“The CRUTIAL Way of Critical Infrastructure Protection”
IEEE Security and Privacy, vol. 6, no. 6, pp. 44-51, Nov/Dec 2008., Dec. 2008.
Abstract: Today, critical infrastructures like the power grid are essentially physical processes controlled by computers connected by networks. They are usually as vulnerable as any other interconnected computer system, but their failure has a high socio-economic impact. We describe a hierarchy of variations of a novel device for the protection of these infrastructures, the CIS. These devices are used to ensure that incoming/outgoing traffic satisfies the security policy of an infrastructure in face of cyber-attacks. However, a CIS is not a common firewall but a distributed protection device based on a sophisticated access control model. Furthermore, a CIS is intrusion-tolerant and self-healing, seeking perpetual unattended correct operation. A key feature of the proposed architecture is that it does not require any modification of the SCADA/PCS software already in use today.
Research line(s): Fault And Intrusion Tolerance in Open Distributed Systems (FIT)