Table Of ContentIFIP Advances in Information
and Communication Technology 311
Editor-in-Chief
A.JoeTurner,Seneca,SC,USA
EditorialBoard
FoundationsofComputerScience
MikeHinchey,Lero,Limerick,Ireland
Software:TheoryandPractice
BertrandMeyer,ETHZurich,Switzerland
Education
BernardCornu,CNED-EIFAD,Poitiers,France
InformationTechnologyApplications
RonaldWaxman,EDAStandardsConsulting,Beachwood,OH,USA
CommunicationSystems
GuyLeduc,UniversitédeLiège,Belgium
SystemModelingandOptimization
JacquesHenry,UniversitédeBordeaux,France
InformationSystems
BarbaraPernici,PolitecnicodiMilano,Italy
RelationshipbetweenComputersandSociety
ChrisanthiAvgerou,LondonSchoolofEconomics,UK
ComputerSystemsTechnology
PaoloPrinetto,PolitecnicodiTorino,Italy
SecurityandPrivacyProtectioninInformationProcessingSystems
KaiRannenberg,GoetheUniversityFrankfurt,Germany
ArtificialIntelligence
MaxA.Bramer,UniversityofPortsmouth,UK
Human-ComputerInteraction
AnneliseMarkPejtersen,CenterofCognitiveSystemsEngineering,Denmark
EntertainmentComputing
RyoheiNakatsu,NationalUniversityofSingapore
IFIP–TheInternationalFederationforInformationProcessing
IFIPwasfoundedin1960undertheauspicesofUNESCO,followingtheFirst
WorldComputerCongressheldinParisthepreviousyear.Anumbrellaorgani-
zation for societies working in information processing, IFIP’s aim is two-fold:
tosupportinformationprocessingwithinitsmembercountriesandtoencourage
technologytransfertodevelopingnations.Asitsmissionstatementclearlystates,
IFIP’s mission is to be the leading, truly international, apolitical
organizationwhichencouragesandassistsinthedevelopment,ex-
ploitationandapplicationofinformationtechnologyforthebenefit
ofallpeople.
IFIPisanon-profitmakingorganization,runalmostsolelyby2500volunteers.It
operatesthroughanumberoftechnicalcommittees,whichorganizeeventsand
publications.IFIP’seventsrangefromaninternationalcongresstolocalseminars,
butthemostimportantare:
• TheIFIPWorldComputerCongress,heldeverysecondyear;
• Openconferences;
• Workingconferences.
TheflagshipeventistheIFIPWorldComputerCongress,atwhichbothinvited
andcontributedpapersarepresented.Contributedpapersarerigorouslyrefereed
andtherejectionrateishigh.
As with the Congress, participation in the open conferences is open to all and
papersmaybeinvitedorsubmitted.Again,submittedpapersarestringentlyref-
ereed.
The working conferences are structured differently. They are usually run by a
workinggroupandattendanceissmallandbyinvitationonly.Theirpurposeis
tocreateanatmosphereconducivetoinnovationanddevelopment.Refereeingis
lessrigorousandpapersaresubjectedtoextensivegroupdiscussion.
Publications arising from IFIP events vary. The papers presented at the IFIP
WorldComputerCongressandatopenconferencesarepublishedasconference
proceedings,whiletheresultsoftheworkingconferencesareoftenpublishedas
collectionsofselectedandeditedpapers.
Anynationalsocietywhoseprimaryactivityisininformationmayapplytobe-
comeafullmemberofIFIP,althoughfullmembershipisrestrictedtoonesociety
percountry.FullmembersareentitledtovoteattheannualGeneralAssembly,
Nationalsocietiespreferringalesscommittedinvolvementmayapplyforasso-
ciateorcorrespondingmembership.Associatemembersenjoythesamebenefits
asfullmembers,butwithoutvotingrights.Correspondingmembersarenotrep-
resentedinIFIPbodies.Affiliatedmembershipisopentonon-nationalsocieties,
andindividualandhonorarymembershipschemesarealsooffered.
Charles Palmer Sujeet Shenoi (Eds.)
