Browsing by Author "Monteiro, Edmundo"
Now showing 1 - 10 of 16
Results Per Page
Sort Options
- Assurance and trust indicators to evaluate accuracy of on-line risk in critical infrastructuresPublication . Schaberreiter, Thomas; Caldeira, Filipe; Aubert, Jocelyn; Monteiro, Edmundo; Khadraoui, Djamel; Simoes, PauloCritical infrastructure (CI) services are consumed by the society constantly and we expect them to be available 24 hours a day. A common definition is that CIs are so vital to our society that a disruption or destruction would have a severe impact on the social well-being and the economy on national and international levels. CIs can be mutually dependent on each other and a failure in one infrastructure can cascade to another (inter)dependent infrastructure and cause service disruptions. Methods to better assess and monitor CIs and their (inter)dependencies at run-time in order to be able to evaluate possible risks have to be developed. Furthermore, methods to ensure the validity of evaluated risk have to be investigated. In this work, we build on existing work of CI security modelling, a CI model that allows modelling the risks of CI services at run-time. We conduct a study of indicators allowing to evaluate the correctness of calculated service risk, taking into account various sources contributing to this evaluation. Trust-based indicators are introduced to capture the dynamically changing behaviour of a system.
- Descrição, Geração e Difusão de Políticas de SegurançaPublication . Caldeira, Filipe; Monteiro, EdmundoNeste artigo é apresentada uma ferramenta de descrição de Políticas de Segurança, baseada na linguagem SPSL (Security Policy Specification Language). A ferramenta permite efectuar a descrição de políticas de segurança posteriormente utilizadas na criação e difusão de regras reconhecidas por vários equipamentos na implementação das políticas de segurança das organizações.
- Gestão por políticas: arquitectura e aplicaçõesPublication . Caldeira, Filipe; Monteiro, EdmundoNeste artigo é feita uma abordagem à gestão de redes baseadas em políticas focando a arquitectura PBN (Policy-Based Networking) proposta no âmbito do grupo de trabalho Policy Framework do IETF (Internet Engineering Task Force). São evidenciados os principais aspectos desta arquitectura, desde os protocolos de comunicação até às linguagens de especificação de políticas, passando pelos modelos necessários à representação de informação. Relativamente às linguagens de especificação de políticas, apresenta-se uma visão geral sobre a sua aplicabilidade na arquitectura PBN. No âmbito dos protocolos de difusão de política, destacase o protocolo COPS (Common Open Policy Service) e COPS-PR (COPS for Policy provisioning). O artigo termina com a descrição de uma aplicação de gestão de firewalls através do uso de políticas. Esta aplicação baseia-se na arquitectura de gestão por políticas (PBN) proposta e aplica a linguagem SPSL e o protocolo COPS-PR.
- Intrusion and anomaly detection for the next-generation of industrial automation and control systemsPublication . Rosa, Luis; Cruz, Tiago; Freitas, Miguel Borges de; Quitério, Pedro; Henriques, João; Caldeira, Filipe; Monteiro, Edmundo; Simões, PauloThe next-generation of Industrial Automation and Control Systems (IACS) and Supervisory Control and Data Acquisition (SCADA) systems pose numerous challenges in terms of cybersecurity monitoring. We have been witnessing the convergence of OT/IT networks, combined with massively distributed metering and control scenarios such as smart grids. Larger and geographically widespread attack surfaces, and inherently more data to analyse, will become the norm. Despite several advances in recent years, domain-specific security tools have been facing the challenges of trying to catch up with all the existing security flaws from the past, while also accounting for the specific needs of the next-generation of IACS. Moreover, the aggregation of multiple techniques and sources of information into a comprehensive approach has not been explored in depth. Such a holistic perspective is paramount since it enables a global and enhanced analysis enabled by the usage, combination and aggregation of the outputs from multiple sources and techniques. This paper starts by providing a review of the more recent anomaly detection techniques for SCADA systems, focused on both theoretical machine learning approaches and complete frameworks. Afterwards, it proposes a complete framework for an Intrusion and Anomaly Detection System (IADS) composed of specific detection probes, an event processing layer and a core anomaly detection component, amongst others. Finally, the paper presents an evaluation of the framework within a large-scale hybrid testbed, and a comparison of different anomaly detection scenarios based on various machine learning techniques.
- Policy Based and Trust Management for Critical Infrastructure ProtectionPublication . Caldeira, Filipe; Monteiro, Edmundo; Simões, PauloCritical infrastructure (CI) services are consumed by the society constantly and we expect them to be available 24 hours a day. A common definition is that CIs are so vital to our society that a disruption or destruction would have a severe impact on the social well-being and the economy on a national and an international level. CIs can be mutually dependent on each other and a failure in one infrastructure can cascade to another interdependent infrastructure to cause service disruptions. Methods to better assess and monitor CIs and their interdependencies in order to predict possible risks have to be developed. This work addresses the problem of the quality of information exchanged among interconnected CI, the quality of the relationship in terms of trust and security and the use of Trust and Reputation management along with the Policy Based Management paradigm is the proposed solution to be applied at the CI interconnection points for information exchange.
