Title :
Improving security in SCADA systems through firewall policy analysis
Author :
Rysavy, Ondrej ; Rab, Jaroslav ; Sveda, Miroslav
Author_Institution :
Fac. of Inf. Technol., Brno Univ. of Technol., Brno, Czech Republic
Abstract :
Modern SCADA networks are connected to both the companys enterprise network and the Internet. Because these industrial systems often control critical processes the cyber-security requirements become a priority for their design. This paper deals with the network security in SCADA environment implemented by firewall devices. We proposed a method for verification of firewall configurations against a security policy to detect and reveal potential holes in implemented rule sets. We present a straightforward verification method based on representation of a firewall configuration as a set of logical formulas suitable for automated analysis using SAT/SMT tools. We demonstrate how such configuration can be analyzed for security policy violation that can be inferred from a security policy specification of an industrial automation system.
Keywords :
IP networks; SCADA systems; computer network security; firewalls; formal specification; formal verification; process control; production engineering computing; IP address; Internet; SAT/SMT tools; SCADA environment; SCADA network; SCADA system security; company enterprise network; critical process control; cyber-security requirements; firewall configuration verification; firewall device; firewall policy analysis; industrial automation system; industrial system; logical formula; network security; security policy specification; security policy violation; straightforward verification method; Abstracts; Arrays; Ports (Computers); Radiation detectors; SCADA systems; Security; Vectors;
Conference_Titel :
Computer Science and Information Systems (FedCSIS), 2013 Federated Conference on
Conference_Location :
Krako??w
