Browsing by Author "Monteiro, E."
Now showing 1 - 2 of 2
Results Per Page
Sort Options
- An evolved security architecture for distributed industrial automation and control systemsPublication . Rosa, L.; Proença, J.; Henriques, João; Graveto, V.; Cruz, T.; Simões, P.; Caldeira, Filipe; Monteiro, E.Over the recent years, control and sensor systems used for IACS (Industrial Automation and Control Systems) have become more complex, due to the increasing number of interconnected distributed devices, sensors and actuators. Such components are often widely dispersed in the field – this is the case for microgeneration (wire-to-water generation, solar or wind), smart metering, oil and gas distribution or smart water management, among others. This IoT (Internet of Things)-centric IACS paradigm expands the infrastructure boundaries well beyond the single or aggregated-plant, mono-operator vision (mostly associated with geographically constrained systems topologies), being dispersed over a large geographic area, with increasingly small areas of coverage as we progress towards its periphery. This situation calls for a different approach to cyber threat detection, which is one of the most relevant contributions of the ATENA (Advanced Tools to assEss and mitigate the criticality of ICT components and their dependencies over critical infrAstructures) H2020 project (ATENA 2016). This paper presents and describes the ATENA cyber-security architecture, designed for the emerging generation of distributed IoT IACS, leveraging technologies such as Software Defined Networking/Network Function Virtualization and Big data event processing) within the scope of a cyber-detection architecture designed to deal with the inherent challenges of dispersed IACS, involved different operator domains.
- Policy-based networking: Applications to firewall managementPublication . Caldeira, Filipe; Monteiro, E.This paper describes a policy-based approach to firewall management. The Policy-Based Networking (PBN) architecture proposed by the Policy Framework Group of lnternet Engineering Task Force (1ETF) is analysed, together with the communication protocols, policy specification languages, and the necessary information models. An overview of policy specification languages applicability to PBN architecture is presented paying particular attention to the specification of security policies through Security Policy Specification Language (SPSL). The Common Open Policy Service protocol (coPs) and its variant, coPs for Policy provisioning (COPS-PR), both used for the transport of policy information, are also presented. The paper continues with a description of an application of the PBN architecture to firewall management. The proposed architecture is presented and its implementation issues are analysed with some usage examples. The paper concludes with the evaluation of the policybased approach to firewall management.