Critical
Infrastructure
Protection III
ThirdAnnual IFIP WG 11.10 International Conference
on Critical Infrastructure Protection
Hanover, New Hampshire, USA, March 23-25, 2009
Revised Selected Papers
1 3
VolumeEditors
CharlesPalmer
DartmouthCollege,I3P
Hanover,NH03755,USA
E-mail:[email protected]
SujeetShenoi
UniversityofTulsa
Tulsa,OK74104,USA
E-mail:[email protected]
LibraryofCongressControlNumber:2009935462
CRSubjectClassification(1998):B.8,C.4,B.1.3,B.2.3,B.7.3,C.2,I.6
ISSN 1868-4238
ISBN-10 3-642-04797-1SpringerBerlinHeidelbergNewYork
ISBN-13 978-3-642-04797-8SpringerBerlinHeidelbergNewYork
Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis
concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting,
reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication
orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965,
initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable
toprosecutionundertheGermanCopyrightLaw.
springer.com
©IFIPInternationalFederationforInformationProcessing2009
PrintedinGermany
Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India
Printedonacid-freepaper SPIN:12768615 06/3180 543210
Contents
Contributing Authors ix
Preface xv
PART I RISK MANAGEMENT
1
Information Risk Management and Resilience 3
Scott Dynes
2
Does the Liberalization of the European Railway Sector Increase 19
Systemic Risk?
Marc Laperrouza
3
Risk-Based Criticality Analysis 35
Marianthi Theoharidou, Panayiotis Kotzanikolaou and Dimitris
Gritzalis
4
Modeling and Managing Risk in Billing Infrastructures 51
Fabrizio Baiardi, Claudio Telmon and Daniele Sgandurra
PART II CONTROL SYSTEMS SECURITY
5
A Taxonomy of Attacks on the DNP3 Protocol 67
Samuel East, Jonathan Butts, Mauricio Papa and Sujeet Shenoi
6
Design and Implementation of a Secure Modbus Protocol 83
Igor Nai Fovino, Andrea Carcano, Marcelo Masera and Alberto
Trombetta
vi CRITICAL INFRASTRUCTURE PROTECTION III
7
Providing Situational Awareness for Pipeline Control Operations 97
JonathanButts,HugoKleinhans,RodrigoChandia, MauricioPapa
and Sujeet Shenoi
8
Enhancing the Safety, Security and Resilience of ICT and SCADA 113
Systems Using Action Research
Stig Johnsen, Torbjorn Skramstad and Janne Hagen
9
AnOntologyforIdentifyingCyberIntrusionInducedFaultsinPro- 125
cess Control Systems
Jeffrey Hieb, James Graham and Jian Guan
10
Using Physical Models for Anomaly Detection in Control Systems 139
Nils Svendsen and Stephen Wolthusen
11
Detecting Anomalies in Process Control Networks 151
Julian Rrushi and Kyoung-Don Kang
PART III INFRASTRUCTURE SECURITY
12
Nondeducibility-Based Analysis of Cyber-Physical Systems 169
Thoshitha Gamage and Bruce McMillin
13
Stack-BasedBufferOverflowsinHarvardClassEmbeddedSystems 185
Kristopher Watts and Paul Oman
14
Secure Cross-Domain Train Scheduling 199
Mark Hartong, Rajni Goel and Duminda Wijesekera
PART IV INFRASTRUCTURE MODELING AND SIMULATION
15
AHolistic-ReductionisticApproachforModelingInterdependencies 215
Stefano De Porcellinis, Gabriele Oliva, Stefano Panzieri and
Roberto Setola
Contents vii
16
Ontology-BasedCritical Infrastructure Modeling and Simulation 229
Vincenzo Masucci, Francesco Adinolfi, Paolo Servillo, Giovanni
Dipoppa and Alberto Tofani
17
A Framework for Modeling Interdependencies in Japan’s Critical 243
Infrastructures
Zaw Zaw Aung and Kenji Watanabe
Contributing Authors
Francesco Adinolfi is a Senior Researcher at the Research Center for Infor-
mationandCommunicationsTechnologies(CRIAI),Portici,Italy. Hisresearch
interests include knowledge management systems, ontologies and knowledge
models, grid computing and open-source platforms.
Zaw Zaw Aung is a Ph.D. student of Information Science and Control En-
gineering at Nagaoka University of Technology, Nagaoka, Japan. His research
interests include operational risk management, interdependency analysis and
critical infrastructure modeling.
Fabrizio Baiardi is a ProfessorofInformatics atthe UniversityofPisa,Pisa,
Italy. Hisresearchinterestsincludecriticalinfrastructureprotection,riskman-
agementofinformationandcommunicationssystems,andvirtualization-based
approaches.
Jonathan Butts is a Ph.D. student in Computer Science at the University of
Tulsa, Tulsa, Oklahoma. His research interests include network, telecommuni-
cations and SCADA systems security.
Andrea Carcano is a Researcher at the University of Insubria, Varese, Italy.
His researchinterests include industrial SCADA protocols and architectures.
Rodrigo Chandia is a Ph.D. student in Computer Science at the University
of Tulsa, Tulsa, Oklahoma. His research interests include SCADA security,
computer security and open-source software development methodologies.
