand symbolized by the

execution of a test-method on the lifeline of the diagram.

13

The set of rules that defines the application Responsibilities and governs

the execution, by the Application domain, of behaviours that serve the

Data domain to achieve the application strategy


14/23

Petroleum distribution case study

14


15/23

ACE, PIE et RDP

15


16/23

Architecturescomponents

TheACE Agents collects, aggregates and analyses networkinformation and confirms alerts are sent to the PIE

The PIE Agentsreceives a confirmed alert from the ACE, set

the severity level and the extent of the network response

(depending on the alert layer). The high level alert messagesare transferred to the RDP.

The RDP Agentsis composed of two modules

The Cryptography Analysis (CA) is in charge of analysing

the keys previously instantiated by the PIE.

The Component Configuration Mapper, selects the

appropriate communication channel.

16


17/23

Focus on the alerte

correlation

Instantiation of the metamodel

to engineer the 3 layers policies

At the application layer :

Sequences diagrams:

17


18/23

Example of

ArchiMate

Instanciation of the ACE agent

18


19/23

Example of

ArchiMate

Instantiation of all agents

19

Policies


20/23


21/23

Conclusions (2/2)

- ArchiMateadaptation allowed:

Structuringof the policy concept,

Synchronizingthe behaviour between many types of

agents, spread over different types of critical architecture

management components such as the alert correlationengine, the intrusion detection tools, and so forth.

- Acquiring Issuing financial validation by case study

Clarificationof the connection between the

synchronization of the event that is generated at the levelof one component policy and the one that triggers

policies to another component.

21


22/23

22

Acknowledgment

The research described in this paper is funded by the

CockpitCI research project within the 7th frameworkProgramme (FP7) of the European Union (EU) (topic SEC-

2011.2.5-1 Cyber-attacks against critical infrastructures

Capability Project).


23/23

Thank you for your attention !

Any questions ?

23

Date post:	03-Jun-2018
Category:	Documents
Upload:	christophe-feltus
View:	223 times
Download:	0 times

ICTDM2014 _ Towards Cyber-Security Protection of Critical Infrastructures by Generating Security...

Documents