922 resultados para GSI (Grid Security Infrastructure)
Resumo:
分析了目前网格计算中最流行的安全机制GSI(Grid Security Infrastructure,网格安全基础设施)和基于GSI的CAS(Community Authorization Service,组织授权服务),提出了一种基于本地角色授权的、能够解决大规模VO(Virtual Organization,虚拟组织)的授权问题的方案.同GSI和CAS不同的是,本方案中的用户只需要进行本地认证就能够根据其在本地组织的角色来访问VO.
Resumo:
Experiences from smart grid cyber-security incidents in the past decade have raised questions on the applicability and effectiveness of security measures and protection mechanisms applied to the grid. In this chapter we focus on the security measures applied under real circumstances in today’s smart grid systems. Beginning from real world example implementations, we first review cyber-security facts that affected the electrical grid, from US blackout incidents, to the Dragonfly cyber-espionage campaign currently focusing on US and European energy firms. Provided a real world setting, we give information related to energy management of a smart grid looking also in the optimization techniques that power control engineers perform into the grid components. We examine the application of various security tools in smart grid systems, such as intrusion detection systems, smart meter authentication and key management using Physical Unclonable Functions, security analytics and resilient control algorithms. Furthermore we present evaluation use cases of security tools applied on smart grid infrastructure test-beds that could be proved important prior to their application in the real grid, describing a smart grid intrusion detection system application and security analytics results. Anticipated experimental results from the use-cases and conclusions about the successful transitions of security measures to real world smart grid operations will be presented at the end of this chapter.
Resumo:
The key attributes of a smarter power grid include: pervasive interconnection of smart devices; extensive data generation and collection; and rapid reaction to events across a widely dispersed physical infrastructure. Modern telecommunications technologies are being deployed across power systems to support these monitoring and control capabilities. To enable interoperability, several new communications protocols and standards have been developed over the past 10 to 20 years. These continue to be refined, even as new systems are rolled out.
This new hyper-connected communications infrastructure provides an environment rich in sub-systems and physical devices that are attractive to cyber-attackers. Indeed, as smarter grid operations become dependent on interconnectivity, the communications network itself becomes a target. Consequently, we examine cyber-attacks that specifically target communications, particularly state-of-the-art standards and protocols. We further explore approaches and technologies that aim to protect critical communications networks against intrusions, and to monitor for, and detect, intrusions that infiltrate Smart Grid systems.
Resumo:
As modern power grids move towards becoming a smart grid, there is an increasing reliance on the data that is transmitted and processed by ICT systems. This reliance introduces new digital attack vectors. Many of the proposed approaches that aim to address this problem largely focus on applying well-known ICT security solutions. However, what is needed are approaches that meet the complex concerns of the smart grid as a cyber-physical system. Furthermore, to support the automatic control loops that exist in a power grid, similarly automatic security and resilience mechanisms are needed that rely on minimal operator intervention. The research proposed in this paper aims to develop a framework that ensures resilient smart grid operation in light of successful cyber-attacks.
Resumo:
This article presents a survey of authorisation models and considers their ‘fitness-for-purpose’ in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerging business models based on the concept of a ‘virtual organisation’. The article argues that present authorisation models are inflexible and poorly scalable in such dynamic environments due to their assumption that the future needs of the system can be predicted, which in turn justifies the use of persistent authorisation policies. The article outlines the motivation and requirement for a new flexible authorisation model that addresses the needs of information sharing. It proposes that a flexible and scalable authorisation model must allow an explicit specification of the objectives of the system and access decisions must be made based on a late trade-off analysis between these explicit objectives. A research agenda for the proposed Objective-based Access Control concept is presented.
Resumo:
This paper provides an overview of the challenges faced by remote, rural and regional airports in Australia. The deregulation of airports over the past decades has resulted in local councils owning most of the rural and regional airports across Australia. The paper provides an overview of the international literature on regional airports and research directed at defining the issues faced by regional and rural airports in Australia. A survey of airport managers, regulators and local councils was undertaken across Australia to outline the challenges and stresses that regional airports are facing. Core findings indicate that the operation of rural and regional airports is under stress due to the interrelating factors of infrastructure costs, high cost of maintenance, and security infrastructure upgrades. Small airports often compete with one another to attract airlines and maintain their infrastructure advantage.
