Kern, Alexander ; Anderl, Reiner (2019)
Attribute-based network and system access control architecture for industrial machines.
2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IoTSMS19). Granada, Spain (22.10.2019-25.10.2019)
doi: 10.1109/IOTSMS48152.2019.8939227
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
With the increasing digitization and interconnection of industry, there are many opportunities for new business models. These promise great economic benefits, but at the same time pose significant threats. The strong interconnection with suppliers, vendors and customers results in an increasingly open production network. Thereby each user group has individual access requirements to the different machines within the company network and corresponding system resources. Therefore, an architecture must be developed capable of controlling access within the network as well as within the machine computer to reduce it to the required minimum. Consequently, we present in this paper an access control architecture that allows attribute-based policies to be enforced both at the network level and at the system level. The required policies are managed centrally in the network. They are then interpreted in the network first, using software-defined networking combined with a suitable policy framework. The request forwarded to the machine is then restricted in the system using an access control architecture on kernel-level and an associated policy module. Afterwards, the presented architecture is prototypically implemented and its performance is evaluated. We come to the conclusion that the presented architecture can be used effectively to reduce the access permissions to the required minimum based on attributes regarding the subject, the environment, the network and system object and the respective action.
Typ des Eintrags: | Konferenzveröffentlichung |
---|---|
Erschienen: | 2019 |
Autor(en): | Kern, Alexander ; Anderl, Reiner |
Art des Eintrags: | Bibliographie |
Titel: | Attribute-based network and system access control architecture for industrial machines |
Sprache: | Englisch |
Publikationsjahr: | 10 November 2019 |
Verlag: | IEEE |
Veranstaltungstitel: | 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IoTSMS19) |
Veranstaltungsort: | Granada, Spain |
Veranstaltungsdatum: | 22.10.2019-25.10.2019 |
DOI: | 10.1109/IOTSMS48152.2019.8939227 |
Kurzbeschreibung (Abstract): | With the increasing digitization and interconnection of industry, there are many opportunities for new business models. These promise great economic benefits, but at the same time pose significant threats. The strong interconnection with suppliers, vendors and customers results in an increasingly open production network. Thereby each user group has individual access requirements to the different machines within the company network and corresponding system resources. Therefore, an architecture must be developed capable of controlling access within the network as well as within the machine computer to reduce it to the required minimum. Consequently, we present in this paper an access control architecture that allows attribute-based policies to be enforced both at the network level and at the system level. The required policies are managed centrally in the network. They are then interpreted in the network first, using software-defined networking combined with a suitable policy framework. The request forwarded to the machine is then restricted in the system using an access control architecture on kernel-level and an associated policy module. Afterwards, the presented architecture is prototypically implemented and its performance is evaluated. We come to the conclusion that the presented architecture can be used effectively to reduce the access permissions to the required minimum based on attributes regarding the subject, the environment, the network and system object and the respective action. |
Fachbereich(e)/-gebiet(e): | 16 Fachbereich Maschinenbau 16 Fachbereich Maschinenbau > Fachgebiet Datenverarbeitung in der Konstruktion (DiK) (ab 01.09.2022 umbenannt in "Product Life Cycle Management") |
Hinterlegungsdatum: | 07 Jan 2020 06:41 |
Letzte Änderung: | 07 Jan 2020 06:41 |
PPN: | |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Frage zum Eintrag |
Optionen (nur für Redakteure)
Redaktionelle Details anzeigen |