book

Handbook on Securing Cyber-Physical Critical Infrastructure

by Sajal K Das, Krishna Kant, Nan Zhang

January 2012

Intermediate to advanced

848 pages

37h 36m

English

Morgan Kaufmann

Read now

Unlock full access

Cover Image
Content
Title
Copyright
Dedication
About the Authors
Contributors
Foreword
Securing Cyber-Physical Infrastructure Perspectives and Overview of the Handbook
PART I. Theoretical Foundations

Introduction
Chapter 1. Security and Vulnerability of Cyber-Physical Infrastructure Networks
1.1 Introduction1.2 Definitions for Security and Vulnerability of Network Dynamics1.3 Network Control Tools for Characterizing and Designing Security and Vulnerability1.4 Conclusions and Future Work
Chapter 2. Game Theory for Infrastructure Security
2.1 Introduction2.2 Preliminaries2.3 Intent-based Adversary Model for Anomaly Detection2.4 Intent-based Adversary Model for Anonymous Communication Systems2.5 Conclusion
Chapter 3. An Analytical Framework for Cyber-Physical Networks
3.1 Introduction3.2 Spatial Dispersion Models3.3 CPN Design and Analysis3.4 CPN Infrastructure Robustness3.5 ConclusionsAcknowledgments
Chapter 4. Evolution of Widely Spreading Worms and Countermeasures
4.1 Introduction4.2 Objectives and strategies of Worm propagator and defender4.3 Worm Initial Attacks4.4 Defense against initial attacks4.5 Worm Evolution4.6 Defense Evolution versus Worm Evolution4.7 Final Remarks
PART II. Security for Wireless Mobile Networks
Introduction
Chapter 5. Mobile Wireless Network Security
5.1 Introduction5.2 Wireless Communications Security5.3 Mobility Support Security5.4 Conclusion and Future Research
Chapter 6. Robust Wireless Infrastructure against Jamming Attacks
6.1 Introduction6.2 Design Vulnerabilities of Wireless Infrastructure6.3 Resiliency to Outsider Cross-Layer Attacks6.4 Resiliency to Insider Cross-Layer Attacks6.5 Game-Theoretic Models and Mechanisms6.6 Conclusions
Chapter 7. Security for Mobile Ad Hoc Networks
7.1 Introduction7.2 Basic Features of Manet7.3 Security Challenges7.4 Security Attacks7.5 Providing Basic Security Infrastructure7.6 Security Solutions7.7 Secure AD HOC Routing7.8 Intrusion Detection and Response7.9 Conclusions and Future work
Chapter 8. Defending Against Identity-Based Attacks in Wireless Networks
8.1 Introduction8.2 Feasibility of Launching Identity-Based Attacks8.3 Preventing Identity-Based Attacks via Authentication8.4 Defending Against Spoofing Attacks8.5 Defending Against Sybil Attacks8.6 A Generalized Identity-Based Attack Detection Model8.7 Challenges and Research Directions8.8 Conclusion
PART III. Security for Sensor Networks
Introduction
Chapter 9. Efficient and Distributed Access Control for Sensor Networks
9.1 Introduction9.2 Existing Schemes9.3 System Models and Assumptions9.4 Scheme I: Uni-Access Query9.5 Scheme II: Multi-Access Query9.6 Evaluation9.7 Conclusion and Future Work
Chapter 10. Defending Against Physical Attacks in Wireless Sensor Networks
10.1 Introduction10.2 Related Work10.3 Physical Attacks in Sensor Networks10.4 Challenges in Defending Against Physical Attacks10.5 Case Study10.6 Open Issues10.7 Conclusions and Future Work
Chapter 11. Node Compromise Detection in Wireless Sensor Networks
11.1 Introduction11.2 Related Work11.3 Preliminaries11.4 Limited Node Compromise Detection11.5 Wide-spread Node Compromise Detection11.6 Conclusion and Future Work
PART IV. Platform Security
Introduction
Chapter 12. Hardware and Security
12.1 Introduction12.2 Hardware Supply Chain Security12.3 Hardware Support for Software Security12.4 Conclusions and Future Work
Chapter 13. Languages and Security
13.1 Introduction13.2 Compiler Techniques for Copyrights and Watermarking13.3 Compiler Techniques for Code Obfuscation13.4 Compiler Techniques for Code Integrity13.5 Proof-Carrying Code and Authentication13.6 Static Analysis Techniques and Tools13.7 Information Flow Techniques13.8 Rule checking, Verification, and Run-time Support13.9 Language Modifications for Increased Safety and Security13.10 Conclusions and Future Work
PART V. Cloud Computing and Data Security
Introduction
Chapter 14. Protecting Data in Outsourcing Scenarios
14.1 Introduction14.2 Data Encryption14.3 Fragmentation for Protecting Data Confidentiality14.4 Protecting Data Integrity14.5 Open Issues14.6 ConclusionsAcknowledgments
Chapter 15. Data Security in Cloud Computing
15.1 Overview15.2 Data Security in Cloud Computing15.3 Commercial and Organizational Practices15.4 Summary
Chapter 16. Secure Mobile Cloud Computing
16.1 Introduction16.2 Cloud Computing16.3 Mobile Cloud Computing Security16.4 Virtual Node Security16.5 Virtual Network Security16.6 Mobile Application Security16.7 Research Challenges and Open Issues16.8 Summary and Conclusion
Chapter 17. Relation Privacy Preservation in Publishing Online Social Networks
17.1 Introduction17.2 Complete Identity Anonymization17.3 Partially Exposing User Identity17.4 Completely Disclosing User Identity17.5 Utility Loss and Privacy Preservation Measures17.6 Conclusion
PART VI. Event Monitoring and Situation Awareness
Introduction
