ESTGV - DI - Documentos de congressos (comunicações, posters, actas)
Permanent URI for this collection
Browse
Browsing ESTGV - DI - Documentos de congressos (comunicações, posters, actas) by Author "Caldeira, Filipe"
Now showing 1 - 10 of 11
Results Per Page
Sort Options
- Assurance and trust indicators to evaluate accuracy of on-line risk in critical infrastructuresPublication . Schaberreiter, Thomas; Caldeira, Filipe; Aubert, Jocelyn; Monteiro, Edmundo; Khadraoui, Djamel; Simoes, PauloCritical infrastructure (CI) services are consumed by the society constantly and we expect them to be available 24 hours a day. A common definition is that CIs are so vital to our society that a disruption or destruction would have a severe impact on the social well-being and the economy on national and international levels. CIs can be mutually dependent on each other and a failure in one infrastructure can cascade to another (inter)dependent infrastructure and cause service disruptions. Methods to better assess and monitor CIs and their (inter)dependencies at run-time in order to be able to evaluate possible risks have to be developed. Furthermore, methods to ensure the validity of evaluated risk have to be investigated. In this work, we build on existing work of CI security modelling, a CI model that allows modelling the risks of CI services at run-time. We conduct a study of indicators allowing to evaluate the correctness of calculated service risk, taking into account various sources contributing to this evaluation. Trust-based indicators are introduced to capture the dynamically changing behaviour of a system.
- Descrição, Geração e Difusão de Políticas de SegurançaPublication . Caldeira, Filipe; Monteiro, EdmundoNeste artigo é apresentada uma ferramenta de descrição de Políticas de Segurança, baseada na linguagem SPSL (Security Policy Specification Language). A ferramenta permite efectuar a descrição de políticas de segurança posteriormente utilizadas na criação e difusão de regras reconhecidas por vários equipamentos na implementação das políticas de segurança das organizações.
- Gestão por políticas: arquitectura e aplicaçõesPublication . Caldeira, Filipe; Monteiro, EdmundoNeste artigo é feita uma abordagem à gestão de redes baseadas em políticas focando a arquitectura PBN (Policy-Based Networking) proposta no âmbito do grupo de trabalho Policy Framework do IETF (Internet Engineering Task Force). São evidenciados os principais aspectos desta arquitectura, desde os protocolos de comunicação até às linguagens de especificação de políticas, passando pelos modelos necessários à representação de informação. Relativamente às linguagens de especificação de políticas, apresenta-se uma visão geral sobre a sua aplicabilidade na arquitectura PBN. No âmbito dos protocolos de difusão de política, destacase o protocolo COPS (Common Open Policy Service) e COPS-PR (COPS for Policy provisioning). O artigo termina com a descrição de uma aplicação de gestão de firewalls através do uso de políticas. Esta aplicação baseia-se na arquitectura de gestão por políticas (PBN) proposta e aplica a linguagem SPSL e o protocolo COPS-PR.
- Improved Resilience of Interdependent Critical Infrastructures via on-line Alerting SystemPublication . Capodieci, Paolo; Diblasi, Stefano; Ciancamerla, Ester; Minichino, Michele; Foglietta, Chiara; Lefevre, Davide; Oliva, Gabriele; Panzieri, Stefano; Setola, Roberto; De Porcellinis, Stefano; Delli Priscoli, Francesco; Castrucci, Marco; Suraci, Vincenzo; Lev, Leonid; Shneck, Yosi; Khadraoui, Djamel; Aubert, Jocelyn; Iassinovski, Serguei; Jiang, Jianmin; Simoes, Paulo; Caldeira, Filipe; Spronska, Agnieszka; Harpes, Carlo; Aubigny, MatthieuThis paper illustrates the activities under development within the FP7 EU MICIE project. The project is devoted to design and implement an on-line alerting system, able to evaluate, in real time, the level of risk of interdependent Critical Infrastructures (CIs). Such a risk is generated by undesired events and by the high level of interconnection of the different infrastructures. Heterogeneous models are under development to perform short term predictions of the Quality of Service (QoS) of each CI according to the QoS of the others, to the level of interdependency among the Infrastructures, and according to the undesired events identified in the reference scenario.
- Policy Based and Trust Management for Critical Infrastructure ProtectionPublication . Caldeira, Filipe; Monteiro, Edmundo; Simões, PauloCritical infrastructure (CI) services are consumed by the society constantly and we expect them to be available 24 hours a day. A common definition is that CIs are so vital to our society that a disruption or destruction would have a severe impact on the social well-being and the economy on a national and an international level. CIs can be mutually dependent on each other and a failure in one infrastructure can cascade to another interdependent infrastructure to cause service disruptions. Methods to better assess and monitor CIs and their interdependencies in order to predict possible risks have to be developed. This work addresses the problem of the quality of information exchanged among interconnected CI, the quality of the relationship in terms of trust and security and the use of Trust and Reputation management along with the Policy Based Management paradigm is the proposed solution to be applied at the CI interconnection points for information exchange.
