fares 2013 _ organizational security architecture for critical infrastructure
TRANSCRIPT
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
1/21
1
Organizational Security Architecture forCritical Infrastructure
Jonathan Blangenois, Guy Guemkam, Christophe Feltus, Djamel Khadraoui
Public Research Centre Henri Tudor, Luxembourg-Kirchberg, Luxembourg University of Namur, Namur, Belgium Laboratoire LIP6, Universit de Pierre et Marie Curie, Paris, France
Septembre 2, 2013
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
2/21
2
Table of contents
Introduction and ArchiMate theory
State of the art
Policy Concept and Metamodel Core
Agent System Metamodel
Organizational Layer
Application Layer Technical Layer
Inter-Layer Link
Policy modelling
Organizational Policy
Application policy Case study in Financial CI
Conclusions
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
3/21
Introduction
- Critical infrastructure monitored and protected by SCADA
system
- SCADA operate at different abstraction levels of the CI
- SCADA based on 3 functions:
data acquisition alert correlation
policy instanciation and deployment
- SCADA based on agents and agent systems (MAS)
NO INTEGRATED MODELING APPROACH TO INTEGRATE ALL
DIMENSIONS.
Septembre 2013 FARES workshop 3
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
4/21
ArchiMate theory
- http://pubs.opengroup.org/architecture/archimate2-doc/
- 3 abstraction layers (business, application and technical)
- ArchiMate core concepts:
- ArchiMate objective is to model enterprise architecture
4Septembre 2013 FARES workshop
http://pubs.opengroup.org/architecture/archimate2-doc/http://pubs.opengroup.org/architecture/archimate2-doc/http://pubs.opengroup.org/architecture/archimate2-doc/http://pubs.opengroup.org/architecture/archimate2-doc/http://pubs.opengroup.org/architecture/archimate2-doc/ -
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
5/21
State of the art
Gaia: is a framework for the development of agent architectures basedon a lifecycle approach
AUML andMAS-ML: are extensions of the UML language for the
modelling of MAS
Prometheus: defines a metamodel of the application layer and allowsto generate organizational diagrams, roles diagrams, classesdiagrams, sequences diagrams and so forth
CARBA: provides a dynamic architecture for MAS similar to the
middleware CORBA
Observation: No solution for modelling, in a common model, the
different abstractions layer of an SCADA system
5Septembre 2013 FARES workshop
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
6/21
Policy Concept and Metamodel Core
.the policy semantic :
Our goal is to introduce the Agents po l icy as a Core metamodel
concept as a intermediairy to handle passive and active structures
for realization of a behaviour
6
Event Context Responsibilities
Event: something done by a Structure
Element that generates an execution of
a Policy.
Context: configuration of Passive
Structure that allows the Policy to beexecuted
Responsibility: a state assigned to an
Agent (human or software) to signify him
its obligations and rights in a specific
context..Septembre 2013 FARES workshop
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
7/21
Agent System Metamodel Organizational layer
7
Organizational Policies are
behavioural components ofthe organization whose
goals are to achieve an
Organizational Service to a
role depending on Events
Septembre 2013 FARES workshop
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
8/21
Agent System Metamodel Applicationlayer
8
The Application layer is
used to represent theApplication Components
and their interactions with
the Application Service
derived from the
Organizational Policy of theOrganizational layer
Septembre 2013 FARES workshop
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
9/21
Agent System Metamodel Technicallayer
9
Technical layer is used to
represent the structuralaspect of the system and
highlights the links
between the Technical
layer and the Application
layer and how physicalpieces of information called
Artifacts are produced or
used.
