PORTO @ Archivio Istituzionale della Ricerca

Access control (AC) is the core of every architectural solution for information security. Indeed, no effective protection scheme can abstract from the careful design of access control policies, and infrastructures underlying modern Industrial Networked Systems (INSs) are not exceptions from this point of view. This paper presents a comprehensive framework for INS access control. The proposed approach enables the description of both positive and negative AC policies, by applying the Role Based Access Control (RBAC) paradigm to typical INS implementations, while taking into account different levels of abstraction. Suitable techniques are adopted to check whether or not policies are correctly implemented in the system (verification). When conflicts are detected, possible (re)assignments of credentials to the system users are automatically computed, that can be adopted to correct anomalies (conflict resolution).

Automated Fixing of Access Policy Implementation in Industrial Networked Systems / Cheminod, Manuel; Durante, Luca; Seno, Lucia; Valenza, Fulvio; Valenzano, Adriano. - ELETTRONICO. - (2017). (Intervento presentato al convegno 13th IEEE International Workshop on Factory Communication Systems tenutosi a Trondheim (NO) nel May 31 - June 2) [10.1109/WFCS.2017.7991947].

Automated Fixing of Access Policy Implementation in Industrial Networked Systems

CHEMINOD, MANUEL;DURANTE, LUCA;VALENZA, FULVIO;VALENZANO, ADRIANO
2017

Abstract

Access control (AC) is the core of every architectural solution for information security. Indeed, no effective protection scheme can abstract from the careful design of access control policies, and infrastructures underlying modern Industrial Networked Systems (INSs) are not exceptions from this point of view. This paper presents a comprehensive framework for INS access control. The proposed approach enables the description of both positive and negative AC policies, by applying the Role Based Access Control (RBAC) paradigm to typical INS implementations, while taking into account different levels of abstraction. Suitable techniques are adopted to check whether or not policies are correctly implemented in the system (verification). When conflicts are detected, possible (re)assignments of credentials to the system users are automatically computed, that can be adopted to correct anomalies (conflict resolution).
2017
4.1 Contributo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
2017WFCS_ACP.pdf

non disponibili

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 354.39 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
354.39 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
2017WFCS_ACP_author.pdf

accesso aperto

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: PUBBLICO - Tutti i diritti riservati
Dimensione 357.69 kB
Formato Adobe PDF
Visualizza/Apri
357.69 kB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2672412