Padmalochan Bera

A Noninvasive Threat Analyzer for Advanced Metering Infrastructure in Smart Grid

Advanced Metering Infrastructure (AMI) is the core component in a smart grid that exhibits a highly complex network configuration. AMI comprises heterogeneous cyber-physical components, which are interconnected through different communication media, protocols, and security measures. They are operated using different data delivery modes and security policies. The inherent complexity and heterogeneity in AMI significantly increases the potential of security threats due to misconfiguration or absence of defense, which may cause devastating damage to AMI. Therefore, there is a need for creating a formal model that can represent the global behavior of AMI configuration in order to verify the potential threats. In this paper, we present SmartAnalyzer, a security analysis tool, which offers manifold contributions: (i) formal modeling of AMI configuration that includes device configurations, topology, communication properties, interactions among the devices, data flows, and security properties; (ii) formal modeling of AMI invariants and user-driven constraints based on the interdependencies among AMI device configurations, security properties, and security control guidelines; (iii) verifying the AMI configurations compliance with security constraints using a Satisfiability Modulo Theory (SMT) solver; (iv) reporting of potential security threats based on constraint violations, (v) analyzing the impact of potential threats on the system; and (vi) systematic diagnosing of SMT unsatisfiable traces and providing necessary remediation plans. The accuracy and scalability of the tool are evaluated on an AMI testbed and various synthetic test networks.

Policy Based Security Analysis in Enterprise Networks: A Formal Approach

In a typical enterprise network, there are several sub-networks or network zones corresponding to different departments or sections of the organization. These zones are interconnected through set of Layer-3 network devices (or routers). The service accesses within the zones and also with the external network (e.g., Internet) are usually governed by a enterprise-wide security policy. This policy is implemented through appropriate set of access control lists (ACL rules) distributed across various network interfaces of the enterprise network. Such networks faces two major security challenges, (i) conflict free representation of the security policy, and (ii) correct implementation of the policy through distributed ACL rules. This work presents a formal verification framework to analyze the security implementations in an enterprise network with respect to the organizational security policy. It generates conflict-free policy model from the enterprise-wide security policy and then formally verifies the distributed ACL implementations with respect to the conflict-free policy model. The complexity in the verification process arises from extensive use of temporal service access rules and presence of hidden service access paths in the networks. The proposed framework incorporates formal modeling of conflict-free policy specification and distributed ACL implementation in the network and finally deploys Boolean satisfiability (SAT) based verification procedure to check the conformation between the policy and implementation models.

SmartAnalyzer: A noninvasive security threat analyzer for AMI smart grid

The Advanced Metering Infrastructure (AMI) is the core component in smart grid that exhibits highly complex network configurations comprising of heterogeneous cyber-physical components. These components are interconnected through different communication media, protocols, and secure tunnels, and they are operated using different data delivery modes and security policies. The inherent complexity and heterogeneity in AMI significantly increase the potential of security threats due to misconfiguration or absence of defense, which may cause devastating damage to AMI. Therefore, there is a need of creating a formal model that can represent the global behavior of AMI configuration in order to verify the potential threats. In this paper, we present SmartAnalyzer, a formal security analysis tool, which offers manifold contributions: (i) formal modeling of AMI configuration including device configurations, topology, communication properties, interactions between the devices, data flows, and security properties; (ii) formal modeling of AMI invariant and user-driven constraints based on the interdependencies between AMI device configurations, security properties, and security control guidelines; (iii) verifying the AMI configurations compliances with security constraints using Satisfiability Modulo Theory (SMT) solver; (iv) generating a comprehensive security threat report with possible remediation plan based on the verification results. The accuracy, scalability, and usability of the tool are evaluated on real smart grid environment and synthetic test networks.

Integrated security analysis framework for an enterprise network - a formal approach

In a typical enterprise network, correct implementation of security policies is becoming increasingly difficult owing to complex security constraints and dynamic changes in network topology. Usually, the network security policy is defined as the collection of service access rules between various network zones. The specification of the security policy is often incomplete since all possible service access paths may not be explicitly covered. This policy is implemented in the network interfaces in a distributed fashion through sets of access control (ACL) rules. Formally verifying whether the distributed ACL implementation conforms to the security policy is a major requirement. The complexity of the problem is compounded as some combination of network services may lead to inconsistent hidden access paths. Further, failure of network link(s) may result in the formation of alternative routing paths and thus the existing security implementation may defy the policy. In this study, an integrated formal verification and fault analysis framework has been proposed which derives a correct ACL implementation with respect to given policy specification and also ensures that the implementation is fault tolerant to certain number of link failures. The verification incorporates boolean modelling of the security policies and ACL implementations and then formulates a satisfiability checking problem.

An access control framework for semi-infrastructured Ad hoc networks

A semi-infrastructured ad hoc network is a wireless MANET subnetwork connected to a structured backbone network (LAN). This kind of network is becoming popular for low cost implementation and practicability issues. But the security is being considered as the major bottleneck of such semi-infrastructured Ad Hoc network. Uncontrolled access medium, dynamically changing topology, mobility of the hosts in the Ad Hoc mode challenges the security issues if the overall organizational network. In this paper a framework has been proposed to enforce Access Control Policy over such network. Both reactive and proactive routing is considered to implement the access control mechanism. The basis of the framework lies on distributed enforcement of the global access policy through different Policy Enforcing Nodes (PEN). The backbone network contains the Global Policy Management Server (GPMS) and Authentication Server. PENs after being selected and authorized by the GPMS take the responsibility to distribute the Access Control Rules to different Ad Hoc nodes. We have considered an underlying trust model is already implemented over the Ad Hoc network and the nodes are capable to handle symmetric key encryption for Message Authentication. The recent advancement of the research in MANET con rms the assumptions are valid.

