DIFMA: firewall distribuído com ênfase na interoperabilidade entre aplicações no contexto das redes elétricas inteligentes
Autor(a) principal: | |
---|---|
Data de Publicação: | 2017 |
Tipo de documento: | Dissertação |
Idioma: | por |
Título da fonte: | Manancial - Repositório Digital da UFSM |
Texto Completo: | http://repositorio.ufsm.br/handle/1/14716 |
Resumo: | The Electric Power System (EPS) has been improved in recent years, aiming at the implementation of Smart Grids (SG). For this, it is essential to integrate information technologies and bidirectional communication networks at equipments present in the EPS. However, when making this type of advance, EPS is exposed to new types of cyber threats and vulnerabilities. An interesting solution to ensure security in the data communication network is prevent unauthorized access. For this, a use of a firewall is essential. Through efficient rules in a firewall it is possible to control all the information traffic of a network or device. With the use of a distributed firewall, each device can implement its security policies, packet filtering and rules, not depending a centralized filtering. However, the heterogeneity of equipment and devices present in the SG data communication network presents another challenge: diferents types of firewall applications can be used in the same segment of the network. With this, it is necessary to have mechanisms to perform the disclosure of rules and application of these in each device. In these terms, this work presents a solution capable of solving these prerogatives: the DIFMA Architecture (Distributed Firewall Multiple Applications), which was developed by the author of this work. This architecture is composed of three modules: DEMON (performs the management of SG participating devices in groups), RSIN (implements an overlay network to perform the disclosure of rules that will be applied to devices) e RIMA (perform the interpretation of a rule for a determined firewall application using specific plugins. To evaluate the efficiency of the DIFMA Architecture, performance tests were performed to synchronize information in the network of overlapping and creation of generic rules to apply to the participating devices of a given group. The interpretation of these rules was performed by plugins developed for the Iptables and UFW firewall applications. Based on the results obtained during these tests, DIFMA architecture proved to be an interesting and feasible alternative to be implemented in a real scenario, since the mechanisms of disclosure and interpretation of rules show to be efficient. In this way, the risk of errors during rule generation is reduced, since the operator does not have to worry about specific syntax of each firewall application that can be used by the devices participating in a group. Therefore, the DIFMA Architecture stands out in relation to other solutions found in the literature for providing an integrated and scalable solution for implementing a distributed firewall and enabling interoperability between different firewall applications. |
id |
UFSM_b82f383217c6ca2eb582b0accf45a56f |
---|---|
oai_identifier_str |
oai:repositorio.ufsm.br:1/14716 |
network_acronym_str |
UFSM |
network_name_str |
Manancial - Repositório Digital da UFSM |
repository_id_str |
|
spelling |
DIFMA: firewall distribuído com ênfase na interoperabilidade entre aplicações no contexto das redes elétricas inteligentesDIFMA: distributed firewall with emphasis on interoperability between applications in the context of smart gridsArquitetura DIFMAFirewall distribuídoRedes elétricas inteligentesSegurança da informaçãoArchitecture DIFMADistributed firewallSmart gridsCybersecurityCNPQ::ENGENHARIAS::ENGENHARIA ELETRICAThe Electric Power System (EPS) has been improved in recent years, aiming at the implementation of Smart Grids (SG). For this, it is essential to integrate information technologies and bidirectional communication networks at equipments present in the EPS. However, when making this type of advance, EPS is exposed to new types of cyber threats and vulnerabilities. An interesting solution to ensure security in the data communication network is prevent unauthorized access. For this, a use of a firewall is essential. Through