Septembre 2013 FARES workshop
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
10/21
Agent System Metamodel Interlayerlinks
10
Artefact of the TechnicalLayer realizes Data Object
of the Application Layer
which realizes
Organizational Object of
the Organizational layer
Application Service uses
the Organizational Policy to
determine the services it
proposes
Technical layer bases his
Infrastructure Service on
theApplication Policy of
the Application layer
Septembre 2013 FARES workshop
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
11/21
ArchiMate
metamodel
for MAS
Allows defining:
1. Organizational policy
2. Application policy
11
1
2
Septembre 2013 FARES workshop
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
12/21
Organizational policy
Organizational Policycan be represented as an UML Use Case
- Roles represent theActors which haverespon sibi l i t iesin theUse
Case
- Collaborat ion concepts show the connections between them.
- Products, Valueand Organizat ional Serviceprovide the Goalof the
Use Case.
- Preand Post cond i t ionsmodel the context of the Use Caseand are
symbol izedin the Metamodel as the Eventconcept (Precondition) and
the Organizat ional Object (Pre/Post condition).
12
The set of rules that defines the organizational Responsibilities andgoverns the execution, by the Organization domain, of behaviours that
serve the Product domain in response to a Process domain occurred in a
specific context, symbolized by a configuration of the Information
domain.
Septembre 2013 FARES workshop
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
13/21
Application policy
UML provides support for modelling the behaviour performed by
the App l icat ion domainas Sequence Diagram.
Configuration of the Data domaincan be expressed asPrecondi t ionsof the Sequence Diagramand symbolized by the
execution of a test-method on the lifeline of the diagram.
13
The set of rules that defines the application Responsibilities and governs
the execution, by the Application domain, of behaviours that serve the
Data domain to achieve the application strategy
Septembre 2013 FARES workshop
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
14/21
Acquiring / Issuing case study
- Acquiring / Issuing process supervised and controled with/by
the SCADA architecture
- 3 SCADA components in connection with the business
process
14Septembre 2013 FARES workshop
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
15/21
ACE, PIE et RDP
15
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
16/21
Architecturescomponents
TheACE Agents collects, aggregates and analyses networkinformation and confirms alerts are sent to the PIE
The PIE Agentsreceives a confirmed alert from the ACE, setthe severity level and the extent of the network response
(depending on the alert layer). The high level alert messagesare transferred to the RDP.
The RDP Agentsis composed of two modules
The Cryptography Analysis (CA) is in charge of analysingthe keys previously instantiated by the PIE.
The Component Configuration Mapper, selects theappropriate communication channel.
16Septembre 2013 FARES workshop
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
17/21
Focus on the alerte
correlation
Instantiation of the metamodel
to engineer the 3 layers policies
At the application layer :
Sequences diagrams:
17
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
18/21
Conclusions (1/2)
- SCADA are supported by increasingly used multi-agent(*)which
are particularly appropriatein the context of critical
architecture:
Heterogeneous system
Open solutions Distributed components
- Lack of global architecture from MAS modelling
- Adapting ArchiMatefor a MAS usage
* Davidson, E.M.; McArthur, S.D.J.; McDonald, James R.; Cumming, T.; Watt, I., "Applying multi-agent system
technology in practice: automated management and analysis of SCADA and digital fault recorder data,"
Power Sys tems, IEEE Transaction s on, vol.21, no.2, pp.559,567, May 2006
18Septembre 2013 FARES workshop
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
19/21
Conclusions (2/2)
- ArchiMateadaptation allowed:
Structuringof the policy concept,
Synchronizingthe behaviour between many types ofagents, spread over different types of critical architecture
management components such as the alert correlationengine, the intrusion detection tools, and so forth.
- Acquiring Issuing financial validation by case study
Clarificationof the connection between thesynchronization of the event that is generated at the levelof one component policy and the one that triggers
policies to another component.
19Septembre 2013 FARES workshop
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
20/21
20
Acknowledgment
The research described in this paper is funded by the
CockpitCI research project within the 7th frameworkProgramme (FP7) of the European Union (EU) (topic SEC-
2011.2.5-1Cyber-attacks against critical infrastructuresCapability Project).
-
8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure
21/21
Thank you for your attention !
Any questions ?
21Septembre 2013 FARES workshop