Probabilistic validation of an intrusion-tolerant replication system

Singh, Sankalp; Cukier, Michel; Sanders, William H.

doi:10.1109/dsn.2003.1209971

Cited by 40 publications

(23 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They have shown that modeling security using Markov chains can be quite informative and can facilitate the design of secure systems. Singh, et al [27] have used probabilistic models to study the security of intrusion-tolerant replication systems.…”

Section: Related Workmentioning

confidence: 99%

Security Analysis of VPN Configurations in Industrial Control Environments

Rahimi

Zargham

2011

Critical Infrastructure Protection V

View full text Add to dashboard Cite

Virtual private networks (VPNs) are widely recommended to protect otherwise insecure industrial control protocols. VPNs provide confidentiality, integrity and availability, and are often considered to be secure. However, implementation vulnerabilities and protocol flaws expose VPN weaknesses in many deployments. This paper uses a probabilistic model to evaluate and quantify the security of VPN configurations. Simulations of the VPN model are conducted to investigate the trade-offs and parameter dependence in various VPN configurations. The experimental results provide recommendations for securing VPN deployments in industrial control environments.Keywords: Control systems, virtual private networks, security analysis IntroductionVirtual private networks (VPNs) are widely used to provide secure communications over insecure public networks. VPNs provide security services such as confidentiality, integrity and availability by creating encrypted tunnels between the communicating parties.VPNs are recommended in the literature and by many critical infrastructure protection standards to secure process control, SCADA and automation protocol communications [14-16, 21, 22]. Although these protocols are generally very reliable, they were not designed to resist malicious attacks. As a result, it is recommended to wrap industrial protocols such as DNP3 [18], 61850 [13] and Modbus [19] within VPN tunnels to protect them from unauthorized access. These configurations supposedly offer confidentiality, integrity and availability [22], but little work has focused on the secure configuration of VPN tunnels and the maintenance required for their secure operation [22].

show abstract

Section: Related Workmentioning

confidence: 99%

Security Analysis of VPN Configurations in Industrial Control Environments

Rahimi

Zargham

2011

Critical Infrastructure Protection V

View full text Add to dashboard Cite

show abstract

“…have produced a series of papers (see [2] and references therein) that use semi-Markov processes to compute security measures for intrusion tolerant systems. Also [5,17,18] use similar approaches to quantitative security evaluation. Jha et.…”

Section: Introductionmentioning

confidence: 98%

A Game-Theoretic Approach to Stochastic Security and Dependability Evaluation

Sallhammar

Helvik

Knapskog

2006

2006 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing

View full text Add to dashboard Cite

The complex networked computer systems of today are often vulnerable to a large number of failures, accidental as well as intentional. To be able to assess to what degree one can rely on such a system, new methods for quantitative evaluation is needed. This paper presents a stochastic model for integrated security and dependability evaluation, which models malicious attacker behavior as transitions between system states. To predict the probabilities of attack actions a game theoretic approach is applied. We demonstrate the method by computing security and dependability measures in two different case studies.

show abstract

“…The latter can be analyzed using Markov techniques to obtain probabilistic measures of security. Singh et al [16] have used probabilistic modeling to validate an intrusion-tolerant system, emphasizing the effects of intrusions on the system behavior and the ability of the intrusion-tolerant mechanisms to handle those effects, while using very simple assumptions about the discovery and exploitation of vulnerabilities by the attackers to achieve those intrusions. Gupta et al [7] have used a similar approach to evaluate the security and performance of several intrusion-tolerant server architectures.…”

Section: Introductionmentioning

confidence: 99%

Model-based validation of an intrusion-tolerant information system

Stevens

Courtney

Singh

et al. 2004

Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004.

Self Cite

View full text Add to dashboard Cite

An increasing number of computer systems are designed to be distributed across both local and wide-area networks, performing a multitude of critical information-sharing and computational tasks. Malicious attacks on such systems are a growing concern, where attackers typically seek to degrade quality of service by intrusions that exploit vulnerabilities in networks, operating systems, and application software. Accordingly, designers are seeking improved techniques for validating such systems with respect to specified survivability requirements. In this regard, we describe a model-based validation effort that was undertaken as part of a unified approach to validating a networked intrusiontolerant information system. Model-based results were used to guide the system's design as well as to determine whether a given survivability requirement was satisfied.

show abstract

Probabilistic validation of an intrusion-tolerant replication system

Cited by 40 publications

References 9 publications

Security Analysis of VPN Configurations in Industrial Control Environments

Security Analysis of VPN Configurations in Industrial Control Environments

A Game-Theoretic Approach to Stochastic Security and Dependability Evaluation

Model-based validation of an intrusion-tolerant information system

Contact Info

Product

Resources

About