skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Security control methods for CEDR

Abstract

The purpose of this document is to summarize the findings of recent studies on the security problem in statistical databases and examine their applicability to the specific needs of CEDR. The document is organized as follows: In Section 2 we describe some general control methods which are available on most commercial database software. In Section 3 we provide a classification of statistical security methods. In Section 4 we analyze the type of users of CEDR and the security control methods which may be applied to each type. In Section 5 we summarize the findings of this study and recommend possible solutions.

Authors:
Publication Date:
Research Org.:
Lawrence Berkeley Lab., CA (United States)
Sponsoring Org.:
USDOE, Washington, DC (United States)
OSTI Identifier:
10128575
Report Number(s):
LBL-30316
ON: DE92009507
DOE Contract Number:
AC03-76SF00098
Resource Type:
Technical Report
Resource Relation:
Other Information: PBD: Sep 1990
Country of Publication:
United States
Language:
English
Subject:
99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE; DATA BASE MANAGEMENT; SECURITY; PERSONNEL; RECORDS MANAGEMENT; PROGRAMMING; EXECUTIVE CODES; EQUIPMENT INTERFACES; STATISTICAL MODELS; VARIATIONS; PERFORMANCE; CONTROL; COMPUTERIZED CONTROL SYSTEMS; 990200; MATHEMATICS AND COMPUTERS

Citation Formats

Rotem, D. Security control methods for CEDR. United States: N. p., 1990. Web. doi:10.2172/10128575.
Copy to clipboard
Rotem, D. Security control methods for CEDR. United States. doi:10.2172/10128575.
Copy to clipboard
Rotem, D. Sat . "Security control methods for CEDR". United States. doi:10.2172/10128575. https://www.osti.gov/servlets/purl/10128575.
Copy to clipboard
@article{osti_10128575,
title = {Security control methods for CEDR},
author = {Rotem, D.},
abstractNote = {The purpose of this document is to summarize the findings of recent studies on the security problem in statistical databases and examine their applicability to the specific needs of CEDR. The document is organized as follows: In Section 2 we describe some general control methods which are available on most commercial database software. In Section 3 we provide a classification of statistical security methods. In Section 4 we analyze the type of users of CEDR and the security control methods which may be applied to each type. In Section 5 we summarize the findings of this study and recommend possible solutions.},
doi = {10.2172/10128575},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Sat Sep 01 00:00:00 EDT 1990},
month = {Sat Sep 01 00:00:00 EDT 1990}
}
Copy to clipboard
Technical Report:
View Technical Report (0.96 MB)
DOI:  10.2172/10128575
Save / Share:
Export Metadata
Save to My Library
You must Sign In or Create an Account in order to save documents to your library.

  • The purpose of this document is to summarize the findings of recent studies on the security problem in statistical databases and examine their applicability to the specific needs of CEDR. The document is organized as follows: In Section 2 we describe some general control methods which are available on most commercial database software. In Section 3 we provide a classification of statistical security methods. In Section 4 we analyze the type of users of CEDR and the security control methods which may be applied to each type. In Section 5 we summarize the findings of this study and recommend possiblemore » solutions.« less

  • Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cybermore » security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was selected from the list of standards identified in the identification effort. The requirements in these seven standards were then compared against the requirements given in the Framework. This comparison identified gaps (requirements not covered) in both the individual industry standards and in the Framework. In addition to the sector-specific standards reviewed, the team compared the requirements in the cross-sector Instrumentation, Systems, and Automation Society (ISA) Technical Reports (TR) 99 -1 and -2 to the Framework requirements. The Framework defines a set of security classes separated into families as functional requirements for control system security. Each standard reviewed was compared to this template of requirements to determine if the standard requirements closely or partially matched these Framework requirements. An analysis of each class of requirements pertaining to each standard reviewed can be found in the comparison results section of this report. Refer to Appendix A, ''Synopsis of Comparison Results'', for a complete graphical representation of the study's findings at a glance. Some of the requirements listed in the Framework are covered by many of the standards, while other requirements are addressed by only a few of the standards. In some cases, the scope of the requirements listed in the standard for a particular industry greatly exceeds the requirements given in the Framework. These additional families of requirements, identified by the various standards bodies, could potentially be added to the Framework. These findings are, in part, due to the maturity both of the security standards themselves and of the different industries current focus on security. In addition, there are differences in how communication and control is used in different industries and the consequences of disruptions via security breaches to each particular industry that could affect how security requirements are prioritized. The differences in the requirements listed in the Framework and in the various industry standards are due, in part, to differences in the level and purpose of the standards. While the requirements in the Framework are fairly specific, many of the industry standard requirements are more general in nature. Additionally, the Framework requirements, derived from the ''Common Criteria for Information Technology Security Evaluation'', are component-based, while most of the industry standards are system-based. The findings of this study will allow the CSSC Framework Team and the standards organizations responsible for the reviewed standards to quickly grasp the relationship between their requirements and the Framework, as well as the relationship between their standard and other industry sectors. This will help identify areas for future work in developing improved security standards.« less

  • We investigate in this report the issue of data management across multiple pre-existing databases characterized by various degrees of heterogeneity. Different approaches to the problem of data management in heterogeneous environments are reviewed and their advantages and disadvantages are discussed. We examine in some detail the problem of schema integration involved in these approaches. We illustrate different aspects of data management in heterogeneous environments with examples from the Comprehensive Epidemiological Data Resource (CEDR) project, and conclude the report with recommendations for CEDR. These recommendations are summarized in this paper.

  • On August 2, 1989, Admiral Watkins, Secretary of the US Department of Energy (DOE), presented a four-point program designed to enhance the DOE epidemiology program. One part of this program was the establishment of a Comprehensive Epidemiologic Data Resource (CEDR) to facilitate independent research to validate and supplement DOE research on human health effects. A Dosimetry Working Group was formed during May 1991 to evaluate radiation dose variables and associated documentation that would be most useful to researchers for retrospective and prospective studies. The Working Group consisted of thirteen individuals with expertise and experience in health physics, epidemiology, dosimetry, computing,more » and industrial hygiene. A final report was delivered to CEDR Project Management during February 1992. The report contains a number of major recommendations concerning collection, interpretation, and documentation of dosimetry data to maximize their usefulness to researchers using CEDR for examining possible health effects of occupational exposure to ionizing radiation.« less

  • The Department of Energy (DOE) and its predecessor agencies have a long history of epidemiologic research programs. The main focus of these programs has been the Health and Mortality Study of the DOE work force. This epidemiologic study began in 1964 with a feasibility study of workers at the Hanford facility. Studies of other populations exposed to radiation have also been supported, including the classic epidemiologic study of radium dial painters and studies of atomic bomb survivors. From a scientific perspective, these epidemiologic research program have been productive, highly credible, and formed the bases for many radiological protection standards. Recently,more » there has been concern that, although research results were available, the data on which these results were based were not easily obtained by interested investigators outside DOE. Therefore, as part of an effort to integrate and broaden access to its epidemiologic information, the DOE has developed the Comprehensive Epidemiologic Data Resource (CEDR) Program. Included in this effort is the development of a computer information system for accessing the collection of CEDR data and its related descriptive information. The epidemiologic data currently available through the CEDAR Program consist of analytic data sets, working data sets, and their associated documentation files. In general, data sets are the result of epidemiologic studies that have been conducted on various groups of workers at different DOE facilities during the past 30 years.« less