efficient rules in a firewall it is possible to control all the information traffic of a network or device. With the use of a distributed firewall, each device can implement its security policies, packet filtering and rules, not depending a centralized filtering. However, the heterogeneity of equipment and devices present in the SG data communication network presents another challenge: diferents types of firewall applications can be used in the same segment of the network. With this, it is necessary to have mechanisms to perform the disclosure of rules and application of these in each device. In these terms, this work presents a solution capable of solving these prerogatives: the DIFMA Architecture (Distributed Firewall Multiple Applications), which was developed by the author of this work. This architecture is composed of three modules: DEMON (performs the management of SG participating devices in groups), RSIN (implements an overlay network to perform the disclosure of rules that will be applied to devices) e RIMA (perform the interpretation of a rule for a determined firewall application using specific plugins. To evaluate the efficiency of the DIFMA Architecture, performance tests were performed to synchronize information in the network of overlapping and creation of generic rules to apply to the participating devices of a given group. The interpretation of these rules was performed by plugins developed for the Iptables and UFW firewall applications. Based on the results obtained during these tests, DIFMA architecture proved to be an interesting and feasible alternative to be implemented in a real scenario, since the mechanisms of disclosure and interpretation of rules show to be efficient. In this way, the risk of errors during rule generation is reduced, since the operator does not have to worry about specific syntax of each firewall application that can be used by the devices participating in a group. Therefore, the DIFMA Architecture stands out in relation to other solutions found in the literature for providing an integrated and scalable solution for implementing a distributed firewall and enabling interoperability between different firewall applications.Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - CAPESO Sistema Elétrico de Potência (SEP), vem sendo aprimorado nos últimos anos, visando a implementação das Redes Elétricas Inteligentes (REI). Para isso, é essencial integrar tecnologias da informação e redes de comunicação bidirecionais aos equipamentos presentes no SEP. Entretanto, ao realizar esse tipo de avanço, expõe-se o SEP a novos tipos de ameaças cibernéticas e vulnerabilidades. Uma solução interessante para garantir a segurança em uma rede de comunicação de dados é impedir acessos não autorizados. Para isso, a utilização de um firewall é essencial. Através de regras eficientes em um firewall é possível controlar todo o tráfego de informação de uma rede ou dispositivo. Com a utilização de um firewall distribuído, cada dispositivo pode implementar suas próprias políticas de segurança, filtragem de pacotes e regras, não dependendo de uma filtragem centralizada. Entretanto, a heterogeneidade de equipamentos e dispositivos presentes na rede de comunicação de dados para REI apresenta um outro desafio: podem ser utilizados tipos de aplicações de firewall em um mesmo segmento da rede. Com isso, é necessário ter mecanismos para realizar a divulgação de regras e aplicação dessas em cada dispositivo. Nesses termos, o presente trabalho apresenta uma solução capaz de resolver essas prerrogativas: a Arquitetura DIFMA (Distributed Firewall Multiple Applications), a qual foi desenvolvida pelo autor desse trabalho. Essa arquitetura é composta por três módulos: DEMON (realiza o gerenciamento de dispositivos participantes da REI em grupos), RSIN (implementa uma rede de sobreposição para realizar a divulgação de regras que serão aplicadas nos dispositivos) e RIMA (realiza a interpretação de uma regra para uma determinada aplicação de firewall por meio da utilização de plugins específicos). Para avaliar a eficiência da Arquitetura DIFMA foram realizados testes de performance para sincronizar uma informação na rede de sobreposição e de criação de regras genéricas para aplicar nos dispositivos participantes