A GLOBAL FRAMEWORK TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION

1
A GLOBAL FRAMEWORK TO ENHANCE CRITICAL
INFRASTRUCTURE PROTECTION

• Gwendal Le Grand and Michel Riguidel
• ENST, Paris, France
• Speaker Gwendal Le Grand

2
Outline

• 1. Introduction
• 2. Modeling a CI
• 3. Modeling approach
• Morphology Canonical architectures
• Management Policy Based Management
• V2V approach to manage heterogeneity
• 4. Conclusion Future work

3
Introduction Context

• Objectives
• model and investigate criticality, vulnerability,
  and interdependency of critical infrastructures.
• Develop models to evaluate protection measures
  w.r.t.
• Prevention
• Detection/identification
• Recovery in different scenarios

4
2. Modeling a CI What for?

• Goals
• Reactively
• control the system by making adjustments in
  response to the changes within the system or its
  environment
• Proactively
• manage the system
• E.g. detecting trends/anomalous behaviors
  allowing action to be taken before serious
  problems arise
• Tools
• Monitoring,
• Perfomance Management,
• Fault Management,
• Configuration Management,
• Security Management,

5
2. Modeling a CI Hierarchies 2 levels
High Level Business Level
Low Level Technical Level
6
2. Modeling a CI Business/technical level
Business Level of other CIs
Technical Level of other CIs
Criticality is State, Dependability is
Policy Interdependency is Relation
Interdependencies

• For modeling, we cannot restrict our view only to
  the technical level

7
2. Modeling a CISecurity (1)
Error
Crisis management model
Fault Tolerance
Fault Avoidance
Trust model
8
2. Modeling a CISecurity (2)
Recognition of attacks and the extent of damage
Crisis management model
Recovery and essential services after attack
Resistance to attacks
Adaptation and evolution to reduce effectiveness
of future attacks
Trust model
9
2. Modeling a CITrust Model Examples

• Prevention
• Protection based on access control
• Dissuasion based on reprisals
• Relation based on negotiation
• Semblance
• Fault Prevention Fault Tolerance
• Information
• Diminution or Increase in the number of
  dependency flows
• Forecasting Detection
• Analysis of faults undertaken by experts
• Surveillance
• Registration

10
2. Modeling a CICrisis Management Model Examples

• Waiting ...
• Fault Tolerance
• Fault masked
• Filter
• Switch to a summit with redundancy of
  functionality
• Fault not masked
• Resignation performance collapse
• Stop critical outcoming flows aims at
  stopping an epidemic process
• Removal Prevention
• Aggressiveness

11
2. Modeling a CIWhat has to be done

• A CI (and even a set of CIs) can be characterized
  as
• a very large-scale network system,
• a disturbance somewhere in the system can affect
  anything else in the system
• This network, if exposed to a non-trivial
  disturbance,
• can no longer respond linearly and
• either a new equilibrium may not exist OR it
  could be reached by control actions
• Need of a catalogue of simple architectures to
  which a CI can be mapped (CANONICAL
  ARCHITECTURES) AND
• global view of the entire network possibility
  of a quick action over the nodes of this network
  (POLICY BASED MANAGEMENT and V2V model)

12
3. Modeling approachMorphologies Canonical
architectures
13
3. Modeling approachPolicy Based Management

• Policy Based Management (PBM)
• Is the usage of policy rules to manage one or
  more entities
• Controls the state of the system and objects
  within the system using policies
• Policy Rule Set of Policy Conditions Set of
  Policy Actions
• Policy Based Management (PBM) allows a dynamic
  global management
• Global
• Network as a State Machine.
• The union of all local device states gives the
  global network state
• Dynamic
• Reaction to an event.
• Policy enables network state changing.
• Bidirectional management

14
3. Modeling approachPolicy

• Every change has an underlying set of business
  rules that govern its deployment.
• 2 possible views for application of a policy at
  the technical level
• Policies are Device-Specific à bad approach!!
• Separate Modeling of Policies from Modeling of
  Device Mechanisms
• e.g. In the case of a fault in a system, there
  are standard policies only depending on few
  parameters like the local morphology of the
  network, the type of faults,
• gtDevice-Independent Policy Models
• gtNeed of Policy Continuum and Coherency

15
3. Modeling approachWhat is a PBN (Policy Based
Network)?

• 2 Management Models Outsourcing and
  Provisionning

16
3. Modeling approachApplication to CIPs
hierarchical PBN
High Level Network CME PDP CIME PEP
Compound Managing Entity
Low Level Network CIME PDP CIMA PEP 1st
level
17
3. Modeling approachInternational and National
Context

• Question how to manage several instantiations
  of a CI ? How to manage interdependencies?

18
3. Modeling approachV2V Virtual to Virutal

• Objective of V2V
• framework for the security of several distributed
  systems consisting of communities of elements
  communicating within heterogeneous networks and
  immersed in an ambient intelligence.
• define a high level abstract medium for
  interdependency management
• Characteristics
• V2V transcends present fragmentation of
  technologies, information systems and networks.
• Principle
• A general security policy is first of all defined
  on a virtual plane
• in terms of security objectives (confidentiality,
  integrity, availability),
• at a high level of abstraction.
• General policy is projected on the traditional
  planes logical and physical, of information and
  network systems.

19
3. Modeling approachGlobal picture
CI 2
CI 1
A resilient compound CI Using V2V
CI 3
PBM model
Canonical Architectures
20
4. Conclusion

• Methodology for
• Infrastructures
• Pregnant morphology
• Future infrastructures (ambiant, grids, etc.)
• Large scale systems/poly systems
• Software intensive infrastrucutures, etc.
• Multi granularities security
• Policy
• Implement policies in the canonical architectures
  model
• Security for morphologies
• Security for canonical architectures
• V2V
• To understand, model, and handle
  interdependencies
• gt an intelligent distributed grid
• Remaining administrative issues
• Convince CI operators that they must collaborate
  using a common high level model
• Win-Win model