Skip to main content
SpringerLink
Log in

The CRUTIAL Architecture for Critical Information Infrastructures

  • Chapter
Architecting Dependable Systems V

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 5135))

Abstract

In this chapter we discuss the susceptibility of critical information infrastructures to computer-borne attacks and faults, mainly due to their largely computerized nature, and to the pervasive interconnection of systems all over the world. We discuss how to overcome these problems and achieve resilience of critical information infrastructures, through adequate architectural constructs. The architecture we propose is generic and may come to be useful as a reference for modern critical information infrastructures. We discuss four main aspects: trusted components which induce prevention; middleware devices that achieve runtime automatic tolerance and protection; trustworthiness monitoring mechanisms detecting and adapting to non-predicted situations; organization-level security policies and access control models capable of securing global information flows.

This work was mainly supported by the EC, through project IST-FP6-STREP 027513 (CRUTIAL) and NoE IST-4-026764-NOE (ReSIST), by the FCT through the Large-Scale Informatic Systems Laboratory (LaSIGE) and the CMU-Portugal partnership.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bessani, A.N., Sousa, P., Correia, M., Neves, N.F., Verissimo, P.: Intrusion-tolerant protection for critical infrastructures. DI/FCUL TR 07–8, Department of Informatics, University of Lisbon (April 2007)

    Google Scholar 

  2. Bondavalli, A., Chiaradonna, S., Cotroneo, D., Romano, L.: Effective fault treatment for improving the dependability of COTS- and legacy-based applications. IEEE Transactions on Dependable and Secure Computing 11(4), 223–237 (2004)

    Article  Google Scholar 

  3. Bondavalli, A., Chiaradonna, S., Di Giandomenico, F., Grandoni, F.: Threshold-based mechanisms to discriminate transient from intermittent faults. IEEE Transactions on Computers 49(3), 230–245 (2000)

    Article  Google Scholar 

  4. Byres, E., Karsch, J., Carter, J.: NISCC good practice guide on firewall deployment for SCADA and process control networks. Technical report, NISCC, Revision 1.4 (February 2005)

    Google Scholar 

  5. North American Electric Reliability Council. Urgent action standard 1200 (2003)

    Google Scholar 

  6. Daidone, A., Di Giandomenico, F., Bondavalli, A., Chiaradonna, S.: Hidden Markov models as a support for diagnosis: Formalization of the problem and synthesis of the solution. In: 25th IEEE Symposium on Reliable Distributed Systems (SRDS 2006), pp. 245–256 (October 2006)

    Google Scholar 

  7. Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: A proposed standard for role-based access control. ACM Transactions on Information and System Security 4(3) (2001)

    Google Scholar 

  8. Gong, L., Lincoln, P., Rushby, J.: Byzantine agreement with authentication: Observations and applications in tolerating hybrid and link faults. Dependable Computing for Critical Applications, IFIP WG 10.4, preliminary proceedings 5, 79–90 (1995)

    Google Scholar 

  9. Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Communications of the ACM 19(8), 461–471 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  10. El Kalam, A.A., Deswarte, Y., Baina, A., Kaaniche, M.: Access control for collaborative systems: A web services based approach. In: Proceedings of the IEEE International Conference on Web Services, pp. 1064–1071 (2007)

    Google Scholar 

  11. El Kalam, A.A., Elbaida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miége, A., Saurel, C., Trouessin, G.: Organization-based access control. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks, pp. 277–288 (June 2003)

    Google Scholar 

  12. Kilman, D., Stamp, J.: Framework for SCADA security policy. Technical report, Sandia Corporation (2005)

    Google Scholar 

  13. Lala, J.H. (ed.): Foundations of Intrusion Tolerant Systems. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  14. Mongardi, G.: Dependable computing for railway control systems. In: Proceedings of the International Conference on Dependable Computing for Critical Applications, pp. 255–277 (1993)

    Google Scholar 

  15. International Standards Organization. ISO/IEC Standard 15408-1, Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and general model 3 (July 2005)

    Google Scholar 

  16. Pizza, M., Strigini, L., Bondavalli, A., Di Giandomenico, F.: Optimal discrimination between transient and permanent faults. In: Proceedings of the 3rd IEEE High Assurance System Engineering Symposium, pp. 214–223 (1998)

    Google Scholar 

  17. Romano, L., Bondavalli, A., Chiaradonna, S., Cotroneo, D.: Implementation of threshold-based diagnostic mechanisms for COTS-based applications. In: Proceedings of the 21st IEEE Symposium on Reliable Distributed Systems, pp. 296–303, October 13-16 (2002)

    Google Scholar 

  18. Serafini, M., Bondavalli, A., Suri, N.: Online diagnosis and recovery: On the choice and impact of tuning parameters. IEEE Transactions on Dependable and Secure Computing 4(4), 295–312 (2007)

    Article  Google Scholar 

  19. Siewiorek, D.P., Swartz, R.S.: Reliable Computer Systems: Design and Evaluation. A.K. Peters (1998)

    Google Scholar 

  20. Sousa, P., Neves, N.F., Verissimo, P.: How resilient are distributed f fault/intrusion-tolerant systems? In: Proceedings of the IEEE International Conference on Dependable Systems and Networks (June 2005)

    Google Scholar 

  21. Thomas, R., Sandhu, R.: Task-based authorization controls. In: Proceedings of the 11th IFIP Working Conference on Database Security, pp. 166–181 (1997)

    Google Scholar 

  22. Verissimo, P., Neves, N.F., Cachin, C., Poritz, J., Powell, D., Deswarte, Y., Stroud, R., Welch, I.: Intrusion-tolerant middleware: The road to automatic security. IEEE Security & Privacy 4(4), 54–62 (2006)

    Article  Google Scholar 

  23. Verissimo, P., Neves, N.F., Correia, M.: The CRUTIAL reference critical information infrastructure architecture: A blueprint. International Journal of System of Systems Engineering (to appear, 2008)

    Google Scholar 

  24. Vitek, J., Jensen, C.: A view-based access control model for CORBA. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  25. W3C. SOAP, version 1.2. W3C Recommendation (June 2003)

    Google Scholar 

  26. W3C. Extensible markup language (XML). W3C Recommendation (February 2004)

    Google Scholar 

  27. W3C. WSDL, version 2.0. W3C Candidate Recommendation (March 2006)

    Google Scholar 

  28. Walter, C.J., Lincoln, P., Suri, N.: Formally verified on-line diagnosis. IEEE Transactions Software Engineering 23(11), 684–721 (1997)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Universidade de Lisboa, FCUL, Lisboa, Portugal

    Paulo Veríssimo, Nuno F. Neves & Miguel Correia

  2. LAAS-CNRS, France

    Yves Deswarte

  3. IRIT, ENSEEIHT-INPT, Université de Toulouse, France

    A. Abou El Kalam

  4. University of Florence, Florence, Italy

    Andrea Bondavalli & Alessandro Daidone

Authors
  1. Paulo Veríssimo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nuno F. Neves
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Miguel Correia
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yves Deswarte
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. A. Abou El Kalam
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Andrea Bondavalli
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Alessandro Daidone
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Rogério de Lemos Felicita Di Giandomenico Cristina Gacek Henry Muccini Marlon Vieira

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Veríssimo, P. et al. (2008). The CRUTIAL Architecture for Critical Information Infrastructures. In: de Lemos, R., Di Giandomenico, F., Gacek, C., Muccini, H., Vieira, M. (eds) Architecting Dependable Systems V. Lecture Notes in Computer Science, vol 5135. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85571-2_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85571-2_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85570-5

  • Online ISBN: 978-3-540-85571-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation