0 valutazioniIl 0% ha trovato utile questo documento (0 voti)
22 visualizzazioni20 pagine
Presentation of "Conviction Model for Incident Reaction Architecture Monitoring Based on Automatic Sensors Alert Detection" at SINFONC 2013 conference, Aksaray, Turkey
Titolo originale
Conviction Model for Incident Reaction Architecture Monitoring Based on Automatic Sensors Alert Detection
Presentation of "Conviction Model for Incident Reaction Architecture Monitoring Based on Automatic Sensors Alert Detection" at SINFONC 2013 conference, Aksaray, Turkey
Presentation of "Conviction Model for Incident Reaction Architecture Monitoring Based on Automatic Sensors Alert Detection" at SINFONC 2013 conference, Aksaray, Turkey
Conviction Model for Incident Reaction Architecture
Monitoring based on Automatic Sensors Alert Detection
Christophe Feltus - Djamel Khadraoui
Public Research Centre Henri Tudor, Luxembourg-Kirchberg, Luxembourg christophe.feltus@tudor.lu
October 13-16, 2013 Table of contents 2 Introduction Leading Case Study Modelling the agents responsibility Conviction analysis Case Study validation Conclusions
October 2013 SMC IEEE conference Introduction - CI are infrastructure essential for the functioning of a society and economy - CI are monitored and protected by SCADA system (Supervisory Control and Data Acquisition) - SCADA operates at different abstraction levels of the CI and are generally composed of agents system which needs to accurately collaborate
We observe : - No integrated approach to support the agents behavior in crisis situations i.e. no guarantee about the agent ability to perform its responsibilities after delegation/assignment
October 2013 SMC IEEE conference 3 Leading Case
October 2013 SMC IEEE conference 4 PEP (Policy Enforcement Point) enforces security policies provided by the PDP PIE (Policy Instantiation Engine) is the agent that receives information about attacks from the ACE and instantiates new security policies to react to the attack PDP (Policy Decision Point) receives the new security policies defined by the PIE and deploys (validates) them at the enforcement points (PEP); ACE (Agent Correlation Engine) is the agent in charge of receiving alerts coming from network nodes, to correlates the information and to forward confirmed alert to the PIE SCADA inside 5 Conviction of responsibility performance ? The Agent Responsibility model 6 Commitment Responsibility concepts definitions The task is an action to use or transform an object performed by an agent The responsibility is a state assigned to an agent to signify him its obligations and accountabilities regarding a task The accountability is a duty to justify the performance of a task to someone else under threat of sanction. Accountability is a type of obligation to report the achievement, maintenance or avoidance of some given state to an authority and, as consequence, is associated to an obligation. The assignment is the action of linking an agent to a responsibility. Delegation process is the transfer of an agents responsibility assignment to another agent.
7 Responsibility concepts definitions The capability describes the requisite qualities, skills or resources necessary to perform a task. Capability may be declined through knowledge or know-how, possessed by the agent such as ability to make decision, its processing time, its faculty to analyze a problem, and its position on the network. The right encompasses facilities required by an agent to fulfill his obligations e.g. the access right that the agent gets once he is assigned responsible. The commitment pledged by the agent related to this assignment represents his required engagement to fulfill a task and the conviction that he does it in respect of good practices. The trust is the reliance that an agent act as it is requested. For didactic reason, we consider in this paper that a trust level of 10 is high and a trust level of 0 is low. 8 Agent responsibility in the case study Because of the size of the paper, only the four most important concepts are instantiated requirements The obligations concerning the task (in red), The capabilities (in blue), The rights (in green), The Commitment represented as a trust value (in black).
Cf tables 9 Case study PEPs requierments 10 11 Case study PDPs and ACEs requierments Guarantee about the agent ability to perform its responsibilities It is necessary, for an agent, that:
Rights: should be appropriate to satisfy the agents obligations. Capability: should be below its capability. Moreover such capability should enable it to fulfill its obligations Level of Trust: should be higher or equal to the minimum level required specified
Based on the value of the Right, the Capability and the Trust:
The Conviction A for fulfillment of Obligation O by an Agent with right R, Capability C and Trust T is: A 0 (R, C, T) = 0 if (R 0 R) (C 0 C) (T p T) Otherwise: A 0 (R, C, T) = 1 12 Case study analysis:
If a failing PEP needs to delegate O 1 : Must retrieve the logs from the component it monitors to another PEP, the latter must have at least the following capability:
- be on the same network than the component to control (C 1 ), - have enough computing resource to monitor the component to control (C 4 ), - be able to encrypt data (C 6 ) - be able to communicate securely with the ACE (C 7 ). 13 October 2013 SMC IEEE conference The PEP must also have the following rights to perform O 1 :
- R 1 : is allowed to read log file on the concerned network component - R 2 : is allowed to write log in the central logs database - R 4 : is allowed to read and write in the alert database.
The minimum level for the trust parameter expected from the PEP is set to 3.
14 October 2013 SMC IEEE conference Case study analysis:
Validation for the case study 15 However, in practice, we observed : As a result, in the case of the PEP, the obligation to provide an immediate reaction is hampered by the fact that the PEP lacks the capability to communicate with the PDP (C 2 ).
This means that any appropriate responsibility cannot be assigned to the PEP and be implemented in case of abnormally within the system. 16 October 2013 SMC IEEE conference Case study analysis:
Validation for the case study 17 Equally, the value for the other agents are CI are more and more present and need to be seriously managed and monitor regarding the increasing amount of threats. This paper presents a solution to automatically react after an incident on a wireless network based on MAS architecture. The system initially based on static assignments of function to agents needed more dynamicity in order to stay aligned with the new arising risks:
We provide a conceptual representation of the agent responsibilities Based on that definition of the agents responsibilities, a conviction level can be estimated in order to determine the confidence that the agent can meet its responsibilities. In the event of such conviction level being low, decisions can be made to shift the fulfillment of such a responsibility to a different agent. 18 October 2013 SMC IEEE conference Conclusions Acknowledgments The research described in this paper is funded by the CockpitCI research project within the 7th framework Programme (FP7) of the European Union (EU) (topic SEC- 2011.2.5-1 Cyber-attacks against critical infrastructures Capability Project).
CGIT 2008 - Definition and Validation of A Business IT Alignment Method For Enterprise Governance Improvement in The Context of Processes Based Organizations - Wellington