Abstract
Cyber-Physical Systems (CPSs) is the key-pillar technology for the implementation of the Industry 4.0 concept. In the industrial sector, a physical entity with internet-enabled capabilities is an example of a CPS. Considering the criticality of the processes controlled by CPS, only authorized entities should have access to those systems under certain conditions. Existing access control approaches implemented in the industrial sector mainly rely on the roles that subjects may have to facilitate the separation of duty concept. However, context information and its mutability over time were out of the scope of implemented access control mechanisms. In this chapter, we investigate the application of the advanced access control paradigm to enable continuous control of Industrial Control Systems (ICS) usage according to context-aware security policies. We provide a framework description along with its implementation in a simulation environment. Finally, the obtained results regarding the system’s performance are outlined along with a discussion for potential improvement.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
References
Andreeva O, Gordeychik S, Gritsai G, Kochetova O, Potseluevskaya E, Sidorov SI, Timorin AA (2016) Industrial control systems vulnerabilities statistics. Kaspersky Lab, Report
Carniani E, D’Arenzo D, Lazouski A, Martinelli F, Mori P (2016) Usage control on cloud systems. Futur Gener Comput Syst 63:37–55
Colombo AW, Bangemann T, Karnouskos S, Delsing J, Stluka P, Harrison R, Jammes F, Lastra JL et al (2014) Industrial cloud-based cyber-physical systems. IMC-AESOP Approach 22
Colombo M, Lazouski A, Martinelli F, Mori P (2010) A proposal on enhancing xacml with continuous usage control features. In: Grids, P2P and Services Computing. Springer, pp 133–146
Easttom C (2019) Computer security fundamentals. Pearson IT certification
** X, Krishnan R, Sandhu R (2012) A unified attribute-based access control model covering dac, mac and rbac. In: IFIP annual conference on data and applications security and privacy. Springer, pp 41–55
Khaitan SK, McCalley JD (2014) Design techniques and applications of cyberphysical systems: a survey. IEEE Syst J 9(2):350–365
La Marra A, Martinelli F, Mori P, Saracino A (2017) Implementing usage control in internet of things: a smart home use case. In: 2017 IEEE Trustcom/BigDataSE/ICESS. IEEE, pp 1056–1063
Latif H, Shao G, Starly B (2019) Integrating a dynamic simulator and advanced process control using the opc-ua standard. Procedia Manuf 34:813–819
Lazouski A, Mancini G, Martinelli F, Mori P (2012) Usage control in cloud systems. In: 2012 international conference for internet technology and secured transactions. IEEE, pp 202–207
Lazouski A, Martinelli F, Mori P, Saracino A (2017) Stateful data usage control for android mobile devices. Int J Inf Secur 16(4):345–369
Leitner SH, Mahnke W (2006) Opc ua-service-oriented architecture for industrial applications. ABB Corp Res Cent 48:61–66
Liang G, Weller SR, Zhao J, Luo F, Dong ZY (2016) The 2015 Ukraine blackout: implications for false data injection attacks. IEEE Trans Power Syst 32(4):3317–3318
Libicki M (2015) The cyber war that wasn’t. Cyber war in perspective: Russian aggression against Ukraine, pp 49–50
Luiijf E (2016) Threats in industrial control systems. In: Cyber-security of SCADA and other industrial control systems. Springer, pp 69–93
OPC Foundation (2017) OPC UA Part 3—security model release 1.04 specification. https://opcfoundation.org/developer-tools/specifications-unified-architecture/part-3-address-space-model/
OPC Foundation (2018) OPC UA Part 1—address space model release 1.04 specification. https://opcfoundation.org/developer-tools/specifications-unified-architecture/part-1-overview-and-concepts/
OPC Foundation (2018) OPC UA Part 2—security model release 1.04 specification. https://opcfoundation.org/developer-tools/specifications-unified-architecture/part-2-security-model/
OPC Foundation (2018) OPC UA Part 5—information model release 1.04 specification. https://opcfoundation.org/developer-tools/specifications-unified-architecture/part-5-information-model/
Park J, Sandhu R (2002) Towards usage control models: beyond traditional access control. In: Proceedings of the seventh ACM symposium on access control models and technologies. ACM, pp 57–64
Park J, Sandhu R (2004) The ucon abc usage control model. ACM Trans Inf Syst Secur (TISSEC) 7(1):128–174
Probst CW, Hunker J, Bishop M, Gollmann D (2010) Insider threats in cyber security, vol 49. Springer
Rissanen E, Oasis extensible access control markup language (xacml) version 3.0. OASIS Comm Specification 1
Robert M, Lee Michael J, Assante TC (2016) Analysis of the cyber attack on the Ukrainian power grid: defense use case. https://ics.sans.org/duc5
Sandhu R (2000) Engineering authority and trust in cyberspace: the om-am and rbac way. In: Proceedings of the fifth ACM workshop on Role-based access control. ACM, pp 111–119
Sandhu R, Ranganathan K, Zhang X (2006) Secure information sharing enabled by trusted computing and pei models. In: Proceedings of the 2006 ACM symposium on information, computer and communications security. ACM, pp 2–12
Sandhu RS (1993) Lattice-based access control models. Computer 26(11):9–19
Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. Computer 29(2):38–47
Sandhu RS, Samarati P (1994) Access control: principle and practice. IEEE Commun Mag 32(9):40–48
Schleipen M, Selyansky E, Henssen R, Bischoff T (2015) Multi-level user and role concept for a secure plug-and-work based on opc ua and automationml. In: 2015 IEEE 20th conference on emerging technologies & factory automation (ETFA). IEEE, pp 1–4
Wang Y, Liu J, Yang C, Zhou L, Li S, Xu Z (2018) Access control attacks on plc vulnerabilities. J Comput Commun 6(11):311–325
Watson V, Sassmannshausen J, Waedt K (2019) Secure granular interoperability with opc ua. In: INFORMATIK 2019: 50 Jahre Gesellschaft für Informatik–Informatik für Gesellschaft (Workshop-Beiträge). Gesellschaft für Informatik eV
Wolf WH (2009) Cyber-physical systems. IEEE Comput 42(3):88–89
Wu D, Rosen DW, Wang L, Schaefer D (2015) Cloud-based design and manufacturing: a new paradigm in digital manufacturing and design innovation. Comput-Aided Des 59:1–14
Xu Y, Yang Y, Li T, Ju J, Wang Q (2017) Review on cyber vulnerabilities of communication protocols in industrial control systems. In: 2017 IEEE conference on energy internet and energy system integration (EI2). IEEE, pp 1–6
Acknowledgements
This contribution was partially supported by the EU H2020 funded project SPARTA, ga n. 830892, EU H2020 founded project NeCS, ga n. 675320 and EU H2020 founded project E-CORRIDOR, ga n. 883135
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Osliak, O., Mori, P., Saracino, A. (2023). Usage Control for Industrial Control System. In: Dimitrakos, T., Lopez, J., Martinelli, F. (eds) Collaborative Approaches for Cyber Security in Cyber-Physical Systems. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-16088-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-16088-2_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-16087-5
Online ISBN: 978-3-031-16088-2
eBook Packages: Computer ScienceComputer Science (R0)