| Title | A Security Architecture Framework for Critical Infrastructure with Ring-based Nested Network Zones |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Chaisuriya, Sarayut, Keretho, Somnuk, Sanguanpong, Surasak, Praneetpolgrang, Prasong |
| Conference Name | 2018 10th International Conference on Knowledge and Smart Technology (KST) |
| Date Published | jan |
| Keywords | architectural design, Attack Hops, Computer architecture, critical information infrastructure, critical infrastructure, data centers, defense in depth, defense-in-depth approach, Guidelines, Information systems, N-tier/shared nothing system architectures, Nested Zones, network architecture, Network Security Architecture, pubcrawl, Resiliency, ring-based nested network zones, secured information systems, security, security architectural framework, security architecture, security architecture framework, security attributes, security of data, software architecture, Standards, structural design |
| Abstract | The defense-in-depth approach has been widely recommended for designing critical information infrastructure, however, the lack of holistic design guidelines makes it difficult for many organizations to adopt the concept. Therefore, this paper proposes a holistic architectural framework and guidelines based on ring-based nested network zones for designing such highly secured information systems. This novel security architectural framework and guidelines offer the overall structural design and implementation options for holistically designing the N-tier/shared nothing system architectures. The implementation options, e.g. for the zone's perimeters, are recommended to achieve different capability levels of security or to trade off among different required security attributes. This framework enables the adaptive capability suitable for different real-world contexts. This paper also proposes an attack-hops verification approach as a tool to evaluate the architectural design. |
| DOI | 10.1109/KST.2018.8426099 |
| Citation Key | chaisuriya_security_2018 |
A Security Architecture Framework for Critical Infrastructure with Ring-based Nested Network Zones