IDEAS home Printed from https://ideas.repec.org/a/eee/ijocip/v2y2009i4p154-169.html
   My bibliography  Save this article

PolyOrBAC: A security framework for Critical Infrastructures

Author

Listed:
  • Abou El Kalam, A.
  • Deswarte, Y.
  • Baïna, A.
  • Kaâniche, M.

Abstract

Due to physical and logical vulnerabilities, a critical infrastructure (CI) can encounter failures of various degrees of severity, and since there are many interdependencies between CIs, simple failures can have dramatic consequences on the users. In this paper, we mainly focus on malicious threats that might affect the information and communication system that controls the Critical Infrastructure, i.e., the Critical Information Infrastructure (CII). To address the security challenges that are specific of CIIs, we propose a collaborative access control framework called PolyOrBAC. This approach offers each organization taking part in the CII the capacity of collaborating with the other ones, while maintaining a control on its resources and on its internal security policy. The interactions between organizations participating in the CII are implemented through web services (WS), and for each WS a contract is signed between the service-provider organization and the service-user organization. The contract describes the WS functions and parameters, the liability of each party and the security rules controlling the interactions. At runtime, the compliance of all interactions with these security rules is checked. Every deviation from the signed contracts triggers an alarm, the concerned parties are notified and audits can be used as evidence for sanctioning the party responsible for the deviation. Our approach is illustrated by a practical scenario, based on real emergency actions in an electric power grid infrastructure, and a simulation test bed has been implemented to animate this scenario and experiment with its security issues.

Suggested Citation

  • Abou El Kalam, A. & Deswarte, Y. & Baïna, A. & Kaâniche, M., 2009. "PolyOrBAC: A security framework for Critical Infrastructures," International Journal of Critical Infrastructure Protection, Elsevier, vol. 2(4), pages 154-169.
    • Handle: RePEc:eee:ijocip:v:2:y:2009:i:4:p:154-169
    DOI: 10.1016/j.ijcip.2009.08.005
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1874548209000262
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijcip.2009.08.005?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Kjølle, G.H. & Utne, I.B. & Gjerde, O., 2012. "Risk analysis of critical infrastructures emphasizing electricity supply and interdependencies," Reliability Engineering and System Safety, Elsevier, vol. 105(C), pages 80-89.
    2. Abou el Kalam, Anas, 2021. "Securing SCADA and critical industrial systems: From needs to security mechanisms," International Journal of Critical Infrastructure Protection, Elsevier, vol. 32(C).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijocip:v:2:y:2009:i:4:p:154-169. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-critical-infrastructure-protection .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.