Automated assessment of compliance with security best practices

Zahid Anwar; Roy Campbell

doi:10.1007/978-0-387-88523-0_13

Automated assessment of compliance with security best practices

Research output: Chapter in Book/Report/Conference proceeding › Chapter

Abstract

Several standards and best practices have been proposed for critical infrastructure protection. However, the scale and complexity of critical infrastructure assets renders manual compliance checking difficult, if not impossible. This paper focuses on the automated assessment of security compliance of electrical power grid assets. A security model based on predicate calculus is used to express infrastructure elements (e.g., devices, services, protocols, access control implementations) as "acts" and security standards and best practices as "rules" that specify constraints on the facts. A tool chain is applied to automatically generate the security model from specifications and to check compliance with standards and best practices. The tool chain also supports the visualization of network topology and security assessment results to reveal possible points of attack.

Original language	English (US)
Title of host publication	Critical Infrastructure Protection II
Editors	Mauricio Papa, Sujeet Shenoi
Pages	173-187
Number of pages	15
DOIs	https://doi.org/10.1007/978-0-387-88523-0_13
State	Published - 2008

Publication series

Name	IFIP International Federation for Information Processing
Volume	290
ISSN (Print)	1571-5736

Keywords

Compliance assessment
First order logic
Security best practices

ASJC Scopus subject areas

Information Systems and Management

Online availability

10.1007/978-0-387-88523-0_13

Library availability

Discover UIUC Full Text

Cite this

@inbook{90d753fcd9f541189382191c45198925,

title = "Automated assessment of compliance with security best practices",

abstract = "Several standards and best practices have been proposed for critical infrastructure protection. However, the scale and complexity of critical infrastructure assets renders manual compliance checking difficult, if not impossible. This paper focuses on the automated assessment of security compliance of electrical power grid assets. A security model based on predicate calculus is used to express infrastructure elements (e.g., devices, services, protocols, access control implementations) as {"}acts{"} and security standards and best practices as {"}rules{"} that specify constraints on the facts. A tool chain is applied to automatically generate the security model from specifications and to check compliance with standards and best practices. The tool chain also supports the visualization of network topology and security assessment results to reveal possible points of attack.",

keywords = "Compliance assessment, First order logic, Security best practices",

author = "Zahid Anwar and Roy Campbell",

year = "2008",

doi = "10.1007/978-0-387-88523-0_13",

language = "English (US)",

isbn = "9780387885223",

series = "IFIP International Federation for Information Processing",

pages = "173--187",

editor = "Mauricio Papa and Sujeet Shenoi",

booktitle = "Critical Infrastructure Protection II",

}

TY - CHAP

T1 - Automated assessment of compliance with security best practices

AU - Anwar, Zahid

AU - Campbell, Roy

PY - 2008

Y1 - 2008

N2 - Several standards and best practices have been proposed for critical infrastructure protection. However, the scale and complexity of critical infrastructure assets renders manual compliance checking difficult, if not impossible. This paper focuses on the automated assessment of security compliance of electrical power grid assets. A security model based on predicate calculus is used to express infrastructure elements (e.g., devices, services, protocols, access control implementations) as "acts" and security standards and best practices as "rules" that specify constraints on the facts. A tool chain is applied to automatically generate the security model from specifications and to check compliance with standards and best practices. The tool chain also supports the visualization of network topology and security assessment results to reveal possible points of attack.

AB - Several standards and best practices have been proposed for critical infrastructure protection. However, the scale and complexity of critical infrastructure assets renders manual compliance checking difficult, if not impossible. This paper focuses on the automated assessment of security compliance of electrical power grid assets. A security model based on predicate calculus is used to express infrastructure elements (e.g., devices, services, protocols, access control implementations) as "acts" and security standards and best practices as "rules" that specify constraints on the facts. A tool chain is applied to automatically generate the security model from specifications and to check compliance with standards and best practices. The tool chain also supports the visualization of network topology and security assessment results to reveal possible points of attack.

KW - Compliance assessment

KW - First order logic

KW - Security best practices

UR - http://www.scopus.com/inward/record.url?scp=55549147190&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=55549147190&partnerID=8YFLogxK

U2 - 10.1007/978-0-387-88523-0_13

DO - 10.1007/978-0-387-88523-0_13

M3 - Chapter

AN - SCOPUS:55549147190

SN - 9780387885223

T3 - IFIP International Federation for Information Processing

SP - 173

EP - 187

BT - Critical Infrastructure Protection II

A2 - Papa, Mauricio

A2 - Shenoi, Sujeet

ER -

Automated assessment of compliance with security best practices

Abstract

Publication series

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this