Validating Security and Resiliency in Software Defined Networks for Smart Grids
February 16, 2018
This is a presentation of CREDC Affiliated Research.
Abstract: In this CREDC Affiliate presentation we will discuss how the communication network underlying the smart grid is required to be resilient to the failures of network devices or links among them, while complying to the access control requirements specified by a regulatory regime (e.g., NERC-CIP). We propose a Resilient Routing Policy (RRP) specification that allows the network operator to express such simultaneous requirements of a Software Defined Network (SDN). The SDN architecture provides flexibility for provisioning resilient networks by providing the fast-failover mechanism. However, in order to guarantee that the SDN conforms to RRP, its control-plane state needs to be validated. To that end, we present a framework to exhaustively analyze a snapshot of the SDN’s control-plane state to compute packet flows between any pair of ports. Our framework uses data structures and algorithms to rapidly compute the effect of events such as link failure on the network-wide packet flows. Finally, we present two case studies of RRP validation to express resiliency and security properties in the power grid networks and show that the validation can be performed at scale.