de um determinado grupo. A interpretação dessa regras foi realizada por plugins desenvolvidos para as aplicações de firewall Iptables e UFW. Com base nos resultados obtidos durante esses testes, a Arquitetura DIFMA mostrou ser uma alternativa interessante e viável de ser implementada em um cenário real, visto que, os mecanismos de divulgação e interpretação de regras mostraramse eficientes. Dessa forma, o risco de erros durante a geração da regra é reduzido, visto que, o operador não precisa preocupar-se com sintaxes específicas de cada aplicação de firewall que possa ser utilizada pelos dispositivos participantes de um grupo. Portanto, a Arquitetura DIFMA se destaca em relação a outras soluções encontradas na literatura por proporcionar uma solução integrada e escalável para a implementação de um firewall distribuído e possibilitando a interoperabilidade entre diferentes aplicações de firewall.Universidade Federal de Santa MariaBrasilEngenharia ElétricaUFSMPrograma de Pós-Graduação em Engenharia ElétricaCentro de TecnologiaCanha, Luciane Neveshttp://lattes.cnpq.br/6991878627141193Pereira, Paulo Ricardo da Silvahttp://lattes.cnpq.br/1997755245309923Milbradt, Rafael Gresslerhttp://lattes.cnpq.br/5497528376748724Rodrigues, Alexandre Silva2018-10-31T18:28:52Z2018-10-31T18:28:52Z2017-08-16info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://repositorio.ufsm.br/handle/1/14716porAttribution-NonCommercial-NoDerivatives 4.0 Internationalhttp://creativecommons.org/licenses/by-nc-nd/4.0/info:eu-repo/semantics/openAccessreponame:Manancial - Repositório Digital da UFSMinstname:Universidade Federal de Santa Maria (UFSM)instacron:UFSM2018-11-01T06:01:12Zoai:repositorio.ufsm.br:1/14716Biblioteca Digital de Teses e Dissertaçõeshttps://repositorio.ufsm.br/ONGhttps://repositorio.ufsm.br/oai/requestatendimento.sib@ufsm.br||tedebc@gmail.comopendoar:2018-11-01T06:01:12Manancial - Repositório Digital da UFSM - Universidade Federal de Santa Maria (UFSM)false |
dc.title.none.fl_str_mv |
DIFMA: firewall distribuído com ênfase na interoperabilidade entre aplicações no contexto das redes elétricas inteligentes DIFMA: distributed firewall with emphasis on interoperability between applications in the context of smart grids |
title |
DIFMA: firewall distribuído com ênfase na interoperabilidade entre aplicações no contexto das redes elétricas inteligentes |
spellingShingle |
DIFMA: firewall distribuído com ênfase na interoperabilidade entre aplicações no contexto das redes elétricas inteligentes Rodrigues, Alexandre Silva Arquitetura DIFMA Firewall distribuído Redes elétricas inteligentes Segurança da informação Architecture DIFMA Distributed firewall Smart grids Cybersecurity CNPQ::ENGENHARIAS::ENGENHARIA ELETRICA |
title_short |
DIFMA: firewall distribuído com ênfase na interoperabilidade entre aplicações no contexto das redes elétricas inteligentes |
title_full |
DIFMA: firewall distribuído com ênfase na interoperabilidade entre aplicações no contexto das redes elétricas inteligentes |
title_fullStr |
DIFMA: firewall distribuído com ênfase na interoperabilidade entre aplicações no contexto das redes elétricas inteligentes |
title_full_unstemmed |
DIFMA: firewall distribuído com ênfase na interoperabilidade entre aplicações no contexto das redes elétricas inteligentes |
title_sort |
DIFMA: firewall distribuído com ênfase na interoperabilidade entre aplicações no contexto das redes elétricas inteligentes |
author |
Rodrigues, Alexandre Silva |
author_facet |
Rodrigues, Alexandre Silva |
author_role |
author |
dc.contributor.none.fl_str_mv |
Canha, Luciane Neves http://lattes.cnpq.br/6991878627141193 Pereira, Paulo Ricardo da Silva http://lattes.cnpq.br/1997755245309923 Milbradt, Rafael Gressler http://lattes.cnpq.br/5497528376748724 |
dc.contributor.author.fl_str_mv |
Rodrigues, Alexandre Silva |
dc.subject.por.fl_str_mv |
Arquitetura DIFMA Firewall distribuído Redes elétricas inteligentes Segurança da informação Architecture DIFMA Distributed firewall Smart grids Cybersecurity CNPQ::ENGENHARIAS::ENGENHARIA ELETRICA |
topic |
Arquitetura DIFMA Firewall distribuído Redes elétricas inteligentes Segurança da informação Architecture DIFMA Distributed firewall Smart grids Cybersecurity CNPQ::ENGENHARIAS::ENGENHARIA ELETRICA |
