Filipe Caldeira

Design and implementation of a mediation system enabling secure communication among Critical Infrastructures

Abstract Nowadays, the increase of interdependencies among different Critical Infrastructures (CI) makes it more and more difficult to protect without using a systemic approach that considers a single infrastructure as part of a complex system of infrastructures. A strong collaboration among CI owners is required to avoid, or at least to limit the propagation of failures from one infrastructure to another and to put CI in safety mode. The key element enabling this required cooperation is the possibility for them to exchange relevant information related to the status of their infrastructures and to the services provided. In this paper, we present a middleware solution that allows CIs sharing real-time information, enabling the design and implementation of fault mitigation strategies and mechanisms to prevent the cascading phenomena generated by the failure propagation from one infrastructure to another.

Trust and reputation management for critical infrastructure protection

Todays critical communication technologies (ICTs) to deliver their services with the required level of quality and availability. ICT security plays a major role in CI protection and risk prevention for single and also for interconnected CIs were cascading effects might occur because of the interdependencies that exist among different CIs. This work addresses the problem of ICT security in interconnected CIs. Trust and reputation management using the policy-based management paradigm is the proposed solution to be applied at the CI interconnection points for information exchange. The proposed solution is being applied to the Security Mediation Gateway being developed in the scope of the European FP7 MICIE project, to allow information exchange among interconnected CIs.

Trust and reputation for information exchange in critical infrastructures

Todays Critical Infrastructures (CI) are highly interdependent in order to deliver their services with the required level of quality and availability. Information exchange among interdependent CI plays a major role in CI protection and risk prevention for interconnected CI were cascading effects might occur because of their interdependencies. This paper addresses the problem of the quality of information exchanged among interconnected CI and also the quality of the relationship in terms of trust and security. The use of trust and reputation indicators associated with the information exchange is the proposed solution. n nThe proposed solution is being applied to information exchange among interconnected CI in scope of the European FP7 MICIE project, in order to improve information accuracy and to protect each CI from using inconsistent and non trustable information about critical events.

Trust based interdependency weighting for on-line risk monitoring in interdependent critical infrastructures

Critical infrastructure (CI) services are constantly consumed by the society and are expected to be available 24 hours a day. A common definition states that CIs are so vital to our society that a disruption or destruction would have a severe impact on the social well-being and the economy nationally and internationally. CI sectors include, amongst others, the electricity, telecommunication, air traffic and transport sectors. CIs can be mutually dependent on each other and a failure in one CI can cascade to another dependent or interdependent CI to cause service disruptions. Methods to better assess and monitor CIs and their dependencies in order to predict possible risks have to be developed. Information about the current risk in a service provided by a CI can contribute not only to increase CI security, but also to increase the confidence of consumers and CIs that depend on this service. In this paper, a previous work on CI security modelling is extended. A trust based component is added to the security model as a means to improve its accuracy and its resilience to inconsistent information provided by dependent CIs allowing to evaluate the correctness of information received from those dependencies.

Assurance and trust indicators to evaluate accuracy of on-line risk in critical infrastructures

Critical infrastructure (CI) services are consumed by the society constantly and we expect them to be available 24 hours a day. A common definition is that CIs are so vital to our society that a disruption or destruction would have a severe impact on the social well-being and the economy on national and international levels.

A policy-based approach to firewall management

This paper describes a policy-based approach to firewall management. The Policy-Based Networking (PBN) architecture proposed by the Policy Framework Group of IETF is analysed, together with the communication protocols, policy specification languages, and the necessary information models. The paper continues with a description of an application of the PBN architecture to firewall management. The proposed architecture is presented and its implementation issues are analysed with some usage examples. The paper concludes with the evaluation of the policy-based approach to firewall management.

NoSQL Scalability Performance Evaluation over Cassandra

The implementation of Smart-Cities is growing all over the world. From big cities to small villages, information able to provide a better and efficient urban management is collected from multiple sources (sensors). Such information has to be stored, queried, analyzed and displayed, aiming to contribute to a better quality of life for citizens and also a more sustainable environment. In this context it is important to choose the right database engine for this scenario. NoSQL databases are now generally accepted by the database community to support application niches. They are known for their scalability, simplicity, and key-indexed data storage, thus, allowing an easy data distribution and balancing over several nodes.

Policy-based networking: applications to firewall management

This paper describes a policy-based approach to firewall management. The Policy-Based Networking (pbn) architecture proposed by the Policy Framework Group of Internet Engineering Task Force (ietf) is analysed, together with the communication protocols, policy specification languages, and the necessary information models.An overview of policy specification languages applicability topbn architecture is presented paying particular attention to the specification of security policies through Security Policy Specification Language (spsl).The Common Open Policy Service protocol (cops) and its variant,cops for Policy provisioning (cops-pr), both used for the transport of policy information, are also presented.The paper continues with a description of an application of thepbn architecture to firewall management. The proposed architecture is presented and its implementation issues are analysed with some usage examples. The paper concludes with the evaluation of the policy-based approach to firewall management.RésuméCet article décrit une méthode de gestion de pare-feux à partir de mise en œuvre de règles. On analyse d’abord l’architecture de réseautique à base de règles (pbn) proposée par le groupe « Policy Framework » de l’ietf qui comporte des protocoles de communication, des langages de spécification de politique et la modélisation de l’information nécessaire. On présente ensuite un état de l’art de l’application des langages de spécification de règles à l’architecturepbn en détaillant particulièrement la spécification des règles de sécurité avec le langagespsl. Le protocolecops et sa variantecops-pr utilisés pour transporter l’information sur les règles sont également présentés. La dernière partie de l’article est consacrée à l’application de l’architecturepbn à la gestion de pare-feux. L’architecture proposée est alors analysée au travers de quelques exemples. L’article se conclut en évaluant l’approche à base de règles dans la gestion des pare-feux.