- A policy-based approach to firewall managementPublication . Caldeira, Filipe; Monteiro, EdmundoThis paper describes a policy-based approach to firewall management. The Policy-Based Networking (PBN) architecture proposed by the Policy Framework Group of IETF is analysed, together with the communication protocols, policy specification languages, and the necessary information models. The paper continues with a description of an application of the PBN architecture to firewall management. The proposed architecture is presented and its implementation issues are analysed with some usage examples. The paper concludes with the evaluation of the policy-based approach to firewall management.
- Policy-based networking: applications to firewall managementPublication . Caldeira, Filipe; Monteiro, EdmundoThis paper describes a policy-based approach to firewall management. The Policy-Based Networking (pbn) architecture proposed by the Policy Framework Group of Internet Engineering Task Force (ietf) is analysed, together with the communication protocols, policy specification languages, and the necessary information models. An overview of policy specification languages applicability topbn architecture is presented paying particular attention to the specification of security policies through Security Policy Specification Language (spsl). The Common Open Policy Service protocol (cops) and its variant,cops for Policy provisioning (cops-pr), both used for the transport of policy information, are also presented. The paper continues with a description of an application of thepbn architecture to firewall management. The proposed architecture is presented and its implementation issues are analysed with some usage examples. The paper concludes with the evaluation of the policy-based approach to firewall management.
- Secure Mediation Gateway Architecture Enabling the Communication Among Critical InfrastructuresPublication . Caldeira, Filipe; Castrucci, Marco; Aubigny, Matthieu; Macone, Donato; Monteiro, Edmundo; Rente, Francisco; Simoes, Paulo; Suraci, VincenzoRepresenting one of the most technological dependencies of contemporary societies, Critical Infrastructures (CIs) have to ensure the highest security levels to be able of fulfill their duty in any circumstances. This is the main goal of MICIE (Tool for systemic risk analysis and secure mediation of data exchanged across linked CI information infrastructures) FP7 ICT-SEC project: the design and implementation of a real-time CI risk level prediction and alerting system [1]. In order to reach this objective, one of the main key challenge to be addressed is the design and the implementation of a Secure Mediation Gateway (SMGW), namely a new innovative network element able to: (i) discover CI status information, (ii) overcome information heterogeneity and (iii) provide a secure communication of such information among peer CIs. All the information discovered and collected by the SMGW are then provided to a dedicated prediction tool which is in charge of calculating a risk prediction for the CIs. This paper presents the functional architecture of the SMGW designed within the MICIE project, putting in evidence how it is possible to discover information and exchange critical information over a insecure network like Internet.
- Towards Protecting Critical InfrastructuresPublication . Caldeira, Filipe; Cruz, Tiago; Simões, Paulo; Monteiro, EdmundoCritical Infrastructures (CIs) such as power distribution are referred to as “Critical” as, in case of failure, the impact on society and economy can be enormous. CIs are exposed to a growing number of threats. ICT security plays a major role in CI protection and risk prevention for single and interconnected CIs were cascading effects might occur. This chapter addresses CI Protection discussing MICIE Project main results, along with the mechanisms that manage the degree of confidence assigned to risk alerts allowing improving the resilience of CIs when faced with inaccurate/inconsistent alerts. The CockpitCI project is also presented, aiming to improve the resilience and dependability of CIs through automatic detection of cyber-threats and the sharing of real-time information about attacks among CIs. CockpitCI addresses one MICIE's shortcoming by adding SCADA-oriented security detection capabilities, providing input for risk prediction models and assessment of the operational status of the Industrial Control Systems.
- Trust and Reputation for Information Exchange in Critical InfrastructuresPublication . Caldeira, Filipe; Monteiro, Edmundo; Simoes, PauloToday’s Critical Infrastructures (CI) are highly interdependent in order to deliver their services with the required level of quality and availability. Information exchange among interdependent CI plays a major role in CI protection and risk prevention for interconnected CI were cascading effects might occur because of their interdependencies. This paper addresses the problem of the quality of information exchanged among interconnected CI and also the quality of the relationship in terms of trust and security. The use of trust and reputation indicators associated with the information exchange is the proposed solution. The proposed solution is being applied to information exchange among interconnected CI in scope of the European FP7 MICIE project, in order to improve information accuracy and to protect each CI from using inconsistent and non trustable information about critical events.