description |
The Electric Power System (EPS) has been improved in recent years, aiming at the implementation of Smart Grids (SG). For this, it is essential to integrate information technologies and bidirectional communication networks at equipments present in the EPS. However, when making this type of advance, EPS is exposed to new types of cyber threats and vulnerabilities. An interesting solution to ensure security in the data communication network is prevent unauthorized access. For this, a use of a firewall is essential. Through efficient rules in a firewall it is possible to control all the information traffic of a network or device. With the use of a distributed firewall, each device can implement its security policies, packet filtering and rules, not depending a centralized filtering. However, the heterogeneity of equipment and devices present in the SG data communication network presents another challenge: diferents types of firewall applications can be used in the same segment of the network. With this, it is necessary to have mechanisms to perform the disclosure of rules and application of these in each device. In these terms, this work presents a solution capable of solving these prerogatives: the DIFMA Architecture (Distributed Firewall Multiple Applications), which was developed by the author of this work. This architecture is composed of three modules: DEMON (performs the management of SG participating devices in groups), RSIN (implements an overlay network to perform the disclosure of rules that will be applied to devices) e RIMA (perform the interpretation of a rule for a determined firewall application using specific plugins. To evaluate the efficiency of the DIFMA Architecture, performance tests were performed to synchronize information in the network of overlapping and creation of generic rules to apply to the participating devices of a given group. The interpretation of these rules was performed by plugins developed for the Iptables and UFW firewall applications. Based on the results obtained during these tests, DIFMA architecture proved to be an interesting and feasible alternative to be implemented in a real scenario, since the mechanisms of disclosure and interpretation of rules show to be efficient. In this way, the risk of errors during rule generation is reduced, since the operator does not have to worry about specific syntax of each firewall application that can be used by the devices participating in a group. Therefore, the DIFMA Architecture stands out in relation to other solutions found in the literature for providing an integrated and scalable solution for implementing a distributed firewall and enabling interoperability between different firewall applications. |
publishDate |
2017 |
dc.date.none.fl_str_mv |
2017-08-16 2018-10-31T18:28:52Z 2018-10-31T18:28:52Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://repositorio.ufsm.br/handle/1/14716 |
url |
http://repositorio.ufsm.br/handle/1/14716 |
dc.language.iso.fl_str_mv |
por |
language |
por |
dc.rights.driver.fl_str_mv |
Attribution-NonCommercial-NoDerivatives 4.0 International http://creativecommons.org/licenses/by-nc-nd/4.0/ info:eu-repo/semantics/openAccess |
rights_invalid_str_mv |
Attribution-NonCommercial-NoDerivatives 4.0 International http://creativecommons.org/licenses/by-nc-nd/4.0/ |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
Universidade Federal de Santa Maria Brasil Engenharia Elétrica UFSM Programa de Pós-Graduação em Engenharia Elétrica Centro de Tecnologia |
publisher.none.fl_str_mv |
Universidade Federal de Santa Maria Brasil Engenharia Elétrica UFSM Programa de Pós-Graduação em Engenharia Elétrica Centro de Tecnologia |
dc.source.none.fl_str_mv |
reponame:Manancial - Repositório Digital da UFSM instname:Universidade Federal de Santa Maria (UFSM) instacron:UFSM |
instname_str |
Universidade Federal de Santa Maria (UFSM) |
instacron_str |
UFSM |
institution |
UFSM |
reponame_str |
Manancial - Repositório Digital da UFSM |
collection |
Manancial - Repositório Digital da UFSM |
repository.name.fl_str_mv |
Manancial - Repositório Digital da UFSM - Universidade Federal de Santa Maria (UFSM) |
repository.mail.fl_str_mv |
atendimento.sib@ufsm.br||tedebc@gmail.com |
_version_ |
1805922014945345536 |