Industrial cybersecurity: Improving security through access control policy models

IEEE Industrial Electronics Magazine

Volumn 8, Issue 2, 2014, Pages 6-17

  Valenzano, Adriano ^a  

^a CNR   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL;

ACCESS CONTROL POLICIES; ACCESS POLICIES; ANALYSIS AND VERIFICATIONS; CYBER SECURITY; INDUSTRIAL CONTROL SYSTEMS; MALICIOUS BEHAVIOR; PROTECTION SCHEMES; RESEARCH ACTIVITIES;

INTELLIGENT CONTROL;

EID: 84903206204     PISSN: 19324529     EISSN: None     Source Type: Journal    
DOI: 10.1109/MIE.2014.2311313     Document Type: Article

References (37)

1. D. Dzung, M. Naedele, T. P. Von Hoff, and M. Crevatin, "Security for industrial communication systems," Proc. IEEE, vol. 93, no. 6, pp. 1152-1177, 2005 (Pubitemid 40928634)
2. A. Creery and E. J. Byres, "Industrial cybersecurity for power system and SCADA networks," in Proc. IEEE IAS Annual Petroleum and Chemical Industry Conf., Sept. 12-14, 2005, pp. 303-309
3. M. Cheminod, L. Durante, and A. Valenzano, "Review of security issues in industrial networks," IEEE Trans. Ind. Informat., vol. 9, no. 1, pp. 277-293, 2013
4. L. Piètre-Cambacédès, M. Tritschler, and G. N. Ericsson, "Cybersecurity myths on power control systems: 21 misconceptions and false beliefs," IEEE Trans. Power Delivery., vol. 26, no. 1, pp. 161-172, 2011
5. P. Radmand, A. Talevski, S. Petersen, and S. Carlsen, "Taxonomy of wireless sensor network security attacks in the oil and gas industries," in Proc. 24th IEEE Int. Conf. Advanced Information Networking Applications (AINA), Perth, Apr. 20-23, 2010, pp. 949-957
6. S. C. Patel, G. D. Bhatt, and J. H. Graham, "Improving the cybersecurity of SCADA communication networks," Commun. ACM, vol. 52, no. 7, pp. 139-142, 2009
7. F. M. Cleveland, "Cybersecurity issues for advanced metering infrastructure (AMI)," in Proc. IEEE Power Energy Society General Meeting-Conversion and Delivery of Electrical Energy in the 21st Century, Pittsburgh, PA, July 20-24, 2008, pp. 1-5
8. J. Liu, Y. Xiao, S. Li, W. Liang, and C. L. P. Chen, "Security and privacy issues in smart grids," IEEE Commun. Surv. Tutorials, vol. 14, no. 4, pp. 981-997, 2012
9. A. A. Cardenas, S. Amin, B. Sinopoli, A. Giani, A. Perrig, and S. Sastry. (2009, 22-24 July). "Challenges for securing cyberphysical systems," in Proc. Workshop Future Directions Cyber-Physical Systems Security [Online]. Available: http://cimic.rutgers.edu/positionPapers/ cps-security-challenges- Cardenas.pdf
10. G. N. Ericsson, "Cybersecurity and power system communication- Essential parts of a smart grid infrastructure," IEEE Trans. Power Delivery, vol. 25, no. 3, pp. 1501-1507, 2010
11. A. Treytl, T. Sauter, and C. Schwaiger, "Security measures in automation systems-A practiceoriented approach," in Proc. 10th IEEE Int. Conf. Emerging Technologies Factory Automation (ETFA), Catania, Sept. 18-21, 2005, pp. 847-855
12. Information Technology-Security Techniques-Information Security Management Systems-Requirements, ISO/IEC Std. 27 001, 2005
13. Recommended Security Controls for Federal Information Systems and Organizations, NIST SP 800-53 rev. 3, 2010
14. Industrial Communication Networks-Network and System Security-Part 1-1: Terminology, Concepts and Models, IEC/TS 62443-1-1, 2009
15. A. Hristova, S. Obermeier, and R. Schlegel, "Secure design of engineering software tools in industrial automation and control systems," in Proc. 11th IEEE Int. Conf. Industrial Informatics (INDIN), Bochum, July 2013, pp. 695-700
16. M. H. Harrison, W. L. Ruzzo, and J. D. Ullman, "Protection in operating systems," Commun. ACM, vol. 19, no. 8, pp. 461-471, 1976
17. D. E. Bell and L. J. LaPadula, "Secure computer systems: Mathematical foundations," Tech. Rep. ESD-TR-278, The Mitre Corporation, Bedford, MA, 1973
18. K. J. Biba, "Integrity considerations for secure computer systems," Tech. Rep. TR-3153, The Mitre Corporation, Bedford, MA, 1977
19. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, "Role-based access control models," IEEE Computer., vol. 29, no. 2, pp. 38-47, 1996
20. Role Based Access Control, ANSI INCITS 359-2012, 2012
21. Power Systems Management and Associated Information Exchange-Data and Communications Security-Part 8: Role-Based Access Control, IEC/TS 62351-8, 2011
22. D. Rosic, U. Novak, and S. Vukmirovic, " Role-based access control model supporting regional division in smart grid system," in Proc. 5th IEEE Int. Conf. Computational Intelligence, Communication Systems Networks (CICSyN), Madrid, June 6-7, 2013, pp. 197-201
23. V. C. Hu, E. Martin, J. Hwang, and T. Xie, "Conformance checking of access control policies specified in XACML," in Proc. 31st IEEE Annual Int. Computer Software Applications Conf. (COMPSAC), Beijing, July 23-27, 2007, pp. 275-280 (Pubitemid 350301805)
24. K. Fisler, S. Krishnamurthi, L. A. Meyerovich, and M. C. Tschantz, "Verification and change-impact analysis of access-control policies," in Proc. 27th ACM Int. Conf. Software Engineering (ICSE), St. Louis, May 15-21, 2005, pp. 196-205
25. M. Masood, A. Ghafoor, and A. Mathur, "Conformance testing of temporal role-based access control systems," IEEE Trans. Dependable Secure Comput., vol. 7, no. 2, pp. 144-158, 2010
26. G. Faden, "RBAC in UNIX administration," in Proc. 4th ACM Workshop Role-Based Access Control, Fairfax, VA, Oct. 28-29, 1999, pp. 95-101
27. T. L. Hinrichs, D. Martinoia, W. C. Garrison, A. J. Lee, A. Panebianco, and L. Zuck, "Application-sensitive access control evaluation using parameterized expressiveness," in Proc. 26th IEEE Computer Security Foundations Symp. (CSF), New Orleans, LA, June 26-28, 2013, pp. 145-160
28. A. Cau, H. Janicke, and B. Moszkowski, "Verification and enforcement of access control policies," Formal Meth. Syst. Des., vol. 43, no. 3, pp. 450-492, 2013
29. Skybox Security. (2012). Using risk modeling and attack simulation for proactive cybersecurity [Online]. Available: http://www.skyboxsecurity. Com
30. D. M. Nicol, W. H. Sanders, S. Singh, and M. Seri, "Usable global network access policy for process control systems," IEEE Security Privacy, vol. 6, no. 6, pp. 30-36, 2008
31. D. M. Nicol, W. H. Sanders, M. Seri, and S. Singh, "Experiences validating the access policy tool in industrial settings," in Proc. 43rd IEEE Hawaii Int. Conf. System Sciences (HICSS), Koloa, HI, Jan. 8-10, 2010, pp. 1-8
32. H. Okhravi, R. H. Kagin, and D. M. Nicol, "Policy globe: A framework for integrating network and operating system security policies," in Proc. 2nd ACM Workshop Assurable Usable Security Configuration (SafeConfig), Chicago, IL, Nov. 9-13, 2009, pp. 53-62
33. M. Cheminod, I. Cibrario Bertolotti, L. Durante, and A. Valenzano, "Automatic analysis of security policies in industrial networks," in Proc. 8th IEEE Int. Workshop Factory Communication Systems (WFCS), Nancy, France, May 18-21, 2010, pp. 109-118
34. I. Cibrario Bertolotti, L. Durante, T. Hu, and A. Valenzano, "A model for the analysis of security policies in industrial networks," in Proc. 1st Int. Symp. ICS SCADA Cybersecurity (ICS-CSR), Leicester, Sept. 16-17, 2013, pp. 1-11
35. M. Cheminod, L. Durante, and A. Valenzano, "System configuration check against security policies in industrial networks," in Proc. 7th IEEE Int. Symp. Industrial Embedded Systems (SIES), Karlsruhe, Germany, June 20-22, 2012, pp. 247-265
36. I. Cibrario Bertolotti, L. Durante, L. Seno, and A. Valenzano, "A twofold model for the description of access policies in industrial systems," CNR-IEIIT Tech. Rep. CENG/2013-12/01, Torino, Italy, Dec. 2013
37. M. Cheminod, L. Durante, L. Seno, and A. Valenzano, "On the description of access control policies in networked industrial systems," in Proc. 10th IEEE Int. Workshop Factory Communication Systems (WFCS), Toulouse, France, May 5-7, 2014, to appear.