Академический Документы
Профессиональный Документы
Культура Документы
ABSTRACT
Dynamic distributed wireless networks constitute a critical pillar
for the information system. Nonetheless, the openness of these
networks makes them very sensitive to external attack such as the
DoS. Being able to monitor the conviction level of network
components and to react in a short time once an incident is
detected is a crucial challenge for their survival. In order to face
those problems, research tends to evolve towards more dynamic
solutions that are able to detect and validate network anomalies
and to adapt themselves in order to retrieve a secure
configuration. In this position paper, we complete our previous
works and make the assignment of functions to agents more
contextual. Our approach considers the concept of agent
responsibility that we assigned dynamically to agent and that we
exploit in order to analyze the level of conviction in the
component. In this current paper, we provide an insight of the
architecture without depicting the assignment mechanism neither
the conviction calculation.
General Terms
Management, Measurement, Performance, Design, Reliability,
Experimentation, Security, Standardization, Verification.
Keywords
Keywords are your own designated keywords.
1. INTRODUCTION
2. ReD ARCHITECTURE
Permission to make digital or hard copies of all or part of this work for
personal or classroom use is granted without fee provided that copies are
not made or distributed for profit or commercial advantage and that
copies bear this notice and the full citation on the first page. To copy
otherwise, to republish, to post on servers or to redistribute to lists,
requires prior specific permission and/or a fee.
SIN'13, November 26-28, 2013, Aksaray, Turkey
Copyright 2012 ACM 978-1-4503-1668-2/12/10... $15.00.
Figure 1. ReD node Architecture mapped with BARWAN case study [14]
1
and the previous log values and to report this analysis to the ACE
in case of suspected alert. In order to perform the monitoring
activity, the PEP is assigned to obligations of achieving some
tasks and he gains in parallel the access rights needed to perform
these tasks. When a crisis occurs, for instance a DoS attack, one
or more PEP agents can be isolated from the rest of the network,
the normal monitoring rules and procedures do no longer work as
usual and it is required to change the responsibility of the agents.
For instance, in the above case, other agents have to fulfill the
responsibilities of the isolated PEP.
3. AGENT RESPONSIBILITY
3.1 Responsibility Model
In a non-crisis context, agents are assigned to responsibilities like
PEP, PIE, ACE, etc. By analyzing for instance the activity of
monitoring the fileserver (see Fig. 2), we observe e.g. that the PEP
concerned by that activity has the responsibility to collect the log
file on the firewall, to make a basic correlation between the values
1
Capabilities
Level of Trust
O1: Must retrieve the logs from the
component it monitors
PEP
Rights
C1: Is on the same network as the component to control
C2: Be able to communicate with the PDP
C3: Be able to communicate with the facilitator agent
C4: Have enough computing resource to monitor the component
to control
C5: Be able to communicate with the MAS management layer
C6. Must be able to encrypt data
C7. Be able to communicate securely with the ACE
PDP
T: 3,365
ACE
T: 4,897
O1: Must communicate with the PEP or
others ACE to receive alert message
O2. Must correlate the Alerts from different
PEP or from inferior ACE
O3. Must confirm the alert to related PIE
Facilitator
Mapping of
Rights to
Obligations
R1, R2, R4
C1, C2, C4
R3
C3
C5, C6, C7
R5
C1, C2
R1, R2, R3
C1, C3, C4
R1, R2
C2, C3, C4
R4
C1
R2, R3
C2, C3,
R3
C2, C3, C5
R1, R4
C1, C2
R1, R2, R3
C3
R1, R2, R3
Mapping of
Capabilities to
Obligations
R)
(C0
C)
(TpT)
(1)
A0 (R, C, T) = 1
(2)
With:
R the current rights of the agent
C the current capabilities of the agent
R0 the set of rights necessary for fulfilling obligation O
C0 the set of capabilities necessary for fulfilling obligation O
R0 include in R if for each right R0, i, part of R0, R0,i R
C0 include in C if for each capability C0, i, part of C0, C0,i C
Tp the trust at period p.
Relations (1) and (2) imply that the satisfaction of an obligation
can only be guaranteed if the set of rights allocated to the agent and
its current capabilities are both subsets of the set of rights and
capabilities required for the satisfaction of that obligation and if the
trust level at period p (Tp) is higher or at least equal to the
reference T. As illustration, Table 2 provides the set of rights,
capabilities and trust possessed by the agents being assigned to
responsibilities on the network at a period (p). The table reveals for
instance that to make the PEP able to fulfill obligation O1: Must
retrieve the logs from the component it monitors, it should be on
the same network than the component to control (C1), have enough
computing resource to monitor the component to control (C4), be
Current agents
capabilities
Current agents
obligations
Conviction of obligation
fulfillment
R1, R2, R4
C1, C4
R3
Level of Trust
PEP
C3
C5, C6, C7
R5
O1: Based on the incident report from the PEP, must decide
which reaction policy is appropriate to be deployed by the PEP
C1, C2
R1, R2,
C1, C3, C4
R1, R2
C2, C3,
R4
C1
C2, C3,
R2, R3
R3
1
1
C2, C3, C5
R1, R4
C1, C2
R1, R2, R3
R1, R2, R3
ACE
PDP
T: 3
Facilitator
T: 8
O1: Must provide IT addresses of the requested component
O2: Make a mapping between the component name and the
IP address and keep backup
T: 5
6. CONCLUSIONS
Critical infrastructures are more and more present and needs to be
seriously managed and monitor regarding the increasing amount
of threats. This paper presents a solution to automatically react
after an incident on a wireless network based on MAS
architecture. The system initially based on static assignments of
function to agents needed more dynamicity in order to stay
aligned with the new arising risks.
In this position paper, we firstly enhance our previous works by
providing a conceptual representation of the agent responsibilities.
Our solution exploits the concept of agents obligations regarding
tasks, the concepts of right and capability required to satisfy an
obligation and the concept of trust that represent the reliance that
an agent to act as it is requested . Secondly, based on that
definition of the agents responsibilities, a conviction level can be
estimated in order to determine the confidence that the agent can
meet its responsibilities. In the event of such conviction level
being low, decisions can be made as to whether to shift the
fulfillment of such a responsibility to a different agent.
The architecture that we exploit to demonstrate the enhanced
reaction mechanism relies on ReD, which is being tested and
currently produced in our deployment lab case. Practically ReD
defines the structural bases for the alert mechanism that we have
exploited in the paper in order to illustrate the BARWAN project.
Additional lab case demonstrations are currently running and
more formal result are being generated within the CockpiCI
project [18, 19]. The outcomes of these field experiments already
underline the accuracy of the expected conviction model
outcomes and strengthen to recalculate the assurance value within
trust function perspective.
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
7. ACKNOWLEGMENTS
This research is supported and funded by the European FP7Security project CockpiCI, Cybersecurity on SCADA: risk
prediction, analysis and reaction tools for Critical Infrastructures.
8.
REFERENCES
[1]
[2]
[3]
[4]
[16]
[17]
[18]
[19]
[20]