Skip to main content
SpringerLink
Log in

Reasoning about Vulnerabilities in Dependent Information Infrastructures: A Cyber Range Experiment

  • Conference paper
Critical Information Infrastructures Security

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7722))

Abstract

Malice aside, even the pursuit of legitimate local goals such as cost minimisation, availability, and resilience in subsystems of a critical information infrastructure (CII) can induce subtle dynamic behaviours and dependencies that endanger higher-level goals and security of services. However, in practice, the subsystems of a CII may not be entirely cooperative, potentially having different and perhaps conflicting management goals; and some subsystems may be malicious or untrustworthy. Consequently, vulnerabilities may arise accidentally or deliberately through the dependency on subsystems with conflicting goals, or systems which might contain potentially rogue elements. We have developed an analytical framework for reasoning about vulnerabilities and risks in dependent critical infrastructure. To validate the analytical framework we have carried out a series of experiments on a Cyber Range facility, simulating dependent information infrastructures. This paper presents results obtained from the experiments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Adetoye, A.O., Creese, S., Goldsmith, M.H.: Analysis of dependencies in critical infrastructures. In: Proceedings of the 6th International Conference on Critical Information Infrastructure Security (CRITIS 2011). LNCS, Springer, Heidelberg (2011)

    Google Scholar 

  2. Balakrishnan, A., Magnanti, T.L., Mirchandani, P.: Connectivity-splitting models for survivable network design. Networks 43(1), 10–27 (2004)

    Article  MathSciNet  Google Scholar 

  3. Creese, S., Goldsmith, M.H., Adetoye, A.O.: A logical high-level framework for critical infrastructure resilience and risk assessment. In: 2011 Third International Workshop on Cyberspace Safety and Security (CSS), pp. 7–14 (September 2011)

    Google Scholar 

  4. Dijkstra, E.W.: Self-stabilizing systems in spite of distributed control. Communications of the Association of the Computing Machinery 17(11), 643–644 (1974)

    Article  Google Scholar 

  5. Dolev, S.: Self-Stabilization. MIT Press, Cambridge (2000)

    Book  Google Scholar 

  6. Dudenhoeffer, D.D., Permann, M.R., Manic, M.: CIMS: a framework for infrastructure interdependency modeling and analysis. In: Felipe Perrone, L., Lawson, B., Liu, J., Wieland, F.P. (eds.) Proceedings of the Winter Simulation Conference WSC 2006, Monterey, California, USA, pp. 478–485 (2006)

    Google Scholar 

  7. Dudenhoeffer, D.D., Permann, M.R., Woolsey, S., Timpany, R., Miller, C., McDermott, A., Manic, M.: Interdependency modeling and emergency response. In: Wainer, G.A. (ed.) Proceedings of the 2007 Summer Computer Simulation Conference, SCSC 2007, San Diego, California, USA, July 16-19, pp. 1230–1237. Simulation Councils, Inc. (2007)

    Google Scholar 

  8. Haimes, Y., Jiang, P.: Leontief-based model of risk in complex interconnected infrastructures. Journal of Infrastructure Systems 7, 1–12 (2001)

    Article  Google Scholar 

  9. Masucci, V., Adinolfi, F., Servillo, P., Dipoppa, G., Tofani, A.: Ontology-Based Critical Infrastructure Modeling and Simulation. In: Palmer, C., Shenoi, S. (eds.) Critical Infrastructure Protection III, p. 229 (2009)

    Google Scholar 

  10. Neville, J., Jensen, D., Chickering, M.: Relational dependency networks. Journal of Machine Learning Research 8 (2007)

    Google Scholar 

  11. Nieuwenhuijs, A., Luiijf, E., Klaver, M.: Modeling Dependencies In Critical Infrastructures. In: Papa, M., Shenoi, S. (eds.) Critical Infrastructure Protection II. IFIP, vol. 290, pp. 205–213. Springer, Boston (2008)

    Chapter  Google Scholar 

  12. Oliva, G., Panzieri, S., Setola, R.: Agent-based input-output interdependency model. International Journal of Critical Infrastructure Protection 3, 76–82 (2010)

    Article  Google Scholar 

  13. Pederson, P., Dudenhoeffer, D., Hartley, S., Permann, M.: Critical infrastructure interdependency modeling: A survey of U.S. and international research. Technical Report INL/EXT-06-11464, Idaho National Laboratory, Idaho Falls, Idaho 83415 (August 2006)

    Google Scholar 

  14. Ragni, M., Scivos, A.: Dependency calculus reasoning in a general point relation algebra. In: Kaelbling, L.P., Saffiotti, A. (eds.) IJCAI 2005, Proceedings of the Nineteenth International Joint Conference on Artificial Intelligence, Edinburgh, Scotland, UK, July 30-August 5, pp. 1577–1578. Professional Book Center (2005)

    Google Scholar 

  15. Shamir, A.: How to share a secret. Communications of the ACM 22(11), 612–613 (1979)

    Article  MathSciNet  Google Scholar 

  16. Svendsen, N.K., Wolthusen, S.D.: Multigraph dependency models for heterogeneous infrastructures. In: Goetz, E., Shenoi, S. (eds.) Critical Infrastructure Protection. IFIP, vol. 253, pp. 337–350. Springer, Boston (2007)

    Chapter  Google Scholar 

  17. Walsh, S., Cherry, S., Roybal, L.: Critical infrastructure modeling: An approach to characterizing interdependencies of complex networks & control systems. In: 2nd Conference on Human System Interactions, HSI 2009, pp. 637–641 (May 2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cyber Security Centre, Department of Computer Science, University of Oxford, Oxford, OX1 3QD, UK

    Adedayo O. Adetoye, Sadie Creese & Michael H. Goldsmith

Authors
  1. Adedayo O. Adetoye
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sadie Creese
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael H. Goldsmith
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hochschule Luzern - Technik und Architektur, CEO Acris GmbH, Bodenhofstrasse 29, 6005 Luzern, Switzerland and Gjøvik University College, Teknologivegen 22, 2815, Gjøvik, Norway

    Bernhard M. Hämmerli

  2. Faculty of Computer Science and Media Technology, Gjøvik University College, Teknologivegen 22, 2815, Gjøvik, Norway

    Nils Kalstad Svendsen

  3. Department of Computer Science, E.T.S. Ingenieria Informatica, University of Malaga, Campus de Teatinos s/n, 29071, Malaga, Spain

    Javier Lopez

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Adetoye, A.O., Creese, S., Goldsmith, M.H. (2013). Reasoning about Vulnerabilities in Dependent Information Infrastructures: A Cyber Range Experiment. In: Hämmerli, B.M., Kalstad Svendsen, N., Lopez, J. (eds) Critical Information Infrastructures Security. Lecture Notes in Computer Science, vol 7722. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41485-5_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41485-5_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41484-8

  • Online ISBN: 978-3-642-41485-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation