Please use this identifier to cite or link to this item: https://hdl.handle.net/2440/119620
Full metadata record
DC FieldValueLanguage
dc.contributor.advisorRoughan, Matthew-
dc.contributor.authorRanathunga, Dinesha Prasanna-
dc.date.issued2017-
dc.identifier.urihttp://hdl.handle.net/2440/119620-
dc.description.abstractUntil the turn of the millennia, many electricity, water and gas supply plant operators used analogue serial cabling to communicate between highly customised systems to control and manage their plants. Since then, cost reductions and increased flexibility have become possible through the use of COTS (Commodity-Off-The- Shelf) equipment. These have radically changed communication between critical infrastructure devices, but have also introduced risks to the domain; one example being the major incident at a German steel mill in 2014 [14]. Donna F. Dodson, Chief of CyberSecurity at NIST has stated that “There’s an increase in free tools available focusing on industrial control systems. And greater hacker interest.” A common strategy to mitigate these risks is the extensive use of firewalls. Firewalls are not as simple as they appear. Efficient and reliable firewall security requires expertise in arcane, vendor-dependent configuration languages [15] and even then, configuration errors are common [97, 128, 129]. It is easy to complain about short-term thinking in firewall designers, but, at a deeper level the problem is that current approaches conflate multiple concerns: i.e., they incorporate network, protocol and hardware dependent details into security policy, in an unsystematised manner. In this thesis we tackle this problem. We begin by building a mathematically rigorous foundation for the design of security policies that separates divergent concerns. The formal foundations allow security administrators to reason about their network security; for instance to (i) show that certain types of traffic flows are impossible; and (ii) compare their security to industry best practices to check it complies and so on. In particular, we design our policy framework with Supervisory Control And Data Acquisition (SCADA) networks in mind; these networks control the distributed assets of many critical infrastructure plants. In doing so, we consider the requirements of a security policy specification that are general in nature as well as specific to a SCADA network context. An example requirement is verifiability: a property that increases transparency in the framework and provides security administrators assurance of expected security outcome. Lack of verifiability in current firewall configuration platforms contribute to the broken-by-design networks found in practice. Moreover, we apply design principles derived from real SCADA case studies [97] and industry best-practices [21,117], to develop simple policy specification features that are easy to administer correctly. We demonstrate the use of these specification features through a prototype implementation that creates secure-by-design networks. In enabling security by design, we (i) prevent policy emergence: i.e., implicit definition of policy as a result of many small decisions with complex interactions; and (ii) support rigorous verification: from policy consistency and best-practice compliance checks to pre-deployment verification, we only allow deploying policies that deliver the expected security outcome; and (iii) protect proactively: security can’t be purely reactive, placing pre-verified security controls prior to a cyber attack can prevent significant, expensive damage to system infrastructure.en
dc.language.isoenen
dc.subjectSCADA network securityen
dc.subjectzone-conduit modelen
dc.subjectsecurity policyen
dc.subjectfirewall auto-configurationen
dc.titleAuto-configuration of Critical Network Infrastructureen
dc.typeThesisen
dc.contributor.schoolSchool of Mathematical Sciencesen
dc.provenanceThis electronic version is made publicly available by the University of Adelaide in accordance with its open access policy for student theses. Copyright in this thesis remains with the author. This thesis may incorporate third party material which has been used by the author pursuant to Fair Dealing exceptions. If you are the owner of any included third party copyright material you wish to be removed from this electronic version, please complete the take down form located at: http://www.adelaide.edu.au/legalsen
dc.description.dissertationThesis (Ph.D.) -- University of Adelaide, School of Mathematical Sciences, 2017en
Appears in Collections:Research Theses

Files in This Item:
File Description SizeFormat 
Ranathunga2017_PhD.pdf2.33 MBAdobe PDFView/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.