Automated assessment of compliance with security best practices

Zahid Anwar, R H Campbell

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Several standards and best practices have been proposed for critical infrastructure protection. However, the scale and complexity of critical infrastructure assets renders manual compliance checking difficult, if not impossible. This paper focuses on the automated assessment of security compliance of electrical power grid assets. A security model based on predicate calculus is used to express infrastructure elements (e.g., devices, services, protocols, access control implementations) as "acts" and security standards and best practices as "rules" that specify constraints on the facts. A tool chain is applied to automatically generate the security model from specifications and to check compliance with standards and best practices. The tool chain also supports the visualization of network topology and security assessment results to reveal possible points of attack.

Original languageEnglish (US)
Title of host publicationCritical Infrastructure Protection II
EditorsMauricio Papa, Sujeet Shenoi
Pages173-187
Number of pages15
DOIs
StatePublished - Nov 12 2008

Publication series

NameIFIP International Federation for Information Processing
Volume290
ISSN (Print)1571-5736

Fingerprint

Best practice
Assets
Access control
Visualization
Critical infrastructure protection
Grid
Critical infrastructure
Network security
Attack
Network topology

Keywords

  • Compliance assessment
  • First order logic
  • Security best practices

ASJC Scopus subject areas

  • Information Systems and Management

Cite this

Anwar, Z., & Campbell, R. H. (2008). Automated assessment of compliance with security best practices. In M. Papa, & S. Shenoi (Eds.), Critical Infrastructure Protection II (pp. 173-187). (IFIP International Federation for Information Processing; Vol. 290). https://doi.org/10.1007/978-0-387-88523-0_13

Automated assessment of compliance with security best practices. / Anwar, Zahid; Campbell, R H.

Critical Infrastructure Protection II. ed. / Mauricio Papa; Sujeet Shenoi. 2008. p. 173-187 (IFIP International Federation for Information Processing; Vol. 290).

Research output: Chapter in Book/Report/Conference proceedingChapter

Anwar, Z & Campbell, RH 2008, Automated assessment of compliance with security best practices. in M Papa & S Shenoi (eds), Critical Infrastructure Protection II. IFIP International Federation for Information Processing, vol. 290, pp. 173-187. https://doi.org/10.1007/978-0-387-88523-0_13
Anwar Z, Campbell RH. Automated assessment of compliance with security best practices. In Papa M, Shenoi S, editors, Critical Infrastructure Protection II. 2008. p. 173-187. (IFIP International Federation for Information Processing). https://doi.org/10.1007/978-0-387-88523-0_13
Anwar, Zahid ; Campbell, R H. / Automated assessment of compliance with security best practices. Critical Infrastructure Protection II. editor / Mauricio Papa ; Sujeet Shenoi. 2008. pp. 173-187 (IFIP International Federation for Information Processing).
@inbook{90d753fcd9f541189382191c45198925,
title = "Automated assessment of compliance with security best practices",
abstract = "Several standards and best practices have been proposed for critical infrastructure protection. However, the scale and complexity of critical infrastructure assets renders manual compliance checking difficult, if not impossible. This paper focuses on the automated assessment of security compliance of electrical power grid assets. A security model based on predicate calculus is used to express infrastructure elements (e.g., devices, services, protocols, access control implementations) as {"}acts{"} and security standards and best practices as {"}rules{"} that specify constraints on the facts. A tool chain is applied to automatically generate the security model from specifications and to check compliance with standards and best practices. The tool chain also supports the visualization of network topology and security assessment results to reveal possible points of attack.",
keywords = "Compliance assessment, First order logic, Security best practices",
author = "Zahid Anwar and Campbell, {R H}",
year = "2008",
month = "11",
day = "12",
doi = "10.1007/978-0-387-88523-0_13",
language = "English (US)",
isbn = "9780387885223",
series = "IFIP International Federation for Information Processing",
pages = "173--187",
editor = "Mauricio Papa and Sujeet Shenoi",
booktitle = "Critical Infrastructure Protection II",

}

TY - CHAP

T1 - Automated assessment of compliance with security best practices

AU - Anwar, Zahid

AU - Campbell, R H

PY - 2008/11/12

Y1 - 2008/11/12

N2 - Several standards and best practices have been proposed for critical infrastructure protection. However, the scale and complexity of critical infrastructure assets renders manual compliance checking difficult, if not impossible. This paper focuses on the automated assessment of security compliance of electrical power grid assets. A security model based on predicate calculus is used to express infrastructure elements (e.g., devices, services, protocols, access control implementations) as "acts" and security standards and best practices as "rules" that specify constraints on the facts. A tool chain is applied to automatically generate the security model from specifications and to check compliance with standards and best practices. The tool chain also supports the visualization of network topology and security assessment results to reveal possible points of attack.

AB - Several standards and best practices have been proposed for critical infrastructure protection. However, the scale and complexity of critical infrastructure assets renders manual compliance checking difficult, if not impossible. This paper focuses on the automated assessment of security compliance of electrical power grid assets. A security model based on predicate calculus is used to express infrastructure elements (e.g., devices, services, protocols, access control implementations) as "acts" and security standards and best practices as "rules" that specify constraints on the facts. A tool chain is applied to automatically generate the security model from specifications and to check compliance with standards and best practices. The tool chain also supports the visualization of network topology and security assessment results to reveal possible points of attack.

KW - Compliance assessment

KW - First order logic

KW - Security best practices

UR - http://www.scopus.com/inward/record.url?scp=55549147190&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=55549147190&partnerID=8YFLogxK

U2 - 10.1007/978-0-387-88523-0_13

DO - 10.1007/978-0-387-88523-0_13

M3 - Chapter

AN - SCOPUS:55549147190

SN - 9780387885223

T3 - IFIP International Federation for Information Processing

SP - 173

EP - 187

BT - Critical Infrastructure Protection II

A2 - Papa, Mauricio

A2 - Shenoi, Sujeet

ER -