Chapter 18. Distributed Network and System Monitoring for Securing Cyber-Physical Infrastructure
18.1 Overview18.2 System Model and Design Principles18.3 Recent Progress and Major Milestone Results18.4 Open Problems18.5 Summary and Future Directions
Chapter 19. Discovering and Tracking Patterns of Interest in Security Sensor Streams
19.1 Introduction19.2 Sensor Event Analysis for Health Monitoring19.3 Related Work19.4 Discovering Activities19.5 Recognizing Activities19.6 Validation of Activity Discovery and Tracking Algorithms19.7 Anomaly Detection19.8 Conclusions
Chapter 20. Pervasive Sensing and Monitoring for Situational Awareness
20.1 Introduction20.2 Hierarchical Modeling and Reasoning in Cyber-Physical Systems20.3 Adaptive Middleware for Cyber-Physical Spaces20.4 Enabling Scalability in Cyber-Physical Spaces20.5 Dependability in Sentient Spaces20.6 Privacy in Pervasive Spaces20.7 Conclusions
Chapter 21. Sense and Response Systems for Crisis Management
21.1 Introduction21.2 Decentralized Event Detection21.3 Agency-Based and Community-Based Systems
PART VII. Policy Issues in Security Management
Introduction
Chapter 22. Managing and Securing Critical Infrastructure – A Semantic Policy- and Trust-Driven Approach
22.1 Introduction22.2 Related Work22.3 A Policy and Trust Framework to Secure CPS22.4 Prototype Implementations22.5 Conclusion and Future Work
Chapter 23. Policies, Access Control, and Formal Methods
23.1 Introduction23.2 Access Control Concepts and Models23.3 Tools and Methods for Managing Access Control23.4 Formal Methods23.5 Access Control for Critical Infrastructures – Open Problems and Possible Approaches23.6 Concluding Remarks
Chapter 24. Formal Analysis of Policy-Based Security Configurations in Enterprise Networks
24.1 Introduction24.2 State of the Art24.3 Formal Verification of Security Policy Implementations24.4 Verification of IPSec Policies24.5 Conclusion24.6 Open Research Problems
PART VIII. Security in Real-World Systems
Introduction
Chapter 25. Security and Privacy in the Smart Grid
25.1 Introduction25.2 The Smart Grid25.3 Security and Privacy Challenges25.4 Toward a Secure and Privacy-Preserving Smart Grid25.5 Concluding Remarks
Chapter 26. Cyber-Physical Security of Automotive Information Technology
26.1 Introduction26.2 Automotive Security Analysis26.3 ECU Reprogramming Security Issues26.4 ConclusionAcknowledgments
Chapter 27. Security and Privacy for Mobile Health-Care (m-Health) Systems
27.1 Introduction27.2 Electronic Health Record (EHR)27.3 Privacy and Security in E-Health Care27.4 State of the Art Design for Health Information Privacy and Sharing (HIPS)27.5 Security Analysis27.6 Conclusion and Future WorkAcknowledgments
Chapter 28. Security and Robustness in the Internet Infrastructure
28.1 Introduction28.2 Vulnerabilities in Domain Name Resolution28.3 Security Solutions for the Domain Name System28.4 Secure End-to-End Communication Protocols28.5 Integrity of Internet Routing28.6 Integrity Below the IP Layer28.7 Configuration Management Security28.8 Conclusions and Future ChallengesAcknowledgments
Chapter 29. Emergency Vehicular Networks
29.1 Introduction29.2 Emergency Vehicle Support29.3 The “Emergency” Vehicle Grid29.4 Basic Urban Grid Routing29.5 Delay-Tolerant Vehicular Routing29.6 Mobimesh and Geo-Location Server: Finding the Destination Coordinates During the Emergency29.7 Content Routing Across the Vanet29.8 Emergency Video Dissemination29.9 Vehicular Grid Surveillance29.10 Map Updates Using Crowdsourcing29.11 Security in the Emergency Vehicular Network29.12 Conclusions
Chapter 30. Security Issues in VoIP Telecommunication Networks
30.1 Introduction30.2 Connection Establishment and Call Routing30.3 Man-in-the-Middle Attacks30.4 Voice Pharming30.5 Billing Attacks30.6 Security Requirements of a P2P Telecommunication Network30.7 Small World VIP-P2PSIP-Based on Trust30.8 ConclusionAcknowledgements
Index

Content preview from Handbook on Securing Cyber-Physical Critical Infrastructure

Chapter 24 Formal Analysis of Policy-Based Security Configurations in Enterprise Networks

S.K. Ghosh, Ehab Al-Shaer and P. Bera

24.1 Introduction

Today, most of the enterprise networks deploy policy-based security configurations due to extensive use of various network services and pervasive computing applications for accessing network resources. However, most of the enterprise networks face security threats because of improper security policy and its incorrect implementations. Typically, an enterprise network consists of a set of network zones corresponding to different units/sections of the organization. These network zones are interconnected through various access routers (Layer 3 routers). The overall organizational security policies of such ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780124158153

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Handbook on Securing Cyber-Physical Critical Infrastructure

by Sajal K Das, Krishna Kant, Nan Zhang

Chapter 24

Formal Analysis of Policy-Based Security Configurations in Enterprise Networks

24.1 Introduction

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.