Intrusion-Tolerant Protection for Critical Infrastructures
Autor(a) principal: | |
---|---|
Data de Publicação: | 2007 |
Outros Autores: | , , , |
Tipo de documento: | Relatório |
Idioma: | por |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10451/14162 |
Resumo: | Today's critical infrastructures like the Power Grid are essentially physical processes controlled by computers connected by networks. They are usually as vulnerable as any other interconnected computer system, but their failure has a high socio-economic impact. The paper describes a new construct for the protection of these infrastructures, based on distributed algorithms and mechanisms implemented between a set of devices called CIS. CIS collectively ensure that incoming/outgoing traffic satisfies the security policy of an organization in the face of accidents and attacks. However, they are not simple firewalls but distributed protection devices based on a sophisticated access control model. Likewise, they seek perpetual unattended correct operation, so they are designed with intrusion-tolerant capabilities and hardened with proactive recovery. The paper discusses the rationale behind the use of CIS to improve the resilience of critical infrastructures and presents a design using logical replication based on virtual machines |
id |
RCAP_6407fafe9e0fd3acb2025b57a241f411 |
---|---|
oai_identifier_str |
oai:repositorio.ul.pt:10451/14162 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Intrusion-Tolerant Protection for Critical InfrastructuresIntrusion ToleranceCritical InfrastructuresFirewallWormholesToday's critical infrastructures like the Power Grid are essentially physical processes controlled by computers connected by networks. They are usually as vulnerable as any other interconnected computer system, but their failure has a high socio-economic impact. The paper describes a new construct for the protection of these infrastructures, based on distributed algorithms and mechanisms implemented between a set of devices called CIS. CIS collectively ensure that incoming/outgoing traffic satisfies the security policy of an organization in the face of accidents and attacks. However, they are not simple firewalls but distributed protection devices based on a sophisticated access control model. Likewise, they seek perpetual unattended correct operation, so they are designed with intrusion-tolerant capabilities and hardened with proactive recovery. The paper discusses the rationale behind the use of CIS to improve the resilience of critical infrastructures and presents a design using logical replication based on virtual machinesDepartment of Informatics, University of LisbonRepositório da Universidade de LisboaBessani, Alysson NevesSousa, PauloCorreia, MiguelNeves, Nuno FerreiraVeríssimo, Paulo2009-02-10T13:12:04Z2007-042007-04-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/reportapplication/pdfhttp://hdl.handle.net/10451/14162porinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-08T15:59:48Zoai:repositorio.ul.pt:10451/14162Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T21:36:00.192805Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Intrusion-Tolerant Protection for Critical Infrastructures |
title |
Intrusion-Tolerant Protection for Critical Infrastructures |
spellingShingle |
Intrusion-Tolerant Protection for Critical Infrastructures Bessani, Alysson Neves Intrusion Tolerance Critical Infrastructures Firewall Wormholes |
title_short |
Intrusion-Tolerant Protection for Critical Infrastructures |
title_full |
Intrusion-Tolerant Protection for Critical Infrastructures |
title_fullStr |
Intrusion-Tolerant Protection for Critical Infrastructures |
title_full_unstemmed |
Intrusion-Tolerant Protection for Critical Infrastructures |
title_sort |
Intrusion-Tolerant Protection for Critical Infrastructures |
author |
Bessani, Alysson Neves |
author_facet |
Bessani, Alysson Neves Sousa, Paulo Correia, Miguel Neves, Nuno Ferreira Veríssimo, Paulo |
author_role |
author |
author2 |
Sousa, Paulo Correia, Miguel Neves, Nuno Ferreira Veríssimo, Paulo |
author2_role |
author author author author |
dc.contributor.none.fl_str_mv |
Repositório da Universidade de Lisboa |
dc.contributor.author.fl_str_mv |
Bessani, Alysson Neves Sousa, Paulo Correia, Miguel Neves, Nuno Ferreira Veríssimo, Paulo |
dc.subject.por.fl_str_mv |
Intrusion Tolerance Critical Infrastructures Firewall Wormholes |
topic |
Intrusion Tolerance Critical Infrastructures Firewall Wormholes |
description |
Today's critical infrastructures like the Power Grid are essentially physical processes controlled by computers connected by networks. They are usually as vulnerable as any other interconnected computer system, but their failure has a high socio-economic impact. The paper describes a new construct for the protection of these infrastructures, based on distributed algorithms and mechanisms implemented between a set of devices called CIS. CIS collectively ensure that incoming/outgoing traffic satisfies the security policy of an organization in the face of accidents and attacks. However, they are not simple firewalls but distributed protection devices based on a sophisticated access control model. Likewise, they seek perpetual unattended correct operation, so they are designed with intrusion-tolerant capabilities and hardened with proactive recovery. The paper discusses the rationale behind the use of CIS to improve the resilience of critical infrastructures and presents a design using logical replication based on virtual machines |
publishDate |
2007 |
dc.date.none.fl_str_mv |
2007-04 2007-04-01T00:00:00Z 2009-02-10T13:12:04Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/report |
format |
report |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10451/14162 |
url |
http://hdl.handle.net/10451/14162 |
dc.language.iso.fl_str_mv |
por |
language |
por |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
Department of Informatics, University of Lisbon |
publisher.none.fl_str_mv |
Department of Informatics, University of Lisbon |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799134258579636224 |