The protection of ICT systems is a topic whose importance has been dramatically growing in the last years. In fact, their increased interconnection, both internal and through the Internet, besides having provided higher and inexpensive flexibility (e.g. remote access, management and configuration), has also made them more subject to a wide range of (remotely exploitable) attacks and damages. This paper shows how security policies for industrial systems can be defined in the framework of standard recommendations, and especially checked with the help of an automatic analysis tool, thus leading to a set of security policies whose design and implementation match the expected security requirements. In particular, a suitable example highlights how the tool can profitably help through the steps from the design to the implementation of security policies in an industrial network.
Automatic Analysis of Security Policies in Industrial Networks
M Cheminod;I Cibrario Bertolotti;L Durante;A Valenzano
2010
Abstract
The protection of ICT systems is a topic whose importance has been dramatically growing in the last years. In fact, their increased interconnection, both internal and through the Internet, besides having provided higher and inexpensive flexibility (e.g. remote access, management and configuration), has also made them more subject to a wide range of (remotely exploitable) attacks and damages. This paper shows how security policies for industrial systems can be defined in the framework of standard recommendations, and especially checked with the help of an automatic analysis tool, thus leading to a set of security policies whose design and implementation match the expected security requirements. In particular, a suitable example highlights how the tool can profitably help through the steps from the design to the implementation of security policies in an industrial network.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
