Professional Documents
Culture Documents
Organizational Security Architecture For Critical Infrastructure
Organizational Security Architecture For Critical Infrastructure
Abstract
The governance of critical infrastructures requires a
fail-safe dedicated security management organization.
This organization must provide the structure and mechanisms necessary for supporting the business processes
execution, including: decision-making support and the
alignment of this latter with the application functions and
the network components. Most research in this field focuses on elaborating the SCADA system which embraces
components for data acquisition, alert correlation and
policy instantiation. At the application layer, one of the
most exploited approaches for supporting SCADA is
built up on multi-agent system technology. Notwithstanding the extent of existing work, no model allows to
represent these systems in an integrated manner and to
consider different layers of the organization. Therefore,
we propose an innovative version of ArchiMate for
multi-agent purpose with the objective to enrich the
agent society collaboration and, more particularly, the
description of the agents behavior. Our work is has been
illustrated in the context of a critical infrastructure in the
field of a financial acquiring/issuing mechanism for card
payments.
Keywords: Critical infrastructure governance, ArchiMate,
Multi-agent System, Alignment, Case study, Financial
sector.
1. Introduction
Most research in the field of critical infrastructure
focuses on elaborating the SCADA system [18] [19]
which embraces the following three functions: data acquisition at RTU level, alert correlation, policy instantiation and deployment [20], each of the latter being operationalized with different technologies, protocols or
methods. These reaction tools are in practice operationalized at different layers of the management of the infrastructure security, from the very technical layer, to the
application layer, up to the organizational layer. One of
the most exploited approaches for supporting critical
infrastructure is the use of agents [21]. Agents are indeed
perfectly adapted to operating in critical situation due to
1
of this representation, we are confronted with the management of heterogeneous and distributed architecture
which calls for a rethinking of the distribution of the security procedures between both: human and software
autonomous entities [21]. Although having been handled
by human employees for a long time, the organisational
policies of complex systems, nowadays, need to be
shared with intelligent software items, often perceived as
being more adapted for action in critical situations. These
policies are deployed considering the responsibility [23]
of the agent for autonomous acting in open, distributed
and heterogeneous environments, whether in connection
or not with an upper authority. Acknowledging this situation, we are forced to admit that software agents are no
longer to be considered only as basic software components deployed to support business activities, but that
they are responsible [17], such as the business actors, for
playing some kind of business role, and for performing
business tasks accordingly. In view of this, acquiring
an innovative enterprise architecture framework that allow to represent the behavioural policies of such agents
appears fully justified and required by the practitioners,
especially the ones engaged in the management of those
critical infrastructures.
In this paper, we propose to explore ArchiMate, an enterprise Architecture framework, and to redraw its structure in order to fit in with agent software actors specificities. The main focus concerns the design and the consideration of responsibility driven policies (RDP) [16]
which are centric concepts related to the activation of
agents behaviours. The paper is structured as follows,
after having sighted the related works concerning enterprise architecture models in Section 2, we review and
model the concept of policy that represents the engine of
the agent modelling framework in Section 3. Section 4
explains layer by layer the entire metamodel and illustrates the different components. In Section 5 we present a
case study which illustrates the exploitation of the enhanced ArchiMate for Multi-agent System. Finally,
Section 6 concludes the paper.
generate codes, but does not provide links between diagrams and therefore makes it difficult to use for alignment purposes or with other languages (e.g. MOF [3],
Dsml4mas[5]). Globally, we observe that these solutions
aim at modelling the application layer of MAS. CARBA[15] provides a dynamic architecture for MAS similar
to the middleware CORBA, which is based on the role
played by the agent. This approach introduces a concept
of Interface and Service which is similar to the one in
ArchiMate that we reused in our proposal.
We observed that agent systems for critical infrastructure
(CI) are organized in a way close to the enterprises system, our idea is to analyse how an enterprise architecture
model may be slightly reworked and adapted to MAS.
