Domain Specific Stateful Filtering with Worst-Case Bandwidth

  • Maxime PuysEmail author
  • Jean-Louis Roch
  • Marie-Laure Potet
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10242)


Industrial systems are publicly the target of cyberattacks since Stuxnet. Nowadays they are increasingly communicating over insecure media such as Internet. Due to their interaction with the real world, it is crucial to ensure their security. In this paper, we propose a domain specific stateful filtering that keeps track of the value of predetermined variables. Such filter allows to express rules depending on the context of the system. Moreover, it must guarantee bounded memory and execution time to be resilient against malicious adversaries. Our approach is illustrated on an example.


  1. 1.
    Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)CrossRefGoogle Scholar
  2. 2.
    ANSSI. Managing cybersecurity for ICS, June 2012Google Scholar
  3. 3.
    Verba, J., Milvich, M.: Idaho national laboratory supervisory control and data acquisition intrusion detection system (scada ids). In: THS 2008 (2008)Google Scholar
  4. 4.
    Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23), 2435–2463 (1999)CrossRefGoogle Scholar
  5. 5.
    OISF. Suricata: Open source ids / ips / nsm engine, April 2016.
  6. 6.
    Snort Team. Snort: Open source network intrusion prevention system, April 2016
  7. 7.
    EDF R&D SINETICS. Dispositif d’échange sécurisé d’informations sans interconnexion réseau. Agence nationale de la sécurité des systèmes d’information, April 2010Google Scholar
  8. 8.
    SECLAB-FR. Dz-network. Agence nationale de la sécurité des systèmes d’information, June 2014Google Scholar
  9. 9.
    United States Department of Homeland Security. Foia response documents, July 2014.
  10. 10.
    Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. (TISSEC) 3(1), 30–50 (2000)CrossRefGoogle Scholar
  11. 11.
    Falcone, Y., Fernandez, J.-C., Mounier, L.: What can you verify and enforce at runtime? Technical report TR-2010-5, Verimag Research Report (2010)Google Scholar
  12. 12.
    Chen, Q., Abdelwahed, S.: A model-based approach to self-protection in scada systems. In: IWFC 2014, Philadelphia, PA, June 2014Google Scholar
  13. 13.
    Stergiopoulos, G., Theocharidou, M., Gritzalis, D.: Using logical error detection in software controlling remote-terminal units to predict critical information infrastructures failures. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 672–683. Springer, Cham (2015). CrossRefGoogle Scholar
  14. 14.
    Roşu, G.: On safety properties and their monitoring. Sci. Ann. Comput. Sci. 22(2), 327–365 (2012)MathSciNetGoogle Scholar
  15. 15.
    Lorch, M., Proctor, S., Lepro, R., Kafura, D., Shah, S.: First experiences using XACML for access control in distributed systems. In: XML Security 2003 (2003)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Maxime Puys
    • 1
    Email author
  • Jean-Louis Roch
    • 1
  • Marie-Laure Potet
    • 1
  1. 1.Verimag, University Grenoble Alpes/Grenoble-INPGièresFrance

Personalised recommendations