FARES 2013 _ Organizational Security Architecture for Critical Infrastructure

8/12/2019 FARES 2013 _ Organizational Security Architecture for Critical Infrastructure

1/21

1

Organizational Security Architecture forCritical Infrastructure

Jonathan Blangenois, Guy Guemkam, Christophe Feltus, Djamel Khadraoui

Public Research Centre Henri Tudor, Luxembourg-Kirchberg, Luxembourg University of Namur, Namur, Belgium Laboratoire LIP6, Universit de Pierre et Marie Curie, Paris, France

[email protected]

Septembre 2, 2013


2/21

2

Table of contents

Introduction and ArchiMate theory

State of the art

Policy Concept and Metamodel Core

Agent System Metamodel

Organizational Layer

Application Layer Technical Layer

Inter-Layer Link

Policy modelling

Organizational Policy

Application policy Case study in Financial CI

Conclusions


3/21

Introduction

- Critical infrastructure monitored and protected by SCADA

system

- SCADA operate at different abstraction levels of the CI

- SCADA based on 3 functions:

data acquisition alert correlation

policy instanciation and deployment

- SCADA based on agents and agent systems (MAS)

NO INTEGRATED MODELING APPROACH TO INTEGRATE ALL

DIMENSIONS.

Septembre 2013 FARES workshop 3


4/21

ArchiMate theory

- http://pubs.opengroup.org/architecture/archimate2-doc/

- 3 abstraction layers (business, application and technical)

- ArchiMate core concepts:

- ArchiMate objective is to model enterprise architecture

4Septembre 2013 FARES workshop
http://pubs.opengroup.org/architecture/archimate2-doc/http://pubs.opengroup.org/architecture/archimate2-doc/http://pubs.opengroup.org/architecture/archimate2-doc/http://pubs.opengroup.org/architecture/archimate2-doc/http://pubs.opengroup.org/architecture/archimate2-doc/


5/21

State of the art

Gaia: is a framework for the development of agent architectures basedon a lifecycle approach

AUML andMAS-ML: are extensions of the UML language for the

modelling of MAS

Prometheus: defines a metamodel of the application layer and allowsto generate organizational diagrams, roles diagrams, classesdiagrams, sequences diagrams and so forth

CARBA: provides a dynamic architecture for MAS similar to the

middleware CORBA

Observation: No solution for modelling, in a common model, the

different abstractions layer of an SCADA system



6/21

Policy Concept and Metamodel Core

.the policy semantic :

Our goal is to introduce the Agents po l icy as a Core metamodel

concept as a intermediairy to handle passive and active structures

for realization of a behaviour

6

Event Context Responsibilities

Event: something done by a Structure

Element that generates an execution of

a Policy.

Context: configuration of Passive

Structure that allows the Policy to beexecuted

Responsibility: a state assigned to an

Agent (human or software) to signify him

its obligations and rights in a specific

context..Septembre 2013 FARES workshop


7/21

Agent System Metamodel Organizational layer

7

Organizational Policies are

behavioural components ofthe organization whose

goals are to achieve an

Organizational Service to a

role depending on Events

Septembre 2013 FARES workshop


8/21

Agent System Metamodel Applicationlayer

8

The Application layer is

used to represent theApplication Components

and their interactions with

the Application Service

derived from the

Organizational Policy of theOrganizational layer



9/21

Agent System Metamodel Technicallayer

9

Technical layer is used to

represent the structuralaspect of the system and

highlights the links

between the Technical

layer and the Application

layer and how physicalpieces of information called

Artifacts are produced or

used.



10/21

Agent System Metamodel Interlayerlinks

10

Artefact of the TechnicalLayer realizes Data Object

of the Application Layer

which realizes

Organizational Object of

the Organizational layer

Application Service uses

the Organizational Policy to

determine the services it

proposes

Technical layer bases his

Infrastructure Service on

theApplication Policy of

the Application layer



11/21

ArchiMate

metamodel

for MAS

Allows defining:

1. Organizational policy

2. Application policy

11

1

2



12/21

Organizational policy

Organizational Policycan be represented as an UML Use Case

- Roles represent theActors which haverespon sibi l i t iesin theUse

Case

- Collaborat ion concepts show the connections between them.

- Products, Valueand Organizat ional Serviceprovide the Goalof the

Use Case.

- Preand Post cond i t ionsmodel the context of the Use Caseand are

symbol izedin the Metamodel as the Eventconcept (Precondition) and

the Organizat ional Object (Pre/Post condition).

12

The set of rules that defines the organizational Responsibilities andgoverns the execution, by the Organization domain, of behaviours that

serve the Product domain in response to a Process domain occurred in a

specific context, symbolized by a configuration of the Information

domain.



13/21

Application policy

UML provides support for modelling the behaviour performed by

the App l icat ion domainas Sequence Diagram.

Configuration of the Data domaincan be expressed asPrecondi t ionsof the Sequence Diagramand symbolized by the

execution of a test-method on the lifeline of the diagram.

13

The set of rules that defines the application Responsibilities and governs

the execution, by the Application domain, of behaviours that serve the

Data domain to achieve the application strategy



14/21

Acquiring / Issuing case study

- Acquiring / Issuing process supervised and controled with/by

the SCADA architecture

- 3 SCADA components in connection with the business

process



15/21

ACE, PIE et RDP

15


16/21

Architecturescomponents

TheACE Agents collects, aggregates and analyses networkinformation and confirms alerts are sent to the PIE

The PIE Agentsreceives a confirmed alert from the ACE, setthe severity level and the extent of the network response

(depending on the alert layer). The high level alert messagesare transferred to the RDP.

The RDP Agentsis composed of two modules

The Cryptography Analysis (CA) is in charge of analysingthe keys previously instantiated by the PIE.

The Component Configuration Mapper, selects theappropriate communication channel.



17/21

Focus on the alerte

correlation

Instantiation of the metamodel

to engineer the 3 layers policies

At the application layer :

Sequences diagrams:

17


18/21

Conclusions (1/2)

- SCADA are supported by increasingly used multi-agent(*)which

are particularly appropriatein the context of critical

architecture:

Heterogeneous system

Open solutions Distributed components

- Lack of global architecture from MAS modelling

- Adapting ArchiMatefor a MAS usage

* Davidson, E.M.; McArthur, S.D.J.; McDonald, James R.; Cumming, T.; Watt, I., "Applying multi-agent system

technology in practice: automated management and analysis of SCADA and digital fault recorder data,"

Power Sys tems, IEEE Transaction s on, vol.21, no.2, pp.559,567, May 2006



19/21

Conclusions (2/2)

- ArchiMateadaptation allowed:

Structuringof the policy concept,

Synchronizingthe behaviour between many types ofagents, spread over different types of critical architecture

management components such as the alert correlationengine, the intrusion detection tools, and so forth.

- Acquiring Issuing financial validation by case study

Clarificationof the connection between thesynchronization of the event that is generated at the levelof one component policy and the one that triggers

policies to another component.



20/21

20

Acknowledgment

The research described in this paper is funded by the

CockpitCI research project within the 7th frameworkProgramme (FP7) of the European Union (EU) (topic SEC-

2011.2.5-1Cyber-attacks against critical infrastructuresCapability Project).


21/21

Thank you for your attention !

Any questions ?


FARES 2013 _ Organizational Security Architecture for Critical Infrastructure

Documents

Transcript of FARES 2013 _ Organizational Security Architecture for Critical Infrastructure