Distributed MILS Architectural Approach for Secure Smart Grids

  • Denis BytschkowEmail author
  • Jean Quilbeuf
  • Georgeta Igna
  • Harald Ruess
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8448)


Successful decentralized and prosumer-based smart grids need to be at least as dependable and secure as the prevailing one-way, generation-transmission-distribution-consumer power grids. With this motivation in mind, we propose a two-phase model-based design methodology for secure architectural design and secure deployment of such a security architecture on a distributed separation kernel. In particular, we are modeling essential parts of a smart micro grid with several interacting prosumers, and demonstrate exemplary security/privacy requirements of this smart grid. The security policy architecture of this smart grid is deployed on a secure distributed platform, relying on a combination of separation kernels and deterministic network, as developed in the Distributed MILS project.


Smart grid security Distributed MILS Separation kernel Formal verification Security policy architecture  Configuration compiler 


  1. 1.
    Alves-Foss, J., Harrison, W.S., Oman, P., Taylor, C.: The MILS architecture for high-assurance embedded systems. Int. J. Embed. Syst. 2(3/4), 239–247 (2006)CrossRefGoogle Scholar
  2. 2.
    Balliu, M.: A logic for information flow analysis of distributed programs. In: Riis Nielson, H., Gollmann, D. (eds.) NordSec 2013. LNCS, vol. 8208, pp. 84–99. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  3. 3.
    Boettcher, C., DeLong, R., Rushby, J., Sifre, W.: The MILS component integration approach to secure information sharing. In: IEEE/AIAA 27th Digital Avionics Systems Conference, 2008, DASC 2008, pp. 1.C.2-1–1.C.2-14. IEEE (2008)Google Scholar
  4. 4.
    Broy, M., Stølen, K.: Specification and Development of Interactive Systems: Focus on Streams, Interfaces, and Refinement. Springer, Secaucus (2001)CrossRefGoogle Scholar
  5. 5.
    Camek, A., Holzl, F., Bytschkow, D.: Providing security to a smart grid prosumer system based on a service oriented architecture in an office environment. In: Proceedings of Innovative Smart Grid Technologies (ISGT), 2013 IEEE PES (2013)Google Scholar
  6. 6.
    Chong, S., van der Meyden, R.: Using architecture to reason about information security. In: Layered Assurance Workshop (2012)Google Scholar
  7. 7.
    Clarkson, M.R., Finkbeiner, B., Koleini, M., Micinski, K.K., Rabe, M.N., Sánchez, C.: Temporal logics for hyperproperties. In: Abadi, M., Kremer, S. (eds.) POST 2014 (ETAPS 2014). LNCS, vol. 8414, pp. 265–284. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  8. 8.
    Clarkson, M.R., Schneider, F.B.: Hyperproperties. J. Comput. Secur. 18(6), 1157–1210 (2010)Google Scholar
  9. 9.
    D-MILS: Distributed MILS for dependable information and communication infrastructures. STREP, FP7.
  10. 10.
    D-MILS: Safety and security requirements for the fortiss Smart Micro Grid demonstrator (2013), d-MILS project deliverableGoogle Scholar
  11. 11.
    de Moura, L., Bjørner, N.S.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  12. 12.
    ENISA: Appropriate security measures for smart grids - guidelines to assess the sophistication of security measures implementation. Study of the European Network and Information Security Agency (ENISA) (2012)Google Scholar
  13. 13.
    ENISA: Smart grid security - recommendations for Europe and member states. Study of the European Network and Information Security Agency (ENISA) (2012)Google Scholar
  14. 14.
    Fagin, R., Halpern, J.Y., Moses, Y., Vardi, M.Y.: Reasoning About Knowledge. MIT Press, Cambridge (1995)zbMATHGoogle Scholar
  15. 15.
    Koss, D., Sellmayr, F., Bauereiß, S., Bytschkow, D., Gupta, P.K., Schätz, B.: Establishing a smart grid node architecture and demonstrator in an office environment using the SOA approach. In: SE4SG, ICSE, pp. 8–14. IEEE (2012)Google Scholar
  16. 16.
    van der Meyden, R.: What, indeed, is intransitive noninterference? In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 235–250. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  17. 17.
    NIST: NIST IR 7628: guidelines for smart grid cyber security (2011).
  18. 18.
    Quilbeuf, J., Igna, G., Bytschkow, D., Ruess, H.: Security policies for distributed systems. CoRR abs/1310.3723 (2013)Google Scholar
  19. 19.
    Rushby, J.: Noninterference, transitivity, and channel-control security policies. SRI International, Computer Science Laboratory (1992)Google Scholar
  20. 20.
    Rushby, J.: Partitioning in avionics architectures: requirements, mechanisms, and assurance. Technical report, DTIC Document (2000)Google Scholar
  21. 21.
    Vanfleet, W.M., et al.: MILS: architecture for high assurance embedded computing. Cross Talk 18, 12–16 (2005)Google Scholar
  22. 22.
    Yardley, T., Berthier, R., Nicol, D., Sanders, W.: Smart grid protocol testing through cyber-physical testbeds. In: ISGT, 2013 IEEE PES, pp. 1–6 (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Denis Bytschkow
    • 1
    Email author
  • Jean Quilbeuf
    • 1
  • Georgeta Igna
    • 1
  • Harald Ruess
    • 1
  1. 1.fortiss GmbHAn-Institut Technische Universität MünchenMünchenGermany

Personalised recommendations