Automated assessment of compliance with security best practices

Zahid Anwar, Roy Campbell

Research output: Chapter in Book/Report/Conference proceedingChapter


Several standards and best practices have been proposed for critical infrastructure protection. However, the scale and complexity of critical infrastructure assets renders manual compliance checking difficult, if not impossible. This paper focuses on the automated assessment of security compliance of electrical power grid assets. A security model based on predicate calculus is used to express infrastructure elements (e.g., devices, services, protocols, access control implementations) as "acts" and security standards and best practices as "rules" that specify constraints on the facts. A tool chain is applied to automatically generate the security model from specifications and to check compliance with standards and best practices. The tool chain also supports the visualization of network topology and security assessment results to reveal possible points of attack.

Original languageEnglish (US)
Title of host publicationCritical Infrastructure Protection II
EditorsMauricio Papa, Sujeet Shenoi
Number of pages15
StatePublished - 2008

Publication series

NameIFIP International Federation for Information Processing
ISSN (Print)1571-5736


  • Compliance assessment
  • First order logic
  • Security best practices

ASJC Scopus subject areas

  • Information Systems and Management

Fingerprint Dive into the research topics of 'Automated assessment of compliance with security best practices'. Together they form a unique fingerprint.

Cite this