Abstract
Dynamic access control in industrial systems is becoming a concern of greater importance as a consequence of the increasingly flexible manufacturing systems developed within the Industry 4.0 paradigm. With the shift from control system security design based on implicit trust toward a zero-trust approach, fine grained access control is a fundamental requirement.
In this article, we look at an access control enforcement architecture and authorization protocol outlined as part of the Open Process Communication Unified Automation (OPC UA) protocol that can allow sufficiently dynamic and fine-grained access control. We present an implementation, and evaluates a set of important quality metrics related to this implementation, as guidelines and considerations for introduction of this protocol in industrial settings. Two approaches for optimization of the authorization protocol are presented and evaluated, which more than halves the average connection establishment time compared to the initial approach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
reference.opcfoundation.org/GDS/v105/docs/9.
- 2.
github.com/OPCFoundation/UA-.NETStandard.
- 3.
reference.opcfoundation.org/GDS/v105/docs/9.6.5.
- 4.
800xahardwareselector.com/product/ci845.
References
Sigov, A., Ratkin, L., Ivanov, L.A., Xu, L.D.: Emerging enabling technologies for industry 4.0 and beyond. Inform. Syst. Front. 1–11 (2022). https://doi.org/10.1007/s10796-021-10213-w
Thoben, K.D., Wiesner, S., Wuest, T.: Industrie 4.0 and smart manufacturing - a review of research issues and application examples. Intl. J. Autom. Technol. 11(1), 4–16 January (2017)
Lu, Y.: Industry 4.0: a survey on technologies, applications and open research issues. J. Ind. Inf. Integr. 6, 1–10 (2017)
Zanasi, C., Magnanini, F., Russo, S., Colajanni, M.: A zero trust approach for the cybersecurity of industrial control systems. In: 2022 IEEE 21st International Symposium on Network Computing and Applications (NCA), vol. 21, pp. 1–7, (2022)
Leander, B., Johansson, B., Lindström, T., Holmström, O., Nolte, T., Papadopoulos, A.V.: Dependability and Security Aspects of Network-Centric Control. In: 28th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), IEEE (2023)
Saltzer, J.H., Schroeder, M.D.: The Protection of Information in Computer Systems. In: proceedings of the IEEE, vol. 63, pp. 1278–1308, September (1975)
Rose, S., Borchert, O., Mitchell, S., Connelly, S.: Zero Trust Architecture tech. rep., National Institute of Standards and Technology, Gaithersburg, MD. Aug (2020)
Sandhu, R., Ranganathan, K., Zhang, X.: Secure information sharing enabled by trusted computing and PEI models. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ASIACCS ’06, vol. 2006, pp. 2–12 (2006)
Leander, B., Čaušević, A., Hansson, H., Lindström, T.: Toward an ideal access control strategy for industry 4.0 manufacturing systems. IEEE Access 9, 114037–114050 (2021)
Knorr, K.: Dynamic access control through Petri net workflows. In: Proceedings - Annual Computer Security Applications Conference, ACSAC, vol. 2000-January, pp. 159–167 (2000)
Leander, B., Čaušević, A., Lindström, T., Hansson, H.: Access control enforcement architectures for dynamic manufacturing systems. In: 2023 IEEE 20th International Conference on Software Architecture (ICSA), pp. 82–92 (2023)
IEC 62541 OPC unified architecture, standard, International Electrotechnical Commission, Geneva, CH (2016)
Alcaraz, C., Lopez, J., Wolthusen, S.: Policy enforcement system for secure interoperable control in distributed smart grid systems. J. Netw. Comput. Appl. 59, 301–314 (2016)
Martinelli, F., Osliak, O., Mori, P., Saracino, A.: Improving security in industry 4.0 by extending OPC-UA with usage control. In: 15th International Conference on Availability, Reliability and Security, ACM, (2020)
Park, J., Sandhu, R.: The UCON\(_{ABC}\) usage control model. ACM Trans. Inform. Syst. Secur. 7(1), 128–174 (2004)
Cavalieri, S., Chiacchio, F.: Analysis of OPC UA performances. Comput. Stand. Interfaces 36(1), 165–177 (2013)
Kohnhäuser, F., Coppik, N., Mendoza, F., Kumari, A.: On the feasibility and performance of secure OPC UA communication with IIoT Devices. Lecture Notes in Computer Science, vol. 13414 LNCS, pp. 189–203 (2022)
Rocha, M.S., Sestito, G.S., Dias, A.L., Turcato, A.C., Brandao, D.: Performance comparison between OPC UA and MQTT for Data Exchange. In: 2018 Workshop on Metrology for Industry 4.0 and IoT, MetroInd 4.0 and IoT 2018 - Proceedings, pp. 175–179 (2018)
MQTT Version 5.0, OASIS Standard, March 2019. Edited by Andrew Banks, Ed Briggs, Ken Borgendale, and Rahul Gupta
Burger, A., Koziolek, H., Rückert, J., Platenius-Mohr, M., Stomberg, G.: Bottleneck identification and performance modeling of OPC UA communication models. In: ICPE 2019 - Proceedings of the 2019 ACM/SPEC International Conference on Performance Engineering, pp. 231–242 (2019)
Silva, D., Carvalho, L.I., Soares, J., Sofia, R.C.: A performance analysis of internet of things networking. Appl. Sci. 11(4879), 1–30 (2021)
Ladegourdie, M., Kua, J.: Performance analysis of OPC UA for industrial interoperability towards industry 4.0. IoT 3(4), 507–525 (2022)
eXtensible Access Control Markup Language ( XACML ) Version 3. 0 Plus Errata 01, OASIS Standard incorporating Approved Errata., July 2017. Edited by Erik Rissanen
Hu, V.C.: Guide to Attribute Based Access Control (ABAC) Definition and Considerations. tech. rep., NIST (2014)
Bengtsson, J., Larsson, F., Larsen, K., Pettersson, P., Yi, W.: "UPPAAL - a Tool for Automatic Verifictation of Real-Time Systems," DoCS Technical Report Nr 96/97, Uppsala University, January (2016)
Jones, M., Bradley, J., Sakimura, N.: JSON Web Token (JWT). RFC 7519, May (2015)
Acknowledgements
This work is supported by ABB AB; the industrial postgraduate school Automation Region Research Academy (ARRAY), funded by The Knowledge Foundation; and the Horizon 2020 project InSecTT. InSecTT (www.insectt.eu) has received funding from the ECSEL Joint Undertaking (JU) under grant agreement No 876038. The JU receives support from the European Union’s Horizon 2020 research and innovation programme and Austria, Sweden, Spain, Italy, France, Portugal, Ireland, Finland, Slovenia, Poland, Netherlands, Turkey\(^8\)(The document reflects only the author’s view and the Commission is not responsible for any use that may be made of the information it contains.)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Leander, B., Čaušević, A., Hansson, H., Lindström, T. (2024). Evaluation of an OPC UA-Based Access Control Enforcement Architecture. In: Katsikas, S., et al. Computer Security. ESORICS 2023 International Workshops. ESORICS 2023. Lecture Notes in Computer Science, vol 14398. Springer, Cham. https://doi.org/10.1007/978-3-031-54204-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-54204-6_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-54203-9
Online ISBN: 978-3-031-54204-6
eBook Packages: Computer ScienceComputer Science (R0)