Presentation is loading. Please wait.

Presentation is loading. Please wait.

SERSCIS has received EC Research Funding Semantically Enhanced Resilient and Secure Critical Infrastructure Services EMS 2012 UKSIM – AMSS : 6 th European.

Similar presentations


Presentation on theme: "SERSCIS has received EC Research Funding Semantically Enhanced Resilient and Secure Critical Infrastructure Services EMS 2012 UKSIM – AMSS : 6 th European."— Presentation transcript:

1 SERSCIS has received EC Research Funding Semantically Enhanced Resilient and Secure Critical Infrastructure Services EMS 2012 UKSIM – AMSS : 6 th European Modelling Symposium On Mathematical Modelling and Computer Simulation Malta 14-16, Nov

2 Subtitle Presenter- Contributor: Vasilis Tsoulkas, Center for Security Studies (KEMEA)/Ministry of Citizen Protection & University of Athens, GR. Co-Contributors: Dimitris Kostopoulos KEMEA / Ministry of Citizen Protection, Athens, GR George Leventakis KEMEA & University of the Aegean, Dept. Of Shipping, Trade and Transport. Mike Surridge IT Innovation Centre, Univ. of Southampton, UK 2

3 Subtitle 3 SERSCIS Group IT Innovation Centre – University of Southampton, UK Joanneum Research (JRS) – Graz, Austria Center for Security Studies (KEMEA) – Athens, Greece Austro Control GmbH (ACG) – Vienna, Austria Port Authority Gijon (PAG) – Gijon, Spain

4 Subtitle Presentation Sections 1. Objectives 2. Brief SERSCIS Architecture description 3. Basics of SERSCIS System Modeling Strategy 4. SERSCIS – Proof of Concept 5. A-CDM (Airport - Collaborative Data Management)- Ground Handler case (EUROCONTROL) ACDM-components, Info. Sharing Concept, Traffic Critical Parameters, Data quality of KPIs & Metrics 6. SERSCIS Proof of Concept (Ground Handler) 7. SERSCIS Domain core (complete) Ontology and Semantic Models 8. SERSCIS Decision Support Tool (DST) 9. SERSCIS Stream Reasoning Process. 10. Conclusions- Impact 4

5 Subtitle 5 Objectives Critical infrastructure ICT components are increasingly interconnected information sharing greater operational efficiency, but also reduced slack and flexibility interconnections new risks from ICT failure cascade effects SERSCIS approach: use agile Service Oriented Architecture (SOA) to offset these threats adapt ICT components and networks to meet changing needs adapt ICT connections to prevent cascades and contain threats

6 Subtitle 6 Objectives To exploit agile Service Oriented Technology to – compose ICT connections related to critical infrastructure – monitor and manage ICT components against well- defined dependability criteria – adapt ICT connections in response to disruption or threats To validate this approach in Proof of Concept Scenarios from the air traffic sector (A-CDM EUROCONTROL)

7 Subtitle 7 Brief SERSCIS Architecture description Management Channel Application Channel

8 Subtitle 8 Basics of SERSCIS Systems Modelling Strategy Semantic modelling of critical infrastructure ICT including inter- dependency and risks Semantics service orchestration models exploiting dependability criteria automatic composition of service inter-connections against dependability criteria automated re-composition in response to threats Dynamic security and trust management to control threat propagation between services Decision support tool based on semantic system models to assist human operators (model driven DST)

9 Subtitle A-CDM (basic concepts) EUROCONTROL Airport Collaborative Decision Making (A-CDM): To improve Air Traffic Flow & Capacity Management (ATFCM) at airports by reducing delays, improving event predictability and optimizing the utilization of services and resources. Implementation of Airport CDM: allows each Airport CDM Partner to optimise their decisions in collaboration with other A- CDM Partners The decision making by the Airport CDM Partners is facilitated by the sharing of accurate and timely information and by adapted procedures, mechanisms and tools. 9

10 Subtitle 10 Applications and SERSCIS Impact Airport Collaborative Decision Making (A-CDM) sharing information between air-traffic control, airports, airlines and airport service providers allows greater operational efficiency, but creates interdependencies that need to be managed SERSCIS SOLUTION : enables improved risk management of complex interconnected assets SERSCIS Impact greater awareness of risks in Airtraffic proof of concept scenarios analysis of requirements and application in other sectors novel risk management capabilities for managing interdependency and cascading threats

