ETD

Archivio digitale delle tesi discusse presso l'Università di Pisa

Tesi etd-05152019-165210


Tipo di tesi
Tesi di dottorato di ricerca
Autore
CANTELLI FORTI, ALESSANDRO
URN
etd-05152019-165210
Titolo
Mitigation and Incident Management methodologies for Critical Infrastructure protection
Settore scientifico disciplinare
ING-INF/05
Corso di studi
INGEGNERIA DELL'INFORMAZIONE
Relatori
tutor Prof. Berizzi, Fabrizio
controrelatore Prof. Donatiello, Lorenzo
controrelatore Prof. Rannensberg, Kai
relatore Prof. Colajanni, Michele
relatore Ing. Capria, Amerigo
Parole chiave
  • Critical Infrastructure Protection
  • Cybersecurity
  • Honey Pot
  • Honey Net
  • Incident Management
  • Costa Concordia
  • Stateful Honeypot
Data inizio appello
29/05/2019
Consultabilità
Completa
Riassunto
The research in the system field of Developing innovative cybersecurity techniques for the protection of critical infrastructures covers the methodologies for the protection of critical infrastructures that must pursue various objectives in three main phases: Prevention, Detection, and Reaction.
In particular, this thesis describes the study, design and implementation of solutions for the Detection and Reaction phases of Critical Infrastructure Protection with a special focus on Mitigation and Incident Management methodologies of reaction. Nowadays, the protection of a critical infrastructure must cover both the physical and the cyber realm. We will propose novel solutions on the latter, while taking into account the necessary iterations between both.

After giving an introduction and definition of critical infrastructure, the research is introduced by a critical analysis of the state-of-the-art and proposes new models for the integration of existing technologies under those conditions resulting from the intrinsically distributed and heterogeneous nature of most critical infrastructures. The tools initially described as a reference will be the basis used to bring the reasoning towards the experimental context and then to the innovations proposed in the detection, prevention and reaction phases.

Subsequently, the Detection issues are presented through anomaly detection solutions applied to an Intrusion Detection Systems (IDS) supported by a novel system network architecture. This architecture is based on the paradigm of Software Defined Network (SDN) and was experimented in a real ground base station critical infrastructure. During the practical experimentation and the implementation of the prototypes, limitations and trade-offs related to the application of cybersecurity technologies in critical infrastructures have been highlighted.

Original solutions for the Mitigation phases are suggested as an innovative HoneyNet integrating a virtualized decoy-system and an accurate fingerprinting of the attackers. Mitigation phases experimentation has also been conducted on the network of the critical infrastructure, a ground base station for satellite communications.

The resulting observations of the research on the Detection and Mitigation phases led to original solutions for the an accurate fingerprinting of the attackers as means of an innovative HoneyNet integrating a virtualized decoy-system. The idea is to force each attacker to interact with his own synthetic system thus improving existing solutions that are based on stateless representations of the decoy-system. Our innovative approach proposes to enable a stateful honeypot able to recognize multiple intrusions of the same adversary.

Incident Management is one of the most important topic in critical infrastructure protection. The main research results in this field that will be presented are focused on critical transport systems components and published in papers, international technical reports, surveys, and relevant juridical reports. Serious structural problems for the state-of-the-art forensic devices was evidenced by two case studies and led to the description of some novel solutions that exploit cryptographic technologies.
File