Resumo:
Wind energy is the energy source that contributes most to the renewable energy mix of European countries. While there are good wind resources throughout Europe, the intermittency of the wind represents a major problem for the deployment of wind energy into the electricity networks. To ensure grid security a Transmission System Operator needs today for each kilowatt of wind energy either an equal amount of spinning reserve or a forecasting system that can predict the amount of energy that will be produced from wind over a period of 1 to 48 hours. In the range from 5m/s to 15m/s a wind turbine’s production increases with a power of three. For this reason, a Transmission System Operator requires an accuracy for wind speed forecasts of 1m/s in this wind speed range. Forecasting wind energy with a numerical weather prediction model in this context builds the background of this work. The author’s goal was to present a pragmatic solution to this specific problem in the ”real world”. This work therefore has to be seen in a technical context and hence does not provide nor intends to provide a general overview of the benefits and drawbacks of wind energy as a renewable energy source. In the first part of this work the accuracy requirements of the energy sector for wind speed predictions from numerical weather prediction models are described and analysed. A unique set of numerical experiments has been carried out in collaboration with the Danish Meteorological Institute to investigate the forecast quality of an operational numerical weather prediction model for this purpose. The results of this investigation revealed that the accuracy requirements for wind speed and wind power forecasts from today’s numerical weather prediction models can only be met at certain times. This means that the uncertainty of the forecast quality becomes a parameter that is as important as the wind speed and wind power itself. To quantify the uncertainty of a forecast valid for tomorrow requires an ensemble of forecasts. In the second part of this work such an ensemble of forecasts was designed and verified for its ability to quantify the forecast error. This was accomplished by correlating the measured error and the forecasted uncertainty on area integrated wind speed and wind power in Denmark and Ireland. A correlation of 93% was achieved in these areas. This method cannot solve the accuracy requirements of the energy sector. By knowing the uncertainty of the forecasts, the focus can however be put on the accuracy requirements at times when it is possible to accurately predict the weather. Thus, this result presents a major step forward in making wind energy a compatible energy source in the future.
Resumo:
The increased construction and reconstruction of smart substations has exposed a problem with version management of substation configuration description language (SCL) files due to frequent changes. This paper proposes a comparative approach for differentiation of smart substation SCL configuration files. A comparison model for SCL configuration files is built in this method, which is based on the SCL structure and abstract model defined by IEC 61850. The proposed approach adopts the algorithms of depth-first traversal, sorting, and cross comparison in order to rapidly identify differences of changed SCL configuration files. This approach can also be utilized to detect malicious tampering or illegal manipulation tailoring for SCL files. SCL comparison software is developed using the Qt platform to validate the feasibility and effectiveness of the proposed approach.
Resumo:
With the development and deployment of IEC 61850 based smart substations, cybersecurity vulnerabilities of supervisory control and data acquisition (SCADA) systems are increasingly emerging. In response to the emergence of cybersecurity vulnerabilities in smart substations, a test-bed is indispensable to enable cybersecurity experimentation. In this paper, a comprehensive and realistic cyber-physical test-bed has been built to investigate potential cybersecurity vulnerabilities and the impact of cyber-attacks on IEC 61850 based smart substations. This test-bed is close to a real production type environment, and has the ability to carry out end-to-end testing of cyber-attacks and physical consequences. A fuzz testing approach is proposed for detecting IEC 61850 based intelligent electronic devices (IEDs) and validated in the proposed test-bed.
Resumo:
"Mémoire présenté à la Faculté des études supérieures en vue de l'obtention du grade de maîtrise en droit (LL.M.) option Nouvelles technologies de l'information"
Resumo:
Le développement exponentiel des réseaux informatiques a largement contribué à augmenter le volume des renseignements personnels disponibles et à remplacer les méthodes désuètes de collecte des renseignements par des méthodes plus rapides et plus efficaces. La vie privée et le contrôle sur les informations personnelles, tels que nous les connaissions il y a quelques décennies, sont des notions difficilement compatibles avec la société ouverte et commerciale comme la nôtre. Face à cette nouvelle réalité menaçante pour les droits et libertés de l’homme, il est essentiel de donner un cadre technique et légal stable qui garantisse une protection adéquate de ces données personnelles. Pour rester dans le marché ou bénéficier de la confiance des individus, les entreprises et les gouvernements doivent posséder une infrastructure de sécurité efficace. Cette nouvelle donne a tendance à devenir plus qu’une règle de compétitivité, elle se transforme en une authentique obligation légale de protéger les données à caractère personnel par des mesures de sécurité adéquates et suffisantes. Ce mémoire aborde justement ces deux points, soit l’étude du développement d’une obligation légale de sécurité et l’encadrement juridique de la mise en place d’un programme de sécurisation des données personnelles par des mesures de sécurités qui respectent les standards minimaux imposés par les textes législatifs nationaux et internationaux.
