Intrusion-Tolerant Protection for Critical Infrastructures

Today’s critical infrastructures like the Power Grid are essentially physical processes controlled by computers connected by networks. They are usually as vulnerable as any other interconnected computer system, but their failure has a high socio-economic impact. The paper describes a new construct for the protection of these infrastructures, based on distributed algorithms and mechanisms implemented between a set of devices called CIS. CIS collectively ensure that incoming/outgoing traffic satisfies the security policy of an organization in the face of accidents and attacks. However, they are not simple firewalls but distributed protection devices based on a sophisticated access control model. Likewise, they seek perpetual unattended correct operation, so they are designed with intrusion-tolerant capabilities and hardened with proactive recovery. The paper discusses the rationale behind the use of CIS to improve the resilience of critical infrastructures and presents a design using logical replication based on virtual machines.