Catálogo de publicaciones - libros

In the past few decades, critical infrastructures have become largely computerised and interconnected all over the world. This generated the problem of achieving resilience of critical information infrastructures against computer-borne attacks and severe faults. Governments and industry have been pushing an immense research effort in information and systems security, but we believe the complexity of the problem prevents it from being solved using classical security methods.

The paper focuses on the computer systems behind electrical utility infrastructures. It proposes the blueprint of a distributed systems architecture that we believe may come to be useful as a reference for modern critical information infrastructures in general. The architecture is instantiated with a set of classes of techniques and algorithms, based on paradigms providing resilience to faults and attacks in an automatic way.

The connection between critical infrastructure Protection (CIP) and critical information infrastructures protection (CIIP) is a major research area. We describe our view of how a combined experimental approach can be used to build targeted resilient software required for critical infrastructure.

In this paper, we present our ongoing work of a policy-driven approach to security requirements of grid data management systems (GDMS). We analyse the security functionalities of existing GDMS to determine their shortcomings that should be addressed in our work. We identify a comprehensive set of security requirements for GDMS followed by the presentation of our proposed Security Requirements Model. Derivation of security policies from security requirements and their consequent refinement is also presented in this paper. Our approach of addressing modelling issues by providing requirements for expressing security related quality of service is the key step to turn storage systems into knowledge representation systems.

We outline a framework for the risk assessment of information infrastructures that generalizes the notion of dependency with respect to security attributes such as confidentiality, integrity or availability. Dependencies are used to model an infrastructure at distinct abstraction levels, to discover attack strategies and to define risk mitigation plans. A plan is formulated in terms of set of countermeasures because single countermeasures may be ineffective due to alternative threat attack strategies. We do not detail the assessment steps and focus on the integration of their results to define risk mitigation plans. Lastly, we discuss the development of programming tools to support the assessment.

Modelling and analysing risk is one of the most critical activity in system engineering. However, in literature approaches like Fault Tree Analysis, Event Tree Analysis, Failure Modes and Criticality Analysis focus on the system-to-be without considering the impact of the associated risks to the organization where the system will operate. The Tropos framework has been proved effective in modelling strategic interests of the stakeholders at organizational level. In this paper, we introduce the extended Tropos goal model to analyse risk at organization level and we illustrate a number of different techniques to help the analyst in identifying and enumerating relevant countermeasures for risk mitigation.

The systematic protection of critical information infrastructures requires an analytical process to identify the critical components and their interplay, to determine the threats and vulnerabilities, to assess the risks and to prioritise countermeasures where risk is unacceptable. This paper presents an integrated framework for model-based symbolic interpretation, simulation and analysis with a comprehensive approach focussing on the validation of network security policies. A graph of all possible attack paths is automatically computed from the model of an ICT network, of vulnerabilities, exploits and an attacker strategy. Constraints on this graph are given by a model of the network security policy. The impact of changes to security policies can be computed and visualised by finding differences in the attack graphs. A unique feature of the presented approach is, that abstract representations of these graphs can be computed that allow comparison of focussed views on the behaviour of the system. This guides optimal adaptation of the security policy to the given vulnerability setting.

At the highest abstraction level, an attempt by a social engineer to exploit a victim organization either attempts to achieve some specific target (denial of service, steal an asset, tap some particular information) or it wishes to maximize an outcome, such as to disable the organization by a terrorist attack or establish a permanent parasitic relationship (long-term espionage). Seen as dynamic processes, the first kind of exploit is a controlling (“balancing”) feedback loop, while the second kind is a reinforcing feedback loop. Each type of exploit meets a first line of defense in control processes or in escalating (“reinforcing”) processes of resistance. The possible combinations of the two modes of attack and the two modes of defense yield four archetypes of exploit and natural defense. Predictably, the social engineer would seek to outsmart the first line of defense; it is shown that each archetype implies a particular strategy to do so. Anticipation of these modes of attack must be the starting point for an effective multi-layered defense against social engineering attacks.

In recent years there has been an increasing R&D interest in critical infrastructures and their protection. However, this represents a still very immature field of research with very fuzzy and confused boundaries. This paper reports an initial overview of R&D activities in Europe on this topic to illustrate the state of art and to emphasize the major areas of research but also to identify the most relevant lacks.

In this paper we present an approach for an agent-based early warning system (A-EWS) for critical infrastructures. In our approach we combine existing security infrastructures, e.g. firewalls or intrusion detection systems, with new detection approaches to create a global view and to determine the current threat state.

This paper outlines how early alert systems can help home users and SMEs in improving their security hygiene (culture of security). The viability of our framework and concepts are evaluated using www.CASEScontact.org as a case study. The latter offers its services to targeted groups of home users and SMEs supporting them in better protecting their information and data assets stored on, for instance, PCs or smartphones. As this paper shows, careful targeting of services (e.g., type of information and technical focus) and diligence (e.g., accurate and timely information is being provided) are a must for attaining users’ trust and confidence. Only then may behavioral change follow that will, in turn, improve security hygiene (culture of security). As a result, we present conceptual and empirical evidence for the need to integrate marketing and information security elements to improve an early alert system’s resource-advantage.