Please use this identifier to cite or link to this item:
Scopus Web of Science® Altmetric
Type: Conference paper
Title: Identifying the missing aspects of the ANSI/ISA best practices for security policy
Author: Ranathunga, D.
Roughan, M.
Kernick, P.
Falkner, N.
Nguyen, H.
Citation: Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, 2015, pp.37-48
Publisher: ACM
Issue Date: 2015
Series/Report no.: CPSS ’15
ISBN: 9781450334488
Conference Name: 1st ACM Workshop on Cyber-Physical System Security (CPSS) (14 Apr 2015 : Singapore, Republic of Singapore)
Statement of
Dinesha Ranathunga, Matthew Roughan, Phil Kernick, Nick Falkner, Hung Nguyen
Abstract: Firewall configuration is a critical activity for the Supervisory Control and Data Acquisition (SCADA) networks that control power stations, water distribution, factory automation, etc. The American National Standards Insti- tute (ANSI) provides specifications for the best practices in developing high-level security policy [9]. However, firewalls continue to be configured manually, a common but error prone process. Automation can make designing firewall configurations more reliable and their deployment increasingly cost-effective. ANSI best practices lack specification in several key aspects needed to allow a firewall to be automatically configured. In this paper we discuss the missing aspects of the existing best practice specifications and propose solutions. We then apply our corrected best practice specifications to real SCADA firewall configurations and evaluate their usefulness for high-level automated specification of firewalls.
Keywords: SCADA network security; Zone-Conduit model; firewall auto- configuration; security policy
Rights: Copyright © 2015 ACM
DOI: 10.1145/2732198.2732201
Grant ID:
Appears in Collections:Aurora harvest 3
Mathematical Sciences publications

Files in This Item:
File Description SizeFormat 
  Restricted Access
Restricted Access1.14 MBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.