Abstract
Malice aside, even the pursuit of legitimate local goals such as cost minimisation, availability, and resilience in subsystems of a critical information infrastructure (CII) can induce subtle dynamic behaviours and dependencies that endanger higher-level goals and security of services. However, in practice, the subsystems of a CII may not be entirely cooperative, potentially having different and perhaps conflicting management goals; and some subsystems may be malicious or untrustworthy. Consequently, vulnerabilities may arise accidentally or deliberately through the dependency on subsystems with conflicting goals, or systems which might contain potentially rogue elements. We have developed an analytical framework for reasoning about vulnerabilities and risks in dependent critical infrastructure. To validate the analytical framework we have carried out a series of experiments on a Cyber Range facility, simulating dependent information infrastructures. This paper presents results obtained from the experiments.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adetoye, A.O., Creese, S., Goldsmith, M.H.: Analysis of dependencies in critical infrastructures. In: Proceedings of the 6th International Conference on Critical Information Infrastructure Security (CRITIS 2011). LNCS, Springer, Heidelberg (2011)
Balakrishnan, A., Magnanti, T.L., Mirchandani, P.: Connectivity-splitting models for survivable network design. Networks 43(1), 10–27 (2004)
Creese, S., Goldsmith, M.H., Adetoye, A.O.: A logical high-level framework for critical infrastructure resilience and risk assessment. In: 2011 Third International Workshop on Cyberspace Safety and Security (CSS), pp. 7–14 (September 2011)
Dijkstra, E.W.: Self-stabilizing systems in spite of distributed control. Communications of the Association of the Computing Machinery 17(11), 643–644 (1974)
Dolev, S.: Self-Stabilization. MIT Press, Cambridge (2000)
Dudenhoeffer, D.D., Permann, M.R., Manic, M.: CIMS: a framework for infrastructure interdependency modeling and analysis. In: Felipe Perrone, L., Lawson, B., Liu, J., Wieland, F.P. (eds.) Proceedings of the Winter Simulation Conference WSC 2006, Monterey, California, USA, pp. 478–485 (2006)
Dudenhoeffer, D.D., Permann, M.R., Woolsey, S., Timpany, R., Miller, C., McDermott, A., Manic, M.: Interdependency modeling and emergency response. In: Wainer, G.A. (ed.) Proceedings of the 2007 Summer Computer Simulation Conference, SCSC 2007, San Diego, California, USA, July 16-19, pp. 1230–1237. Simulation Councils, Inc. (2007)
Haimes, Y., Jiang, P.: Leontief-based model of risk in complex interconnected infrastructures. Journal of Infrastructure Systems 7, 1–12 (2001)
Masucci, V., Adinolfi, F., Servillo, P., Dipoppa, G., Tofani, A.: Ontology-Based Critical Infrastructure Modeling and Simulation. In: Palmer, C., Shenoi, S. (eds.) Critical Infrastructure Protection III, p. 229 (2009)
Neville, J., Jensen, D., Chickering, M.: Relational dependency networks. Journal of Machine Learning Research 8 (2007)
Nieuwenhuijs, A., Luiijf, E., Klaver, M.: Modeling Dependencies In Critical Infrastructures. In: Papa, M., Shenoi, S. (eds.) Critical Infrastructure Protection II. IFIP, vol. 290, pp. 205–213. Springer, Boston (2008)
Oliva, G., Panzieri, S., Setola, R.: Agent-based input-output interdependency model. International Journal of Critical Infrastructure Protection 3, 76–82 (2010)
Pederson, P., Dudenhoeffer, D., Hartley, S., Permann, M.: Critical infrastructure interdependency modeling: A survey of U.S. and international research. Technical Report INL/EXT-06-11464, Idaho National Laboratory, Idaho Falls, Idaho 83415 (August 2006)
Ragni, M., Scivos, A.: Dependency calculus reasoning in a general point relation algebra. In: Kaelbling, L.P., Saffiotti, A. (eds.) IJCAI 2005, Proceedings of the Nineteenth International Joint Conference on Artificial Intelligence, Edinburgh, Scotland, UK, July 30-August 5, pp. 1577–1578. Professional Book Center (2005)
Shamir, A.: How to share a secret. Communications of the ACM 22(11), 612–613 (1979)
Svendsen, N.K., Wolthusen, S.D.: Multigraph dependency models for heterogeneous infrastructures. In: Goetz, E., Shenoi, S. (eds.) Critical Infrastructure Protection. IFIP, vol. 253, pp. 337–350. Springer, Boston (2007)
Walsh, S., Cherry, S., Roybal, L.: Critical infrastructure modeling: An approach to characterizing interdependencies of complex networks & control systems. In: 2nd Conference on Human System Interactions, HSI 2009, pp. 637–641 (May 2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Adetoye, A.O., Creese, S., Goldsmith, M.H. (2013). Reasoning about Vulnerabilities in Dependent Information Infrastructures: A Cyber Range Experiment. In: Hämmerli, B.M., Kalstad Svendsen, N., Lopez, J. (eds) Critical Information Infrastructures Security. Lecture Notes in Computer Science, vol 7722. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41485-5_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-41485-5_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41484-8
Online ISBN: 978-3-642-41485-5
eBook Packages: Computer ScienceComputer Science (R0)