Stefano De Porcellinis is a Researcherat University Campus Bio-Medico of
Rome, Rome, Italy. His research interests include critical infrastructure mod-
eling, simulation environments for complex systems, and fuzzy and nonlinear
control techniques.
x CRITICAL INFRASTRUCTURE PROTECTION III
Giovanni DipoppaisaSeniorResearcherintheDepartmentofModelingand
SimulationatENEACasacciaLaboratories,Rome,Italy. Hisresearchinterests
includereal-timeembeddedsystems,machinelearningandoperationsresearch.
Scott Dynes is a Senior Research Fellow at the Center for Digital Strategies,
Tuck School of Business, Dartmouth College, Hanover, New Hampshire. His
research interests include information risk management and the resilience of
critical infrastructures to cyber disruptions.
SamuelEastreceivedhisM.S.degreeinComputerSciencefromtheUniversity
ofTulsa,Tulsa,Oklahoma. His researchinterestsinclude networksecurityand
SCADA systems security.
Thoshitha Gamage is a Ph.D. student in Computer Science at the Missouri
University of Science and Technology, Rolla, Missouri. His research interests
include information assurance, infrastructure protection and formal methods.
Rajni Goel is an Associate Professor of Information Systems and Decision
SciencesatHowardUniversity,Washington,DC.Herresearchinterestsinclude
information assurance, forensics, control systems security and data mining.
James Graham is the Henry Vogt Professor of Computer Science and En-
gineering at the University of Louisville, Louisville, Kentucky. His research
interests include information security, digital forensics, critical infrastructure
protection, high performance computing and intelligent systems.
Dimitris Gritzalis is a Professor of ICT Security and the Director of the
InformationSecurityandCriticalInfrastructureProtectionResearchGroupat
Athens University of Economics and Business, Athens, Greece. His research
interests include critical ICT infrastructure protection, security in ubiquitous
computing, IT security paradigms, VoIP security and IT security education.
Jian Guan is anAssociate ProfessorofComputer InformationSystems inthe
College of Business and Public Administration at the University of Louisville,
Louisville, Kentucky. His researchinterests include ontologicalmodeling, fault
diagnosis and sales force automation systems.
Janne Hagen is a Ph.D. candidate in Computer and Information Science
from the Norwegian Defence Research Establishment, who is studying at the
University of Oslo, Oslo, Norway. Her research interests include information
security, critical infrastructure protection and risk assessment.
Contributing Authors xi
Mark HartongisaSeniorElectronicsEngineerwiththeOfficeofSafety,Fed-
eralRailroadAdministration,U.S.DepartmentofTransportation,Washington,
DC.Hisresearchinterestsinclude informationassurance,digitalforensics,net-
work security, control systems security, risk analysis and theoretical computer
science.
Jeffrey Hieb is an Assistant Professor of Engineering Fundamentals at the
University of Louisville, Louisville, Kentucky. His research interests include
informationsecurity,honeypots,digitalforensics,secureoperatingsystemsand
engineering education.
Stig Johnsen is a Senior ResearchScientist at SINTEF, Trondheim, Norway.
Hisresearchinterestsincludeinformationsecurity,SCADAsystems,integrated
oil and gas operations, and plant safety.
Kyoung-Don Kang is an Assistant Professor of Computer Science at the
State University of New York at Binghamton, Binghamton, New York. His
researchinterestsinclude real-timedataservices,wirelesssensornetworks,and
wireless network and embedded system security.
Hugo Kleinhans is a Ph.D. student in Computer Science at the University
of Tulsa, Tulsa, Oklahoma. His research interests include distributed systems,
critical infrastructure protection, digital forensics and cyber policy.
Panos KotzanikolaouisaLecturerofITSecurityandPrivacyattheUniver-
sityofPiraeus,Piraeus,Greece;andaSeniorMemberoftheInformationSecu-
rity and Critical Infrastructure Protection Research Group at Athens Univer-
sity of Economicsand Business,Athens, Greece. His researchinterests include
critical ICT infrastructure protection, mobile code/agent security, intelligent
network security and sensor network security.
Marc Laperrouza is a PostdoctoralFellow in the College of Management at
the Swiss FederalInstitute ofTechnology,Lausanne,Switzerland. His research
interests include the reform and regulation of network industries.
Marcelo Maserais a Scientific Officer atthe Institute for the Protectionand
Security of the Citizen, Joint Research Center of the European Commission,
Ispra,Italy. Hisresearchinterestsincludethesecurityofnetworkedsystemsand
systems of systems, risk governance, and control systems and communication
systems security.