11 Subtitle A-CDM components The Airport CDM concept is divided in the following Components: Airport CDM Information Sharing Component CDM Turn-around Process – Milestones Approach Variable Taxi Time Calculation Collaborative Management of Flight Updates Collaborative Pre-departure Sequence Advanced CDM The efficiency of the Air Transport System is highly dependant on the traffic predictability critical parameters. 11

12 Subtitle Airport CDM Information Sharing Concept Component (ACIS) The Airport CDM Information Sharing Component : Defines the sharing of accurate and timely information between the Airport CDM Partners to achieve common situational awareness and to improve traffic parameters predictability. The main Airport CDM Partners are: Airport Operator Aircraft Operators Ground Handlers De-icing companies Air Traffic Service Provider CFMU 12

13 Subtitle Air -Traffic Critical Parameters 13

14 Subtitle Air -Traffic Critical Parameters 14

15 Subtitle Data Quality of A-CDM Key Performance Indicators (KPIs) and metrics Key Performance Indicators : Data Confidentiality, Data Integrity, Alarms, Data Display. KPIs data properties: Quality of Time Estimates Accuracy Predictability Stability 15

16 Subtitle 16 Actors and Ground Handling Services Architecture (Proof of Concept)

17 Subtitle Ground Handler Services Architecture (Proof of Concept) 17 Service accessible by a consumer (aircraft operator) through SLA template consumer. The GH is responsible for coordination of Ramp Services (catering, fuelling, cleaning, baggage handling)

18 Subtitle Turn Around - Ground Handling Process 18

19 Subtitle Ground Handling Basic Services 19 Information Sharing Platform Component – Provides methods to update data – Performs internal consistency checks of data CFMU (Central Flow Management Unit) – Provides ELDT update of inbound flights ATC (Air Traffic Control ) – Drives simulation by providing milestone events Aircraft Operator / Ground Handler – Orchestrates turn around process – Triggers sub-services Aircraft Crew – Report ready to ATC – Request startup

20 Subtitle Ground Handler Basic Services and Functions 20 Fuelling Service Baggage Handling Service Catering Service Aircraft Cleaning Service All triggered by aircraft operator or ground handler Provide specific service within turn-around Methods Schedule and reschedule a service Prepare for service delivery Start service delivery Provide status on remaining service time

21 Subtitle Ground Handling Workflow Execution Phase (austro control partner) 21

22 Subtitle Ground Handler Possible Services Workflow Disruption – Execution Phase 22 Passenger no-show TOBT delayed, potentially resulting in new slot (CTOT) Offload baggage Landing of inbound aircraft delayed Changes in workflow and service choice Changes in TOBT (Targeted Off Block Time) Ground handling resource problems Heightened security status Alternate workflow path Reduced choice of service providers

23 Subtitle General SERSCIS Modeling Approach The SERSCIS system modelling approach is based on: A generic dependability model - domain ontology - composed of OWL classes. : 1). This model captures generic types of SOA system assets such as: services, resources, customers, threats to those assets, and controls that can mitigate those threats. 2). The dependability model captures expertise in security of Service- Oriented Systems (SOA). 3) The Proof-of-Concept covers a subset of security threats and controls relevant to the Proof-of-Concept evaluation scenario, 23

24 Subtitle SERSCIS Modeling Achieved Objectives 24 Development of modelling tools and models capturing system requirements and interdependencies system threats and vulnerabilities system degradation and relevant countermeasures Development of system level models for CI in airports Provide a basis for wider application of the modelling approach

25 Subtitle Creation of a new Semantic Dependability Modeling Approach and SERSCIS Ontology New Domain Ontologies have been created : a critical infrastructure systems of systems ontology to model interdependencies of: airport services such as fuel, food, telecommunications, ATM, etc; (assets and dependabilities) a cause and effect ontology that models potential threats and consequences; a resource dependability metrics ontology that models the dynamic behavior of system entities. 25

26 Subtitle SERSCIS Domain Ontology snapshot 05/08/2009 Copyright © 2008 University of Southampton IT Innovation Centre and other Members of the SERSCIS Consortium 26

