Volume 14, Issue 4 (3-2018)                   JSDP 2018, 14(4): 3-18 | Back to browse issues page

XML Persian Abstract Print

Download citation:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:

Mahmoudi Nasr P, Yazdian Varjani A. An Access Management System to Mitigate Operational Threats in SCADA System. JSDP. 2018; 14 (4) :3-18
URL: http://jsdp.rcisp.ac.ir/article-1-440-en.html
Abstract:   (1501 Views)

One of the most dangerous insider threats in a supervisory control and data acquisition (SCADA) system is the operational threat. An operational threat occurs when an authorized operator misuses the permissions, and brings catastrophic damages by sending legitimate control commands. Providing too many permissions may backfire, when an operator wrongly or deliberately abuses the privileges. Therefore, an access management system is required to provide necessary permissions and prevent malicious usage.  An operational threat on a critical infrastructure has the potential to cause large financial losses and irreparable damages at the national level. In this paper, we propose a new alarm-trust based access management system reducing the potential of operational threats in SCADA system.  In the proposed system, the accessibility of a remote substation will be determined based on the operator trust and the criticality level of the substation. The trust value of the operator is calculated using the performance of the operator, periodically or in emergencies, when an anomaly is detected. The criticality level of the substation is computed using its properties. Our system is able to detect anomalies that may result from the operational threats. The simulation results in the SCADA power system of Iran show effectiveness of our system.

Full-Text [PDF 5694 kb]   (429 Downloads)    
Type of Study: Research | Subject: Paper
Received: 2015/10/12 | Accepted: 2017/10/25 | Published: 2018/03/13 | ePublished: 2018/03/13

