Archivio Istituzionale della RicercaThe definition of a correct Access Control Policy is a fundamental step in the design of a secure information system. However, the complexity of modern systems makes critical the choice upon which model to use for such definition. This is becoming particularly true for Industrial Networked Systems, where a correct access control policy must cover all the different and ever evolving interactions between all of its heterogeneous sub-systems at different levels of the production process. In this paper, with the support of an example of a typical industrial system, we highlight the limitations of the well known and widely used Role Based Access Control policy model and we propose an alternative model, built on the ideas of the Attribute Based Access Control model, showing how it can be leveraged to easily define complex access control policies in Industrial Networked Systems. We provide also a preliminary analysis on the kind of conflicts or anomalies that such expressive model can introduce.
Toward attribute-based access control policy in industrial networked systems / Cheminod, Manuel; Durante, Luca; Valenza, Fulvio; Valenzano, Adriano. - ELETTRONICO. - 2018-:(2018), pp. 1-9. (Intervento presentato al convegno 14th IEEE International Workshop on Factory Communication Systems, WFCS 2018 tenutosi a ita nel 2018) [10.1109/WFCS.2018.8402339].
Toward attribute-based access control policy in industrial networked systems
Cheminod, Manuel;Durante, Luca;Valenza, Fulvio;Valenzano, Adriano
2018
Abstract
The definition of a correct Access Control Policy is a fundamental step in the design of a secure information system. However, the complexity of modern systems makes critical the choice upon which model to use for such definition. This is becoming particularly true for Industrial Networked Systems, where a correct access control policy must cover all the different and ever evolving interactions between all of its heterogeneous sub-systems at different levels of the production process. In this paper, with the support of an example of a typical industrial system, we highlight the limitations of the well known and widely used Role Based Access Control policy model and we propose an alternative model, built on the ideas of the Attribute Based Access Control model, showing how it can be leveraged to easily define complex access control policies in Industrial Networked Systems. We provide also a preliminary analysis on the kind of conflicts or anomalies that such expressive model can introduce.
| File | Dimensione | Formato | |
|---|---|---|---|
|
2018WFCS.pdf
non disponibili
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
260.55 kB
Formato
Adobe PDF
|
260.55 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
|
2018WFCS_author.pdf
accesso aperto
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
PUBBLICO - Tutti i diritti riservati
Dimensione
262.23 kB
Formato
Adobe PDF
|
262.23 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2724583