{"title":"An alarm based access control model for SCADA system","authors":"Payam Mahmoudi Nasr, A. Y. Varjani","doi":"10.1109/SGC.2015.7857424","DOIUrl":null,"url":null,"abstract":"Insider attacks are one of the most dangerous threats on security of critical infrastructures. An insider attack occurs when an authorized operator misuses the permissions, and brings catastrophic damages by sending legitimate control commands. Providing too many permissions may backfire, when operators wrongly or deliberately abuse their privileges. Therefore, an access control model is required to provide necessary permissions and prevent malicious usage. This paper proposes a new access control model in Supervisory Control and Data Acquisition (SCADA) system. Proposed model extends the Role Based Access Control (RBAC) model by incorporating an operator trust assessment process. The operator trust is calculated periodically or when an insider attack is detected. The simulation results illustrate that the proposed model is effective, and the access of attacker or unskilled operator will be limited as the access of skilled operator will be increased.","PeriodicalId":117785,"journal":{"name":"2015 Smart Grid Conference (SGC)","volume":"150 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 Smart Grid Conference (SGC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SGC.2015.7857424","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
Insider attacks are one of the most dangerous threats on security of critical infrastructures. An insider attack occurs when an authorized operator misuses the permissions, and brings catastrophic damages by sending legitimate control commands. Providing too many permissions may backfire, when operators wrongly or deliberately abuse their privileges. Therefore, an access control model is required to provide necessary permissions and prevent malicious usage. This paper proposes a new access control model in Supervisory Control and Data Acquisition (SCADA) system. Proposed model extends the Role Based Access Control (RBAC) model by incorporating an operator trust assessment process. The operator trust is calculated periodically or when an insider attack is detected. The simulation results illustrate that the proposed model is effective, and the access of attacker or unskilled operator will be limited as the access of skilled operator will be increased.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