27 Subtitle SERSCIS Domain Ontology 05/08/2009 Copyright © 2008 University of Southampton IT Innovation Centre and other Members of the SERSCIS Consortium 27

28 Subtitle SERSCIS Domain Ontology 05/08/2009 Copyright © 2008 University of Southampton IT Innovation Centre and other Members of the SERSCIS Consortium 28

29 Subtitle SERSCIS Semantic Model A core structure to model a system comprising assets, which may be subject to threats, and can be protected by controls ; A dependability semantic model that describes generic types of assets, threats & controls using OWL classes, with their relationships; An abstract system semantic model that describes system-specific assets, threats and controls, extending the dependability model classes by incorporating system-specific security knowledge; A concrete system semantic model that provides snapshots of a running system, with instances to represent participating assets, plus contextualised threats and controls. 29

30 Subtitle Core structure of the system modelling approach (Dependability Semantic Model) The approach is designed to capture 3-types of system entities : 1. generic asset classes : the types of assets that can be found in a system; 2. generic threat classes : ways in which these generic types of assets could be compromised; 3. generic control classes: describing the types of controls that could be used to protect these asset types from these threats. 30

31 Subtitle Generic Systems Modelling Class – SERSCIS Core Ontology 31 Asset, Control and Threat instances Threat classDescriptionControls needed Unauthorized access The service processes an unauthorised request from an attacker. Client AuthN + Client AuthZ Unaccountable access Type of unauthorized access, designed to get the service without paying for it. Client AuthN + Client AuthZ Service misdirectionType of unauthorized access, designed to make the service mismanage its resources. Client AuthN + Client AuthZ

32 Subtitle Generic Dependability Model Assets and Relationships 32

33 Subtitle High Level view of SERSCIS Abstract Dependability Model 33

34 Subtitle SERSCIS Threat Classification model SWRL rules are evaluated and threats classified by using a semantic reasoner (to be shown in the in the following slides) 34

35 Subtitle High Level view of SERSCIS Abstract Dependability Model Services: Are Systems Components that provide services Clients: Are Systems Components that access these services Threat Types: 1.Unauthorized Access (to the service) 2.Data traffic Snooping 3.Man in the Middle 4.Client Impersonation 5.Resource Failure 35

36 Subtitle Control types are defined for protecting services Service AuthN : Client validates the identity (or attributes) of the service. ClientAuthN: The service validates the identity (or attributes) of a requestor Client AuthZ: The service determines wether a request is authorised. Encryption: encrypts data exchanged with the service so it cannot be read in transit Redundancy: Ti have multiple resources of a given type, so a failure in one does not cause failure of the service. 36

37 Subtitle Treat Classes – Descriptions – Combined Controls 37 Threat classDescriptionControls needed Unauthorized access The service processes an unauthorised request from an attacker. This class is never actually used because the threat depends on why the attacker wants access – see the next three subclasses. Client AuthN + Client AuthZ Unaccountable access Type of unauthorized access, designed to get the service without paying for it. Client AuthN + Client AuthZ Service misdirection Type of unauthorized access, designed to make the service mismanage its resources. Client AuthN + Client AuthZ Data tampering Type of unauthorized access, designed to alter the service data. Client AuthN + Client AuthZ Data traffic snooping An unauthorized attacker reads service requests and responses. Encryption

38 Subtitle Threat Vulnerability Classification 38 3 possible classifications are used as is shown previously Blocked threat: if an attacker should carry out the threat (intentionally or otherwise), the system has controls that will prevent the attack from succeeding. Mitigated threat: if an attacker should carry out the threat, the attack cannot be prevented, but the system controls provide a response that will counteract its effect on the targeted asset. Vulnerability: the system does not have any means to prevent the attack or counteract its effects on the targeted system asset.

