TU Darmstadt / ULB / TUbiblio

Attribute-based network and system access control architecture for industrial machines

Kern, Alexander and Anderl, Reiner (2019):
Attribute-based network and system access control architecture for industrial machines.
IEEE, In: 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IoTSMS19), Granada, Spain, 22-25 Oct. 2019, ISBN 978-1-7281-2949-5,
DOI: 10.1109/IOTSMS48152.2019.8939227,
[Conference or Workshop Item]

Abstract

With the increasing digitization and interconnection of industry, there are many opportunities for new business models. These promise great economic benefits, but at the same time pose significant threats. The strong interconnection with suppliers, vendors and customers results in an increasingly open production network. Thereby each user group has individual access requirements to the different machines within the company network and corresponding system resources. Therefore, an architecture must be developed capable of controlling access within the network as well as within the machine computer to reduce it to the required minimum. Consequently, we present in this paper an access control architecture that allows attribute-based policies to be enforced both at the network level and at the system level. The required policies are managed centrally in the network. They are then interpreted in the network first, using software-defined networking combined with a suitable policy framework. The request forwarded to the machine is then restricted in the system using an access control architecture on kernel-level and an associated policy module. Afterwards, the presented architecture is prototypically implemented and its performance is evaluated. We come to the conclusion that the presented architecture can be used effectively to reduce the access permissions to the required minimum based on attributes regarding the subject, the environment, the network and system object and the respective action.

Item Type: Conference or Workshop Item
Erschienen: 2019
Creators: Kern, Alexander and Anderl, Reiner
Title: Attribute-based network and system access control architecture for industrial machines
Language: English
Abstract:

With the increasing digitization and interconnection of industry, there are many opportunities for new business models. These promise great economic benefits, but at the same time pose significant threats. The strong interconnection with suppliers, vendors and customers results in an increasingly open production network. Thereby each user group has individual access requirements to the different machines within the company network and corresponding system resources. Therefore, an architecture must be developed capable of controlling access within the network as well as within the machine computer to reduce it to the required minimum. Consequently, we present in this paper an access control architecture that allows attribute-based policies to be enforced both at the network level and at the system level. The required policies are managed centrally in the network. They are then interpreted in the network first, using software-defined networking combined with a suitable policy framework. The request forwarded to the machine is then restricted in the system using an access control architecture on kernel-level and an associated policy module. Afterwards, the presented architecture is prototypically implemented and its performance is evaluated. We come to the conclusion that the presented architecture can be used effectively to reduce the access permissions to the required minimum based on attributes regarding the subject, the environment, the network and system object and the respective action.

Publisher: IEEE
ISBN: 978-1-7281-2949-5
Divisions: 16 Department of Mechanical Engineering
16 Department of Mechanical Engineering > Department of Computer Integrated Design (DiK)
Event Title: 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IoTSMS19)
Event Location: Granada, Spain
Event Dates: 22-25 Oct. 2019
Date Deposited: 07 Jan 2020 06:41
DOI: 10.1109/IOTSMS48152.2019.8939227
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)

View Item View Item