TIGRIS focuses on building an integrated and secure solution that combines the acquisition and management of information coming from different environments and areas, such as smart network devices, street lighting, smart metering y smart building. All of these areas have been developed under a hierarchical architecture (Integrated Systems) in which a set of smart devices have to coexist to interact not only between them but also with external infrastructures, such as the Internet and Cloud infrastructures (through the SaaS layer). Apart from this, TIGRIS also amis to make sure the development of combined elements of renewable microgeneration and lighting.
In this sense, the goal of NICS Lab. has been to address the part of access control, in which a set of mechanisms related to authentication and authorization have been proposed to make sure the secure interaction through the Cloud . To do this, diverse standards and recommendations (e.g., IEC 62351, NIST-7628 for security in Smart Grids; and NIST-500-299, NIST-500-292 for security in cloud infrastructures) have been contemplated to not only identify problems and extract security requirements, but also to design secure control subdomains, such as substations. This part has been led in conjuction with Schneider Energy.
- "Policy Enforcement System for Secure Interoperable Control in Distributed Smart Grid Systems",
Journal of Network and Computer Applications, vol. 59, Elsevier, pp. 301–314, 01/2016. (I.F.: 3.500)
Interoperability of distributed systems in charge of monitoring and maintaining the different critical domains belonging to Smart Grid scenarios comprise the central topic of this paper. Transparency in control transactions under a secure and reliable architecture is the aim of the policy enforcement system proposed here. The approach is based on the degree of observation of a context and on the role-based access control model defined by the IEC-62351-8 standard. Only authenticated and authorised entities are able to take control of those distributed elements (e.g., IEC-61850 objects) located at distant geographical locations and close to the critical infrastructures (e.g., substations). To ensure the effectiveness of the approach, it is built on graphical-theoretical formulations corresponding to graph theory, where it is possible to illustrate power control networks through power-law distributions whose monitoring relies on structural controllability theory. The interconnection of these distributions is subject to a network architecture based on the concept of the supernode where the interoperability depends on a simple rule-based expert system. This expert system focuses not only on accepting or denying access, but also on providing the means to attend to extreme situations, avoiding, as much as possible, the overloading of the communication. Through one practical study we also show the functionalities of the approach and the benefits that the authorisation itself can bring to the interoperability.Impact Factor: 3.500Journal Citation Reports® Science Edition (Thomson Reuters, 2016)
- "Dynamic Restoration in Interconnected RBAC-based Cyber-Physical Control Systems",
Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (SECRYPT 2016), pp. 19-27, 2016. DOI
Increasingly, automatic restoration is an indispensable security measure in control systems (e.g. those used in critical infrastructure sectors) due to the importance of ensuring the functionality of monitoring infrastructures. Modernizing the interconnection of control systems to provide interoperability between different networks, at a low cost, is also a critical requirement in control systems. However, automated recovery mechanisms are currently costly, and ensuring interoperability particularly at a low cost remains a topic of scientific challenge. This is the gap we seek to address in this paper. More specifically, we propose a restoration model for interconnected contexts, taking into account the theory of supernode and structural controllability, as well as the recommendations given by the IEC-62351-8 standard (which are mainly based on the implementation of a role-based access control system).
- "Secure Interoperability in Cyber-Physical Systems",
Security Solutions and Applied Cryptography in Smart Grid Communications, IGI Global, USA, IGI Global, pp. 137-158, 2017. DOI
Transparency in control transactions under a secure network architecture is a key topic that must be discussed when aspects related to interconnection between heterogeneous cyber-physical systems (CPSs) arise. The interconnection of these systems can be addressed through an enforcement policy system responsible for managing access control according to the contextual conditions. However, this architecture is not always adequate to ensure a rapid interoperability in extreme crisis situations, and can require an interconnection strategy that permits the timely authorized access from anywhere at any time. To do this, a set of interconnection strategies through the Internet must be studied to explore the ability of control entities to connect to the remote CPSs and expedite their operations, taking into account the context conditions. This research constitutes the contribution of this chapter, where a set of control requirements and interoperability properties are identified to discern the most suitable interconnection strategies.
- "Resilient Interconnection in Cyber-Physical Control Systems",
Computers & Security, vol. 71, Elsevier, pp. 2-14, 11/2017. DOI (I.F.: 2.650)
Secure interconnection between multiple cyber-physical systems has become a fundamental requirement in many critical infrastructures, where security may be centralized in a few nodes of the system. These nodes could, for example, have the mission of addressing the authorization services required for access in highlyrestricted remote substations. For this reason, the main aim of this paper is to unify all these features, together with the resilience measures so as to provide control at all times under a limited access in the field and avoid congestion. Concretely, we present here an optimal reachability-based restoration approach, capable of restoring the structural control in linear times taking into account: structural controllability, the supernode theory, the good practices of the IEC-62351 standard and the contextual conditions. For context management, a new attribute is specified to provide a more complete authorization service based on a practical policy, role and attribute-based access control (PBAC + RBAC + ABAC). To validate the approach, two case studies are also discussed under two strategic adversarial models.Impact Factor: 2.650Journal Citation Reports® Science Edition (Thomson Reuters, 2017)