- A policy-based approach to firewall managementPublication . Caldeira, Filipe; Monteiro, EdmundoThis paper describes a policy-based approach to firewall management. The Policy-Based Networking (PBN) architecture proposed by the Policy Framework Group of IETF is analysed, together with the communication protocols, policy specification languages, and the necessary information models. The paper continues with a description of an application of the PBN architecture to firewall management. The proposed architecture is presented and its implementation issues are analysed with some usage examples. The paper concludes with the evaluation of the policy-based approach to firewall management.
- Secure Mediation Gateway Architecture Enabling the Communication Among Critical InfrastructuresPublication . Caldeira, Filipe; Castrucci, Marco; Aubigny, Matthieu; Macone, Donato; Monteiro, Edmundo; Rente, Francisco; Simoes, Paulo; Suraci, VincenzoRepresenting one of the most technological dependencies of contemporary societies, Critical Infrastructures (CIs) have to ensure the highest security levels to be able of fulfill their duty in any circumstances. This is the main goal of MICIE (Tool for systemic risk analysis and secure mediation of data exchanged across linked CI information infrastructures) FP7 ICT-SEC project: the design and implementation of a real-time CI risk level prediction and alerting system [1]. In order to reach this objective, one of the main key challenge to be addressed is the design and the implementation of a Secure Mediation Gateway (SMGW), namely a new innovative network element able to: (i) discover CI status information, (ii) overcome information heterogeneity and (iii) provide a secure communication of such information among peer CIs. All the information discovered and collected by the SMGW are then provided to a dedicated prediction tool which is in charge of calculating a risk prediction for the CIs. This paper presents the functional architecture of the SMGW designed within the MICIE project, putting in evidence how it is possible to discover information and exchange critical information over a insecure network like Internet.
- Trust and Reputation for Critical Infrastructure ProtectionPublication . Caldeira, FilipeToday’s critical infrastructures (CIs) depend on information and communication technologies (ICTs) to deliver their services with the required level of quality and availability. ICT security plays a major role in CI protection and risk prevention for single and also for interconnected CIs were cascading effects might occur because of the interdependencies that exist among different CIs. Among the problems inherent to the operation of Critical Infrastructures, it is possible to emphasise the existence of dependencies and interdependencies among infrastructures. For example, a telecommunications service is inherently dependent on the electricity supply or, for instance, banking services are dependent on both telecommunications and energy supply services. Many of the existing approaches to security in Critical Infrastructures are focused on obtaining risk levels through the use of models based on the infrastructure. Although these models allow a solid foundation for risk monitoring, they do not have mechanisms for exchange, management and assessment of its quality. This presentation addresses the problems related to trust, reputation and risk alerts management within Critical Infrastructures. Accordingly, it is described how to introduce mechanisms to manage and measure at each instant, the degree of confidence assigned to each of the alerts received or computed internally. Allowing improvement of their accuracy and consequently improving the resilience of Critical Infrastructures when faced with inaccurate or inconsistent risk alerts. The lecture’s main goals are to address the problems related to interdependent Critical Infrastructure security and to identify the main problems related to risk information sharing. In particular, how to allow information sharing in a secure manner, the management of that sharing and how to assess the reliability of such information. The European Project MICIE is presented in order to contextualise the presented work. The application of Policy Based Management mechanisms for the management of the risk alert information shared among Critical Infrastructures is described. In order to improve the information sharing management and the further interpretation of the risk alerts, it is described how to evaluate Trust and Reputation in order to assess the shared information and also to consider the behaviour of the entities involved. Selected application scenarios for the presented approaches will be discussed. In particular the integration of those approaches within the MICIE Project and also the integration of the trust and reputation indicators within the CI security Model.
- Trust and Reputation for Information Exchange in Critical InfrastructuresPublication . Caldeira, Filipe; Monteiro, Edmundo; Simoes, PauloToday’s Critical Infrastructures (CI) are highly interdependent in order to deliver their services with the required level of quality and availability. Information exchange among interdependent CI plays a major role in CI protection and risk prevention for interconnected CI were cascading effects might occur because of their interdependencies. This paper addresses the problem of the quality of information exchanged among interconnected CI and also the quality of the relationship in terms of trust and security. The use of trust and reputation indicators associated with the information exchange is the proposed solution. The proposed solution is being applied to information exchange among interconnected CI in scope of the European FP7 MICIE project, in order to improve information accuracy and to protect each CI from using inconsistent and non trustable information about critical events.
- Trust and Reputation Management for Critical Infrastructure ProtectionPublication . Caldeira, Filipe; Monteiro, Edmundo; Simoes, PauloToday’s Critical Infrastructures (CI) depend of Information and Communication Technologies (ICT) to deliver their services with the required level of quality and availability. ICT security plays a major role in CI protection and risk prevention for single and also for interconnected CIs were cascading effects might occur because of the interdependencies that exist among different CIs. This paper addresses the problem of ICT security in interconnected CIs. Trust and reputation management using the Policy Based Management paradigm is the proposed solution to be applied at the CI interconnection points for information exchange. The proposed solution is being applied to the Security Mediation Gateway being developed in the European FP7 MICIE project, to allow for information exchange among interconnected CIs.