Improving security in SCADA systems through firewall policy analysis

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F13%3APU106384" target="_blank" >RIV/00216305:26230/13:PU106384 - isvavai.cz</a>

Výsledek na webu

<a href="http://www.fit.vutbr.cz/research/pubs/all.php?id=10382" target="_blank" >http://www.fit.vutbr.cz/research/pubs/all.php?id=10382</a>

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Improving security in SCADA systems through firewall policy analysis

Popis výsledku v původním jazyce

Many of modern SCADA networks are connected to both the company's enterprise network and the Internet. Because these industrial systems often control critical processes the cyber- security requirements become a priority for their design. This paper deals with network communication security in SCADA environment implemented by firewall devices. We proposed a method for verification of firewall configurations against security policy to detect and reveal potential holes in implemented rule sets. We present a straightforward verification method based on representation of a firewall configuration as a set of logical formulas suitable for automated analysis using SAT tools. We demonstrate how such configuration can be analyzed for security policy violation that can be inferred from security policy specification of an industrial automation system. 

Název v anglickém jazyce

Improving security in SCADA systems through firewall policy analysis

Popis výsledku anglicky

Many of modern SCADA networks are connected to both the company's enterprise network and the Internet. Because these industrial systems often control critical processes the cyber- security requirements become a priority for their design. This paper deals with network communication security in SCADA environment implemented by firewall devices. We proposed a method for verification of firewall configurations against security policy to detect and reveal potential holes in implemented rule sets. We present a straightforward verification method based on representation of a firewall configuration as a set of logical formulas suitable for automated analysis using SAT tools. We demonstrate how such configuration can be analyzed for security policy violation that can be inferred from security policy specification of an industrial automation system. 

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/TA01010632" target="_blank" >TA01010632: SCADA systém pro řízení a monitorování procesů v reálném čase.</a><br>

Návaznosti

Z - Vyzkumny zamer (s odkazem do CEZ)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2013

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the Federated Conference on Computer Science and Information Systems

ISBN

978-1-4673-4471-5

ISSN

—

e-ISSN

—

Počet stran výsledku

6

Strana od-do

1435-1440

Název nakladatele

IEEE Computer Society

Místo vydání

Krakow

Místo konání akce

Krakow

Datum konání akce

8. 9. 2013

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—