Therefore, we decided to use ArchiMate which has the
following advantage of being supported by the Open
Group 1 which has a large community and proposes a
uniform structure for modelling enterprise architecture.
Another advantage of ArchiMate is its use of a clear
link to existing modelling languages like UML. With
regard to this, we think that it is relevant to provide a
lean and simple structure compliant with the new version
of UML to model any MAS. As a conclusion of our state
of the art, we acknowledge the many other models or
frameworks which provide solutions for modelling MAS
whether they are compliant with other modeling languages or not. As far as we know, no existing approach
provides a multiple layer view or an integrated view of
these layers.
In order to create this Metamodel, we realized a specialization of the original ArchiMate Metamodel for
1
http://www.opengroup.org/archimate/
Context
Responsibilities
Figure 8 : Acquiring/Issuing process and association with the agents reaction architecture
We called a transaction a communication of information from one agent to another (e.g. ACE sends alert
to PIE), and then we considered the monitoring as the
representation of information from an external device.
Firstly, the Organizational Role of the ACE was represented as a Collaboration of the PIE Role and the Device Role. Each Role of the Collaboration communicates
with the ACE through a proper Organizational Interface,
one for the monitoring and another one for the transaction. ACE Role provides two Organizational Services
depending on only one Organizational Policy which is
dealing with two Events respectively for the monitoring
and the transaction. Secondly, the two Organizational
Services provided by the ACE agent were regrouped into
a correlation service symbolized by the Product concept.
This Product has the objective Value to reduce a crisis
by giving a guarantee of short reaction time represented
by the Contract concept. Finally the Contract was applied to the Organizational Object for monitoring information and transaction information.
6. Conclusions
Figure 10 : ACE agent model
IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology - Volume 02 (WI-IAT
'11), Vol. 2. IEEE Computer Society, Washington, DC, USA,
272-275. DOI=10.1109/WI-IAT.2011.194
[10] Christophe Feltus, Eric Dubois, Erik Proper, Iver Band,
and Michal Petit. 2012. Enhancing the ArchiMate standard
with a responsibility modeling language for access rights management. In Proceedings of the Fifth International Conference
on Security of Information and Networks (SIN '12). ACM, New
York, NY, USA, 12-19. DOI=10.1145/2388576.2388577
[11] Gustaf Neumann and Mark Strembeck. 2002. A scenario-driven role engineering process for functional RBAC roles. In
Proceedings of the seventh ACM symposium on Access control
models and technologies (SACMAT '02). ACM, New York,
NY, USA, 33-42. DOI=10.1145/507711.507717 M.
[12] Lankhorst. ArchiMate language primer, 2004.
[13] Zachman, John A. 2003. The Zachman Framework For
Enterprise Architecture : Primer for Enterprise Engineering and
Manufacturing By. Engineering, no. July: 1-11.
[14] UML 2 ( http://www.uml.org/)
[15] W. Jiao, Z. Shi, A dynamic architecture for multi-agent
systems, Technology of Object-Oriented Languages and Systems, 1999. TOOLS 31. pp.253-260, 1999
[16] Cedric Bonhomme, Christophe Feltus, and Michal Petit.
2011. Dynamic Responsibilities Assignment in Critical Electronic Institutions - A Context-Aware Solution for in Crisis
Access Right Management. In Proceedings of the 2011 Sixth
International Conference on Availability, Reliability and Security (ARES '11). IEEE Computer Society, Washington, DC,
USA, 248-253. DOI=10.1109/ARES.2011.43
[17] Christophe Feltus and Michal Petit, Building a Responsibility Model Including Accountability, Capability and Commitment, Fourth International Conference on Availability, Reliability and Security (ARES 2009 The International Dependability Conference), DOI=10.1109/ARES.2009.45
[18] John D. Fernandez and Andres E. Fernandez. 2005.
SCADA systems: vulnerabilities and remediation. J. Comput.
Sci. Coll. 20, 4 (April 2005), 160-168.
[19] B. Miller and D. Rowe. 2012. A survey SCADA of and
critical infrastructure incidents. In Proceedings of the 1st Annual
conference on Research in information technology (RIIT '12).
ACM, New York, NY, USA, 51-56.
[20] J. Lloyd Hieb. 2008. Security Hardened Remote Terminal
Units for Scada Networks. Ph.D. Dissertation. University of
Louisville, Louisville, USA. AAI3308346.
[21] H.-M. Kim, D.-J. Kang, and T.-H. Kim. 2007. Flexible
Key Distribution for SCADA Network using Multi-Agent System. ECSIS Symposium on Bio-inspired, Learning, and Intelligent Systems for Security, IEEE, Washington, USA, 29-34.
[22] Tomomichi Seki, Hideaki Sato, Toshibumi Seki, Tatsuji
Tanaka, and Hadime. Watanabe. 1997. Decentralized Autonomous Object-Oriented EMS/SCADA System. In Proceedings of
the 3rd International Symposium on Autonomous Decentralized
Systems (ISADS '97). IEEE Computer Society, Washington,
DC, USA.
[23] Christophe Feltus, Michal Petit, and Eric Dubois. 2009.
Strengthening employee's responsibility to enhance governance
of IT: COBIT RACI chart case study. In Proceedings of the first
ACM workshop on Information security governance (WISG
'09).
ACM,
New
York,
NY,
USA,
23-32.
DOI=10.1145/1655168.1655174
7. Acknowledgements
The research described in this paper is funded by the
CockpitCI research project within the 7th framework
Programme (FP7) of the European Union (EU) (topic
SEC-2011.2.5-1 Cyber-attacks against critical infrastructures Capability Project).
REFERENCES
[1] Franco Zambonelli, Nicholas R. Jennings, and Michael
Wooldridge. 2003. Developing multiagent systems: The Gaia
methodology. ACM Trans. Softw. Eng. Methodol. 12, 3 (July
2003), 317-370. DOI=10.1145/958961.958963
[2] Viviane Torres da Silva, Ricardo Choren, and Carlos J. P.
de Lucena. 2004. A UML Based Approach for Modeling and
Implementing Multi-Agent Systems. In Proceedings of the
Third International Joint Conference on Autonomous Agents
and Multiagent Systems - Volume 2 (AAMAS '04), Vol. 2.
IEEE Computer Society, Washington, DC, USA, 914-921.
DOI=10.1109/AAMAS.2004.36.
[3] J. J. Gomez-Sanz, J. Pavon, and F. Garijo. 2002. Metamodels for building multi-agent systems. In Proceedings of the
2002 ACM symposium on Applied computing (SAC '02). ACM,
New York, NY, USA, 37-41.
[4] G. Beydoun, C. Gonzalez-Perez, G. Low, B. Henderson-Sellers. 2005. Synthesis of a generic MAS metamodel.
SIGSOFT Softw. Eng. Notes 30, 4 (May 2005), 1-5.
[5] C. Hahn. 2008. A domain specific modeling language for
multiagent systems. In Proceedings of the 7th international joint
conference on Autonomous agents and multiagent systems
Vol. 1 International Foundation for Autonomous Agents and
Multiagent Systems, Richland, SC, 233-240.
[6] AUML (Agent UML), http://www.auml.org/
[7] Prometheus Methodology. http://www.cs.rmit.edu.au/
agents/SAC2/methodology.html
[8] Guy Guemkam, Christophe Feltus, Cdric Bonhomme,
Pierre Schmitt, Benjamin Gteau, Djamel. Khadraoui, Zahia.
Guessoum, Financial Critical Infrastructure: A MAS Trusted
Architecture for Alert Detection and Authenticated Transactions, Sixth IEEE Conference on Network Architecture and
Information System Security, La Rochelle, France
[9] Guy Guemkam, Christophe Feltus, Pierre Schmitt, Cedric
Bonhomme, Djamel Khadraoui, and Zahia Guessoum. 2011.
Reputation Based Dynamic Responsibility to Agent Assignement for Critical Infrastructure. In Proceedings of the 2011