Dynamic Restoration in Interconnected RBAC-based Cyber-physical Control Systems

Cristina Alcaraz, Javier Lopez, Kim-Kwang Raymond Choo

2016

Abstract

Increasingly, automatic restoration is an indispensable security measure in control systems (e.g. those used in critical infrastructure sectors) due to the importance of ensuring the functionality of monitoring infrastructures. Modernizing the interconnection of control systems to provide interoperability between different networks, at a low cost, is also a critical requirement in control systems. However, automated recovery mechanisms are currently costly, and ensuring interoperability particularly at a low cost remains a topic of scientific challenge. This is the gap we seek to address in this paper. More specifically, we propose a restoration model for interconnected contexts, taking into account the theory of supernode and structural controllability, as well as the recommendations given by the IEC-62351-8 standard (which are mainly based on the implementation of a role-based access control system).

References

  1. Albert, R. and Barabási, A. (2002). Statistical mechanics of complex networks. Reviews of Modern Physics, 74(1):4797.
  2. Alcaraz, C., Lopez, J., and Wolthusen, S. (2016). Policy enforcement system for secure interoperable control in distributed smart grid systems. Journal of Network and Computer Applications, 59:301 - 314.
  3. Alcaraz, C., Miciolino, E. E., and Wolthusen, S. (2013). Structural controllability of networks for noninteractive adversarial vertex removal. In 8th International Conference on Critical Information Infrastructures Security, volume 8328, pages 120-132. Springer.
  4. Alcaraz, C. and Wolthusen, S. (2014). Recovery of structural controllability for control systems. In Eighth IFIP WG 11.10 International Conference on Critical Infrastructure, volume 441, pages 47-63. Springer.
  5. Haynes, T., Hedetniemi, S. M., Hedetniemi, S. T., and Henning, M. A. (2002). Domination in graphs applied to electric power networks. SIAM Journal on Discrete Mathematics, 15(4):519-529.
  6. Healy, P. and Nikolov, N. S. (2013). Hierarchical drawing algorithms, chapter Chapter 13, pages 409-446. Handbook of Graph Drawing and Visualization, CRC Press.
  7. IEC-61850 (2003). Power utility automation - communication networks and systems in substations - parts 1-10. TC 57 - Power systems management and associated information exchange.
  8. IEC-62351 (2007-2011). IEC-62351 parts 1-8: Information security for power system control operations, international electrotechnical commission. http://www.iec.ch/smartgrid/standards/, retrieved September 2015.
  9. IEC-62351-8 (2011). Power systems management and associated information exchange - data and communications security - part 8: Role-based access control, international electrotechnical commission, 2011. http://www.iec.ch/smartgrid/standards/, retrieved Sept. 2015.
  10. Kneis, J., Mölle, D., R., S., and Rossmanith, P. (2006). Parameterized power domination complexity. Information Processing Letters, 98(4):145-149.
  11. Lin, C.-T. (1974). Structural Controllability. IEEE Transactions on Automatic Control, 19(3):201-208.
  12. Marchese, M. and Mongelli, M. (2012). Simple protocol enhancements of rapid spanning tree protocol over ring topologies. Computer Network, 56(4):1131- 1151.
  13. Médard, M., Finn, S. G., and Barry, R. A. (1999). Redundant trees for preplanned recovery in arbitrary vertexredundant or edge-redundant graphs. IEEE/ACM Trans. Netw., 7(5):641-652.
  14. Nakayama, K., Shinomiya, N., and Watanabe, H. (2012). An autonomous distributed control method for link failure based on tie-set graph theory. Circuits and Systems I: Regular Papers, IEEE Transactions on, 59(11):2727-2737.
  15. Nie, S., Wang, X., Zhang, H., Li, Q., and Wang, B. (2014). Robustness of controllability for networks based on edge-attack. PLoS ONE, 9(2):1-8.
  16. Pagani, G. A. and Aiello, M. (2013). The power grid as a complex network: A survey. Physica A: Statistical Mechanics and its Applications, 392(11):2688-2700.
  17. Palmer, C. and Steffan, J. (2000). Generating network topologies that obey power laws. In Global Telecommunications Conference (GLOBECOM 7800), volume 1, pages 434-438.
  18. Quattrociocchi, W., Caldarelli, G., and Scala, A. (2014). Self-healing networks: Redundancy and structure. PLoS ONE, 9(2):e87986.
  19. Samuel, H., Zhuang, W., , and Preiss, B. (2011). Improving the dominating-set routing over delay-tolerant mobile ad-hoc networks via estimating node intermeeting times. In EURASIP Journal on Wireless Communications and Networking, Hindawi Publishing Corporation, pages 1-12.
  20. Smith, M. (2010). Definition of the inetOrgPerson LDAP object class, RFC-2798,. http://www.ietf.org/rfc/rfc2798.txt, retrieved September 2015.
  21. Studio, A. D. (2006-2013). http://directory.apache.org/ studio/, retrieved September 2015.
  22. Yang, Y., Lu, J., Choo, K.-K. R., and Liu, J. K. (2016). Lightweight Cryptography for Security and Privacy: 4th International Workshop, LightSec 2015, Bochum, Germany, September 10-11, 2015, Revised Selected Papers, chapter On Lightweight Security Enforcement in Cyber-Physical Systems, pages 97-112. Springer International Publishing, Cham.
Download


Paper Citation


in Harvard Style

Alcaraz C., Lopez J. and Choo K. (2016). Dynamic Restoration in Interconnected RBAC-based Cyber-physical Control Systems . In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016) ISBN 978-989-758-196-0, pages 19-27. DOI: 10.5220/0005942000190027


in Bibtex Style

@conference{secrypt16,
author={Cristina Alcaraz and Javier Lopez and Kim-Kwang Raymond Choo},
title={Dynamic Restoration in Interconnected RBAC-based Cyber-physical Control Systems},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)},
year={2016},
pages={19-27},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005942000190027},
isbn={978-989-758-196-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)
TI - Dynamic Restoration in Interconnected RBAC-based Cyber-physical Control Systems
SN - 978-989-758-196-0
AU - Alcaraz C.
AU - Lopez J.
AU - Choo K.
PY - 2016
SP - 19
EP - 27
DO - 10.5220/0005942000190027