A Spatio-Temporal Role-Based Access Control Model for Wireless LAN Security Policy Management

The widespread proliferation of wireless networks (WLAN) has opened up new paradigms of security policy management in enterprise networks. To enforce the organizational security policies in wireless local area networks (WLANs), it is required to protect the network resources from unauthorized access. In WLAN security policy management, the standard IP based access control mechanisms are not sufficient to meet the organizational requirements due to its dynamic topology characteristics. In such dynamic network environments, the role-based access control (RBAC) mechanisms can be deployed to strengthen the security perimeter over the network resources. Further, there is a need to incorporate time and location dependent constraints in the access control models. In this paper, we propose a WLAN security management system which supports a spatio-temporal RBAC (STRBAC) model. The system stems from logical partitioning of the WLAN topology into various security policy zones. It includes a Global Policy Server (GPS) that formalizes the organizational access policies and determines the high level policy configurations for different policy zones; a Central Authentication & Role Server (CARS) which authenticates the users (or nodes) and the access points (AP) in various zones and also assigns appropriate roles to the users. Each policy zone consists of an Wireless Policy Zone Controller (WPZCon) that co-ordinates with a dedicated Local Role Server (LRS) to extract the low level access configurations corresponding to the zone access points. We also propose a formal spatio-temporal RBAC (STRBAC) model to represent the security policies formally.

A Verification framework for Analyzing Security Implementations in an Enterprise LAN

In a typical local area network (LAN), the global security policies, often defined in abstract form, are implemented through a set of access control rules (ACL) placed in a distributed fashion to the access switches of its sub-networks. Proper Enforcement of the global security policies of the network demands well-defined policy specification as a whole as well as correct implementation of the policies in various interfaces. But, ensuring correctness of the implementation manually is hard due to the complex security policies and presence of hidden access paths in the network. This paper presents a formal verification framework to verify the security implementations in a LAN with respect to a defined security policy. The proposed framework stems from formal models of network security policy specifications, device-specific security implementations, and deploys verification supported by SAT based procedures. The novelty of the work lies in the analysis of the hidden access paths, which plays a significant role in correct security implementations.

VM migration auction: Business oriented federation of cloud providers for scaling of application services

One of the key indicators of leveraging Cloud Computing is the penetration of e-business among Cloud Service Providers(CSP). The cloud computing applications are being developed across various domains to enable easy and efficient access to the data and services remotely. There is a potential for CSPs in applying e-business technologies, especially in the migration process between virtual machines (VM) running in different hosts. It is to enable efficient computing, resource sharing and to provide a real time response. There is a need to integrate an auction (bidding) in the VM migration process by applying new business models in the cloud computing marketplace to ensure competitiveness among CSPs. This paper describes an effort to establish a novel bidding process for the VM migration process in Cloud environment for e-business. The Internet-based auction process has been developed by considering English and Dutch auction. Various components for VM auction (actors, relations, VM, and business model) are presented. The suitable architecture in the VM auction service and the required tools are described. The IDEF0 model has been used for the central functionality of the broker service. In this proposed approach, the objective is to make independent CSPs function in a co-operative manner to provide uninterrupted service to the users on their interest and preference.

A mobile IP based WLAN security management framework with reconfigurable hardware acceleration

The increasing use of wireless technologies in enterprise networks demands strong security management and policy enforcement mechanisms. The conventional security management frameworks used in wired LAN do not suit in wireless domain due to dynamic topology and mobility of hosts. The enforcement of organizational security policies in wireless LAN requires appropriate access control models as well as correct distribution of access control rules in the network access points. In this paper, we propose a WLAN security management framework supported by a spatio-temporal RBAC (STRBAC) model. The concept of mobile IP has been used to ensure a fixed layer 3 address of a mobile host. Each wireless policy zone consists of a Policy Zone Controller that coordinates with a dedicated Local Role Server to extract the low level access configurations corresponding to the zone access routers. The system can be mapped into a reconfigurable hardware to exploit the parallelism in computing. We also propose a formal STRBAC model to represent the global security policies formally and a SAT based decision procedure to verify the access configurations

Fault Analysis of Security Policy Implementations in Enterprise Networks

The configuration and management of security policies in enterprise networks becoming hard due to complex policy constraints of the organizations and dynamic changes in the network topologies. Typically, the organizational security policy is defined as a collection of rules for allowing/denying service accesses between various network zones. Implementation of the policy is realized in a distributed fashion through appropriate sets of access control rules (ACL) in the interface switches (Layer-3 routers) of the network. The verification of the ACL implementations with respect to the security policy is a major technical challenge to the network administrators. This is due to organizational complex security needs and presence of inconsistent hidden service access paths in the network which may in turn violate one or more policy rules implicitly. The problem becomes more complex due to changes in network topologies. In any point of time, the failure of the network interfaces (links) may change the network topology as a result alternative routing paths can be formed. Hence, the existing security implementation (distribution of ACL rules) may not conform to the policy. In this paper, a Fault Analysis module has been proposed over a formal verification framework which as a whole can derive a correct ACL implementation with respect to a given policy specification and can ensure that the correct implementation is fault tolerant to certain number of link failures. The basis of the fault analysis module is representing the network topology and the existing ACL implementation as a graph based network access model.