DIFMA: firewall distribuído com ênfase na interoperabilidade entre aplicações no contexto das redes elétricas inteligentes
| Ano de defesa: | 2017 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Dissertação |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Federal de Santa Maria
Brasil Engenharia Elétrica UFSM Programa de Pós-Graduação em Engenharia Elétrica Centro de Tecnologia |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | http://repositorio.ufsm.br/handle/1/14716 |
Resumo: | The Electric Power System (EPS) has been improved in recent years, aiming at the implementation of Smart Grids (SG). For this, it is essential to integrate information technologies and bidirectional communication networks at equipments present in the EPS. However, when making this type of advance, EPS is exposed to new types of cyber threats and vulnerabilities. An interesting solution to ensure security in the data communication network is prevent unauthorized access. For this, a use of a firewall is essential. Through efficient rules in a firewall it is possible to control all the information traffic of a network or device. With the use of a distributed firewall, each device can implement its security policies, packet filtering and rules, not depending a centralized filtering. However, the heterogeneity of equipment and devices present in the SG data communication network presents another challenge: diferents types of firewall applications can be used in the same segment of the network. With this, it is necessary to have mechanisms to perform the disclosure of rules and application of these in each device. In these terms, this work presents a solution capable of solving these prerogatives: the DIFMA Architecture (Distributed Firewall Multiple Applications), which was developed by the author of this work. This architecture is composed of three modules: DEMON (performs the management of SG participating devices in groups), RSIN (implements an overlay network to perform the disclosure of rules that will be applied to devices) e RIMA (perform the interpretation of a rule for a determined firewall application using specific plugins. To evaluate the efficiency of the DIFMA Architecture, performance tests were performed to synchronize information in the network of overlapping and creation of generic rules to apply to the participating devices of a given group. The interpretation of these rules was performed by plugins developed for the Iptables and UFW firewall applications. Based on the results obtained during these tests, DIFMA architecture proved to be an interesting and feasible alternative to be implemented in a real scenario, since the mechanisms of disclosure and interpretation of rules show to be efficient. In this way, the risk of errors during rule generation is reduced, since the operator does not have to worry about specific syntax of each firewall application that can be used by the devices participating in a group. Therefore, the DIFMA Architecture stands out in relation to other solutions found in the literature for providing an integrated and scalable solution for implementing a distributed firewall and enabling interoperability between different firewall applications. |