Resumo:
Este proyecto muestra una solución de red para una empresa que presta servicios de Contact Center desde distintas sedes distribuidas geográficamente, utilizando la tecnología de telefonía sobre IP. El objetivo de este proyecto es el de convertirse en una guía de diseño para el despliegue de soluciones de red utilizando los actuales equipos de comunicaciones desarrollados por el fabricante Cisco Systems, Inc., los equipos de seguridad desarrollados por el fabricante Fortinet y los sistemas de telefonía desarrollados por Avaya Inc. y Oracle Corporation, debido a su gran penetración en el mercado y a las aportaciones que cada uno ha realizado en el sector de Contact Center. Para poder proveer interconexión entre las sedes de un Contact Center se procede a la contratación de un acceso a la red MPLS perteneciente a un operador de telecomunicaciones, quien provee conectividad entre las sedes utilizando la tecnología VPN MPLS con dos accesos diversificados entre sí desde cada una de las sedes del Contact Center. El resultado de esta contratación es el aprovechamiento de las ventajas que un operador de telecomunicaciones puede ofrecer a sus clientes, en relación a calidad de servicio, disponibilidad y expansión geográfica. De la misma manera, se definen una serie de criterios o niveles de servicio que aseguran a un Contact Center una comunicación de calidad entre sus sedes, entendiéndose por comunicación de calidad aquella que sea capaz de transmitirse con unos valores mínimos de pérdida de paquetes así como retraso en la transmisión, y una velocidad acorde a la demanda de los servicios de voz y datos. Como parte de la solución, se diseña una conexión redundante a Internet que proporciona acceso a todas las sedes del Contact Center. La solución de conectividad local en cada una de las sedes de un Contact Center se ha diseñado de manera general acorde al volumen de puestos de usuarios y escalabilidad que pueda tener cada una de las sedes. De esta manera se muestran varias opciones asociadas al equipamiento actual que ofrece el fabricante Cisco Systems, Inc.. Como parte de la solución se han definido los criterios de calidad para la elección de los Centros de Datos (Data Center). Un Contact Center tiene conexiones hacia o desde las empresas cliente a las que da servicio y provee de acceso a la red a sus tele-trabajadores. Este requerimiento junto con el acceso y servicios publicados en Internet necesita una infraestructura de seguridad. Este hecho da lugar al diseño de una solución que unifica todas las conexiones bajo una única infraestructura, dividiendo de manera lógica o virtual cada uno de los servicios. De la misma manera, se ha definido la utilización de protocolos como 802.1X para evitar accesos no autorizados a la red del Contact Center. La solución de voz elegida es heterogénea y capaz de soportar los protocolos de señalización más conocidos (SIP y H.323). De esta manera se busca tener la máxima flexibilidad para establecer enlaces de voz sobre IP (Trunk IP) con proveedores y clientes. Esto se logra gracias a la utilización de SBCs y a una infraestructura interna de voz basada en el fabricante Avaya Inc. Los sistemas de VoIP en un Contact Center son los elementos clave para poder realizar la prestación del servicio; por esta razón se elige una solución redundada bajo un entorno virtual. Esta solución permite desplegar el sistema de VoIP desde cualquiera de los Data Center del Contact Center. La solución llevada a cabo en este proyecto está principalmente basada en mi experiencia laboral adquirida durante los últimos siete años en el departamento de comunicaciones de una empresa de Contact Center. He tenido en cuenta los principales requerimientos que exigen hoy en día la mayor parte de empresas que desean contratar un servicio de Contact Center. Este proyecto está dividido en cuatro capítulos. El primer capítulo es una introducción donde se explican los principales escenarios de negocio y áreas técnicas necesarias para la prestación de servicios de Contact Center. El segundo capítulo describe de manera resumida, las principales tecnologías y protocolos que serán utilizados para llevar a cabo el diseño de la solución técnica de creación de una red de comunicaciones para una empresa de Contact Center. En el tercer capítulo se expone la solución técnica necesaria para permitir que una empresa de Contact Center preste sus servicios desde distintas ubicaciones distribuidas geográficamente, utilizando dos Data Centers donde se centralizan las aplicaciones de voz y datos. Finalmente, en el cuarto capítulo se presentan las conclusiones obtenidas tras la elaboración de la presente memoria, así como una propuesta de trabajos futuros, que permitirían junto con el proyecto actual, realizar una solución técnica completa incluyendo otras áreas tecnológicas necesarias en una empresa de Contact Center. Todas las ilustraciones y tablas de este proyecto son de elaboración propia a partir de mi experiencia profesional y de la información obtenida en diversos formatos de la bibliografía