MODELING AND VALIDATING A SECURE INTERCONNECTION BETWEEN INDUSTRIAL CONTROL SYSTEM AND CORPORATE NETWORK USING COLORED PETRI NET
Keywords:
ICS Network, Corporate Network, Secure Interconnection, Colored Petri NetAbstract
Industrial Control Systems (ICS) networks offer a high level of automation combined with high levels of control, quality and process improvement. Since network corporate users have to access the ICS environment, these networks have to be interconnected. However, this interconnection can introduce risks to the systems and manufacturing processes, which leads to the need to ensure the interconnection is done safely. The objective of this paper is to perform modeling and validation of a proposed secure interconnection between ICS and corporate networks using Colored Petri Networks (CPN). In addition to the best practices published in related works, this paper recommends some integrated features like the use of terminal server service, secure manual uplinks, and unidirectional security gateway to enhance environmental security. However, our main contribution is the validation process performed in a Colored Petri Network, which made it possible to execute queries in the state space resulting from the simulation - that works as a proof of concept. As a result, the paper presents a secure and validated model of interconnection between ICS and corporate networks, capable of being applied to any interconnection environment.
Downloads
References
MAHBOOB, A.; ZUBAIRI, J. Intrusion avoidance for scada security in industrial plants. Collaborative Technologies and Systems (CTS), 2010 International Symposium on, p. 447-452. IEEE.
NIST Guide to industrial control systems (ICS) security. National Institute of Standards and Technology, 2015.
CPNTools CPN Tools Homepage. http://http://cpntools.org. [Online; accessed 24-March-2019.
KNAPP, E. D.; LANGILL, J. T. Industrial Network Security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems. Syngress, 2014.
WEI, D.; JAFARI, M.; LU, Y. On protecting industrial automation and control systems against electronic attacks. Automation Science and Engineering, 2007. CASE 2007. IEEE International Conference on, p. 176-181. IEEE.
STOIAN, I., CAPATINA, D., IGNAT, S., and GHIRAN, O. Scada and modeling in water management. Automation, Quality and Testing, Robotics, 2014 IEEE International Conference on, pp. 1-6. IEEE.
MURATA, T. Petri nets: Properties, analysis and applications. Proceedings of the IEEE, 77, 1989, 541-580.
UEDA, E. T. Análise de Políticas de Controle de Acesso Baseado em Papéis com Rede de Petri Colorida. PhD thesis Universidade de São Paulo.
JENSEN, K. Coloured Petri nets: basic concepts, analysis methods and practical use. 2103, Springer Science & Business Media.
MACIEL, P. R., LINS, R. D., CUNHA, P. R. Introdução às redes de Petri e aplicações. 1996, UNICAMP Instituto de Computacao.
CÁRDENAS, A. A., AMIN, S., LIN, Z.-S., H UANG, Y.-L.,HUANG, C.-Y., SASTRY, S. Attacks againstprocess control systems: risk assessment, detection, and response. Proceedings of the 6th ACM symposium on information, computer and communications security,2011, p. 355-366. ACM.
AMOAH, R., CAMTEPE, S., FOO, E. Formal modelling and analysis of dnp3 secure authentication. Journal of Network and Computer Applications, 2016, 345-360.
COATES, G. M., HOPKINSON, K. M., GRAHAM, S. R., and KURKOWSKI, S. H. A trust system architecture for scada network security. IEEE Transactions on Power Delivery, 2010, p. 158-169.
PESHIN, E. A pragmatic and foolproof approach for connecting critical/industrial networks to external less secure networks. Modelling Cyber Security: Approaches, Methodology, Strategies, 2009, 79.