A trusted computing architecture for critical infrastructure protection

Most critical infrastructures can be modeled as cyber-physical systems whose cyber components control underlying physical processes so as to optimize system objectives based on physical properties/constraints and the current and estimated state of the system. Such systems usually require performance guarantees and support for security: wrongly received or missed commands can render the entire system unstable. Yet, securing cyber-physical systems with heterogeneous components is still an open and challenging problem. In this paper we propose a trusted computing architecture for critical infrastructure protection based on the trusted computing paradigm. We discuss the threat model, the vulnerabilities, real-time availability, run-time integrity and show how to get resilience against intentional and unintentional faults by using trusted computing enabled components and an access control structure that enforces need-to-get-now (availability) policies. We conclude by showing how this approach can be used to secure substation automation systems of an IEC/TR 61850-90-5-compliant electricity grid.