consultada, excepto en los casos en los que la fuente es mencionada. ABSTRACT This project shows a network solution for a company that provides Contact Center services from different locations geographically distributed, using the Telephone over Internet Protocol (ToIP) technology. The goal of this project is to become a design guide for performing network solutions using current communications equipment developed by the manufacturer Cisco Systems, Inc., firewalls developed by the manufacturer Fortinet and telephone systems developed by Avaya Inc. and Oracle Corporation, due to their great market reputation and their contributions that each one has made in the field of Contact Center. In order to provide interconnection between its different sites, the Contact Center needs to hire the services of a telecommunications’ operator, who will use the VPN MPLS technology, with two diversified access from each Contact Center’s site. The result of this hiring is the advantage of the benefits that a telecommunications operator can offer to its customers, regarding quality of service, availability and geographical expansion. Likewise, Service Level Agreement (SLA) has to be defined to ensure the Contact Center quality communication between their sites. A quality communication is understood as a communication that is capable of being transmitted with minimum values of packet loss and transmission delays, and a speed according to the demand for its voice and data services. As part of the solution, a redundant Internet connection has to be designed to provide access to every Contact Center’s site. The local connectivity solution in each of the Contact Center’s sites has to be designed according to its volume of users and scalability that each one may have. Thereby, the manufacturer Cisco Systems, Inc. offers several options associated with the current equipment. As part of the solution, quality criteria are being defined for the choice of the Data Centers. A Contact Center has connections to/from the client companies that provide network access to teleworkers. This requires along the access and services published on the Internet, needs a security infrastructure. Therefore is been created a solution design that unifies all connections under a single infrastructure, dividing each services in a virtual way. Likewise, is been defined the use of protocols, such as 802.1X, to prevent unauthorized access to the Contact Center’s network. The voice solution chosen is heterogeneous and capable of supporting best-known signaling protocols (SIP and H.323) in order to have maximum flexibility to establish links of Voice over IP (IP Trunk) with suppliers and clients. This can be achieved through the use of SBC and an internal voice infrastructure based on Avaya Inc. The VoIP systems in a Contact Center are the key elements to be able to provide the service; for this reason a redundant solution under virtual environment is been chosen. This solution allows any of the Data Centers to deploy the VoIP system. The solution carried out in this project is mainly based on my own experience acquired during the past seven years in the communications department of a Contact Center company. I have taken into account the main requirements that most companies request nowadays when they hire a Contact Center service. This project is divided into four chapters. The first chapter is an introduction that explains the main business scenarios and technical areas required to provide Contact Center services. The second chapter describes briefly the key technologies and protocols that will be used to carry out the design of the technical solution for the creation of a communications network in a Contact Center company. The third chapter shows a technical solution required that allows a Contact Center company to provide services from across geographically distributed locations, using two Data Centers where data and voice applications are centralized. Lastly, the fourth chapter includes the conclusions gained after making this project, as well as a future projects proposal, which would allow along the current project, to perform a whole technical solution including other necessary technologic areas in a Contact Center company All illustrations and tables of this project have been made by myself from my professional experience and the information obtained in various formats of the bibliography, except in the cases where the source is indicated.
Resumo:
Most cryptographic services and information security protocols require a dependable source of random data; pseudorandom generators are convenient and efficient for this application working as one of the basic foundation blocks on which to build the required security infrastructure. We propose a modification of a previously published matricial pseudorandom generator that significantly improves performance and security by using word packed matrices and modifying key scheduling and bit extraction schemes. The resulting generator is then successfully compared to world class standards.
