The definition of a correct Access Control Policy is a fundamental step in the design of a secure information system. However, the complexity of modern systems makes critical the choice upon which model to use for such definition. This is becoming particularly true for Industrial Networked Systems, where a correct access control policy must cover all the different and ever evolving interactions between all of its heterogeneous sub-systems at different levels of the production process. In this paper, with the support of an example of a typical industrial system, we highlight the limitations of the well known and widely used Role Based Access Control policy model and we propose an alternative model, built on the ideas of the Attribute Based Access Control model, showing how it can be leveraged to easily define complex access control policies in Industrial Networked Systems. We provide also a preliminary analysis on the kind of conflicts or anomalies that such expressive model can introduce.

Toward attribute-based access control policy in industrial networked systems / Cheminod, Manuel; Durante, Luca; Valenza, Fulvio; Valenzano, Adriano. - ELETTRONICO. - 2018-:(2018), pp. 1-9. ((Intervento presentato al convegno 14th IEEE International Workshop on Factory Communication Systems, WFCS 2018 tenutosi a ita nel 2018 [10.1109/WFCS.2018.8402339].

Toward attribute-based access control policy in industrial networked systems

Cheminod, Manuel;Durante, Luca;Valenza, Fulvio;Valenzano, Adriano
2018

Abstract

The definition of a correct Access Control Policy is a fundamental step in the design of a secure information system. However, the complexity of modern systems makes critical the choice upon which model to use for such definition. This is becoming particularly true for Industrial Networked Systems, where a correct access control policy must cover all the different and ever evolving interactions between all of its heterogeneous sub-systems at different levels of the production process. In this paper, with the support of an example of a typical industrial system, we highlight the limitations of the well known and widely used Role Based Access Control policy model and we propose an alternative model, built on the ideas of the Attribute Based Access Control model, showing how it can be leveraged to easily define complex access control policies in Industrial Networked Systems. We provide also a preliminary analysis on the kind of conflicts or anomalies that such expressive model can introduce.
9781538610664
File in questo prodotto:
File Dimensione Formato  
2018WFCS.pdf

non disponibili

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 260.55 kB
Formato Adobe PDF
260.55 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
2018WFCS_author.pdf

accesso aperto

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: PUBBLICO - Tutti i diritti riservati
Dimensione 262.23 kB
Formato Adobe PDF
262.23 kB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11583/2724583