39 Subtitle Threat Vulnerability Classification – Controlling a MissAccountedClientResourceAccess threat Classification is performed by semantic reasoning over the concrete system model, using SWRL rules from the SERSCIS dependability model For example, the rules are : for MissAccountedClientResourceAccess (SWRL rules) MissAccountedClientResourceAccess(?t) ClientSpecifiedResource(?a1) affects(?t,?a1) Customer(?t,?a2) affects(?t,?a2) ServiceGroup(?t,?a3) affects(?t,?a3) ClientAuthentication(?c1) protects(?c1, ?a1) AccessControl(?c2) protects(?c2, ?a1) Delegation(?c3) protects(?c3, ?a2) Identification(?c4) protects(?c4, ?a3) BlockedThreat (?t) 39

40 Subtitle Threat Vulnerability Classification - Controlling a MissAccountedClientResourceAccess threat 40

41 Subtitle Main ideas embodied in the SERSCIS Ontology Assets, threats and controls are described as OWL classes Assets may have associated metrics for presence or absence of threat-induced behaviors Threats have a human readable description, impact severity and prior & current likelihood ratings. In the following schematic dashed arrows does not represent a conventional OWL relationship but SWRL rules. These rules classify threat instances as: Mitigated or Blocked based on the presence of adequate controls. 41

42 Subtitle Proof of Concept: Updated core Ontology 42

43 Subtitle 43 SERSCIS Decision Support Tool Framework – Run Time Dynamic Model

44 Subtitle Old version of Decision Support Tool – Dynamic Interface 44

45 Subtitle SERSCIS STREAM REASONING PROCESS - Basics 45

46 Subtitle SERSCIS STREAM REASONING PROCESS - Basics It allows the concrete system model to be continuously updated, It reduces the time lag between the evolution of the real system and that of the concrete system model, making it possible to resolve recent and rapid changes in the real system; It represents protracted as well as instantaneously observed behaviours in the model by including information over an extended (sliding) time window; It allows reasoning algorithms to take account of system changes during the time window, target than only the instantaneous system composition and status. 46

47 Subtitle Proposed SERSCIS Stream reasoning 47

48 Subtitle Proposed SERSCIS stream reasoning – Behavior Analyzer basic notion Time TOBT updates (QoS) TOBT updates (QoE) (QoE- QoS)/totalFlights 29/07/ : /07/ : /07/ : /07/ : /07/ : /07/ : /07/ : /07/ : /07/ : /07/ : /07/ : /07/ :

49 Subtitle Evolution of QoS and QoE in time 49

50 Subtitle Intrusion Detection basics We use the Non-Parametric CUSUM test Two performance criteria : i). False Alarm Time ii). Detection Time. 50

51 Subtitle Recent (2012) DST design concepts (Under Constrution ) Physical asset display 51 Assets Please select an asset class Threats Please select an asset Behaviours Please select an asset class Update Up to date

52 Subtitle Recent (2012) DST design concepts (Under Constrution) 52 Assets Please select an asset class Threats Please select an asset Behaviours Please select an asset class Update

53 Subtitle SERSCIS INNOVATIONS 53 Semantic system modelling of critical infrastructure ICT including inter- dependency and other risks Semantic service dependability models encoded in SLA semi-automatic management of services against dependability criteria Semantic service orchestration models exploiting dependability criteria automatic composition of service inter-connections against dependability criteria automated re-composition in response to dependability threats Dynamic security and trust management to control threat propagation between services automatic policy updates driven by service dependability management Advanced Decision support interface based on semantic system models to assist human operators Innovative Stream reasoning technologies for Event Analytics and Behavior Assets Reasoning in conjunction with detection algorithms.

54 Subtitle CONCLUSIONS- IMPACT Airport Collaborative Decision Making – (A-CDM) sharing information between air-traffic control, airports, airlines and airport service providers allows greater operational efficiency, but also creates interdependencies that need to be managed SERSCIS will enable improved risk management goal is not to enable A-CDM, but to better manage it Introduction of state of the art risk analysis procedures Stream reasoning processes and event processing in risk management Other applications will be considered (especially Port Community Operations) Expected impact greater awareness of risks in A-CDM especially from interdependency analysis of requirements and application in other sectors novel risk management capabilities based on agile SOA especially for managing interdependency and cascading threats ; 54

55 Subtitle S E THANK YOU for your attention 55


Download ppt "SERSCIS has received EC Research Funding Semantically Enhanced Resilient and Secure Critical Infrastructure Services EMS 2012 UKSIM – AMSS : 6 th European."

Similar presentations


Ads by Google