1. [1] D. Kushner, "The real story of stuxnet," ieee Spectrum, vol. 50, pp. 48-53, 2013. [DOI:10.1109/MSPEC.2013.6471059]
2. [2] Matthew L. Collins, Michael C. Theis, Randall F. Trzeciak, Jeremy R. Strozer, Jason W. Clark, Daniel L. Costa, et al., "Common sense guide to mitigating insider threats 5th edition," CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST, 2016.
3. [3] N. Baracaldo and J. Joshi, "An adaptive risk management and access control framework to mitigate insider threats," Computers & Security, vol. 39, pp. 237-254, 2013. [DOI:10.1016/j.cose.2013.08.001]
4. [4] P. Legg, N. Moffat, J. R. Nurse, J. Happa, I. Agrafiotis, M. Goldsmith, et al., "Towards a conceptual model and reasoning structure for insider threat detection," Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, vol. 4, pp. 20-37, 2013.
5. [5] H. Shey, K. Mak, S. Balaouras, and B. Luu, "Understand the state of data security and privacy: 2015 to 2016," Forrester Research Inc, vol. 1, 2013.
6. [6] N. Baracaldo, B. Palanisamy, and J. Joshi, "G-SIR: An Insider Attack Resilient Geo-Social Access Control Framework," IEEE Transactions on Dependable and Secure Computing, 2017. [DOI:10.1109/TDSC.2017.2654438]
7. [7] M. Warkentin, A. C. Johnston, J. Shropshire, and W. D. Barnett, "Continuance of protective security behavior: A longitudinal study," Decision Support Systems, vol. 92, pp. 25-35, 2016. [DOI:10.1016/j.dss.2016.09.013]
8. [8] M. Asgarkhani and E. Sitnikova, "A strategic approach to managing security in SCADA systems," in Proceedings of the 13th European Conference on Cyber warefare and Security, 2014, pp. 23-32.
9. [9] A. Nicholson, S. Webber, S. Dyer, T. Patel, and H. Janicke, "SCADA security in the light of Cyber-Warfare," Computers & Security, vol. 31, pp. 418-436, 2012. [DOI:10.1016/j.cose.2012.02.009]
10. [10] H. Bao, R. Lu, B. Li, and R. Deng, "BLITHE: Behavior rule-based insider threat detection for smart grid," IEEE Internet of Things Journal, vol. 3, pp. 190-205, 2016. [DOI:10.1109/JIOT.2015.2459049]
11. [11] S. Board, "Pipeline Accident Report," 2010.
12. [12] D. Hadžiosmanović, D. Bolzoni, and P. H. Hartel, "A log mining approach for process monitoring in SCADA," International Journal of Information Security, pp. 1-21, 2012. [DOI:10.1007/s10207-012-0163-8]
13. [13] T. Sasaki, "A Framework for Detecting Insider Threats using Psychological Triggers," JoWUA, vol. 3, pp. 99-119, 2012.
14. [14] M.-K. Yoon and G. F. Ciocarlie, "Communication pattern monitoring: Improving the utility of anomaly detection for industrial control systems," in NDSS Workshop on Security of Emerging Networking Technologies, 2014. [DOI:10.14722/sent.2014.23012]
15. [15] I. Garitano, R. Uribeetxeberria, and U. Zurutuza, "A review of SCADA anomaly detection systems," in Soft Computing Models in Industrial and Environmental Applications, 6th International Conference SOCO 2011, 2011, pp. 357-366. [DOI:10.1007/978-3-642-19644-7_38]
16. [16] M. Bishop, H. M. Conboy, H. Phan, B. I. Simidchieva, G. S. Avrunin, L. A. Clarke, et al., "Insider threat identification by process analysis," in Security and Privacy Workshops (SPW), 2014 IEEE, 2014, pp. 251-264.
17. [17] D. Hadžiosmanović, R. Sommer, E. Zambon, and P. H. Hartel, "Through the eye of the PLC: semantic security monitoring for industrial processes," in Proceedings of the 30th Annual Computer Security Applications Conference, 2014, pp. 126-135. [DOI:10.1145/2664243.2664277]
18. [18] N. Baracaldo and J. Joshi, "Beyond accountability: using obligations to reduce risk exposure and deter insider attacks," in Proceedings of the 18th ACM symposium on Access control models and technologies, 2013, pp. 213-224. [DOI:10.1145/2462410.2462411]
19. [19] J.-H. Cho, A. Swami, and R. Chen, "A survey on trust management for mobile ad hoc networks," IEEE Communications Surveys & Tutorials, vol. 13, pp. 562-583, 2011. [DOI:10.1109/SURV.2011.092110.00088]
20. [20] S.-P. Hong, G.-J. Ahn, and W. Xu, "Access control management for SCADA systems," IEICE TRANSACTIONS on Information and Systems, vol. 91, pp. 2449-2457, 2008. [DOI:10.1093/ietisy/e91-d.10.2449]
21. [21] O. Rysavy, J. Rab, P. Halfar, and M. Sveda, "A formal authorization framework for networked SCADA systems," in Engineering of Computer Based Systems (ECBS), 2012 IEEE 19th International Conference and Workshops on, 2012, pp. 298-302. [DOI:10.1109/ECBS.2012.4]
22. [22](NRI), "Substation Automation Systems standard (Transmission and Subtransmission Substations)," Ministry of Energy of Iran, 2008.
23. [23] B. Zhu, A. Joseph, and S. Sastry, "A taxonomy of cyber attacks on SCADA systems," in Internet of things (iThings/CPSCom), 2011 international conference on and 4th international conference on cyber, physical and social computing, 2011, pp. 380-388. [DOI:10.1109/iThings/CPSCom.2011.34]
24. [24] J. Lopez, C. Alcaraz, and R. Roman, "Smart control of operational threats in control substations," Computers & Security, vol. 38, pp. 14-27, 2013. [DOI:10.1016/j.cose.2013.03.013]
25. [25] A. M. L. da Silva, A. Violin, C. Ferreira, and Z. S. Machado, "Probabilistic evaluation of substation criticality based on static and dynamic system performances," IEEE Transactions on Power Systems, vol. 29, pp. 1410-1418, 2014. [DOI:10.1109/TPWRS.2013.2293626]
26. [26] D. C. Montgomery, Introduction to statistical quality control: John Wiley & Sons (New York), 2009.
27. [27] I. IEC, "62682 Management of Alarm Systems for the Process Industries," ed: Geneva: IEC, 2014.
28. [28] N. Mayadevi, S. Ushakumari, and S. Vinodchandra, "SCADA-based operator support system for power plant equipment fault forecasting," Journal of the Institution of Engineers (India): Series B, vol. 4, pp. 369-376, 2014.
29. [29] J. Zhao, Y. Xu, F. Luo, Z. Dong, and Y. Peng, "Power system fault diagnosis based on history driven differential evolution and stochastic time domain simulation," Information Sciences, vol. 275, pp. 13-29, 2014. [DOI:10.1016/j.ins.2014.02.039]
30. [30] T. M. U. SPAMLAB. (2017). SPAMLAB. Available: https://www.irancert.ir

Add your comments about this article : Your username or Email:

Send email to the article author

© 2015 All Rights Reserved | Signal and Data Processing