A constraint and risk-aware approach to attribute-based access control for cyber-physical systems. Issue 96 (September 2020)
- Record Type:
- Journal Article
- Title:
- A constraint and risk-aware approach to attribute-based access control for cyber-physical systems. Issue 96 (September 2020)
- Main Title:
- A constraint and risk-aware approach to attribute-based access control for cyber-physical systems
- Authors:
- Baltaci Akhuseyinoglu, Nuray
Joshi, James - Abstract:
- Highlights: Separation of Duties extension to an attribute-based cyber-physical access control model. Inclusion of risk for optimal action planning in Cyber-Physical Systems. An enforcement algorithm for authorization and separation of duty policy rules. Comprehensive experiments to show the effectiveness/efficiency of enforcement algorithm. Compare the performance of a core attribute-based model to the proposed access control model. Abstract: Cyber-physical systems (CPSs) integrate cyber components and physical processes. This integration enhances the capabilities of physical systems by incorporating intelligence into objects and services. On the other hand, the integration of cyber and physical components and the interaction between them introduce new security threats. Since CPSs are mostly safety-critical systems, data stored and communicated in them are highly critical. Hence, there is a crucial need for protecting the data and resources in CPSs against unauthorized accesses. In this paper, we propose an access control (AC) framework to address CPS related security issues. The proposed framework consists of two parts: a Cyber-Physical Access Control model (CPAC) and a Generalized Action Generation Model (GAGM) . CPAC utilizes an attribute-based approach and extends it with cyber-physical components and cyber-physical interactions. In addition, we incorporate Separation of Duty (SoD) constraints into the CPAC model. GAGM is used to augment the enforcement of accessHighlights: Separation of Duties extension to an attribute-based cyber-physical access control model. Inclusion of risk for optimal action planning in Cyber-Physical Systems. An enforcement algorithm for authorization and separation of duty policy rules. Comprehensive experiments to show the effectiveness/efficiency of enforcement algorithm. Compare the performance of a core attribute-based model to the proposed access control model. Abstract: Cyber-physical systems (CPSs) integrate cyber components and physical processes. This integration enhances the capabilities of physical systems by incorporating intelligence into objects and services. On the other hand, the integration of cyber and physical components and the interaction between them introduce new security threats. Since CPSs are mostly safety-critical systems, data stored and communicated in them are highly critical. Hence, there is a crucial need for protecting the data and resources in CPSs against unauthorized accesses. In this paper, we propose an access control (AC) framework to address CPS related security issues. The proposed framework consists of two parts: a Cyber-Physical Access Control model (CPAC) and a Generalized Action Generation Model (GAGM) . CPAC utilizes an attribute-based approach and extends it with cyber-physical components and cyber-physical interactions. In addition, we incorporate Separation of Duty (SoD) constraints into the CPAC model. GAGM is used to augment the enforcement of access policies. We present formal representations of CPAC and GAGM and demonstrate their use in a sample scenario for a medical CPS. We propose an algorithm for enforcing authorization policies. We implement the CPAC model and compare its performance against the core attribute-based access control model. We present an authorization enforcement approach and show through our experimental results its feasibility. … (more)
- Is Part Of:
- Computers & security. Issue 96(2020)
- Journal:
- Computers & security
- Issue:
- Issue 96(2020)
- Issue Display:
- Volume 96, Issue 96 (2020)
- Year:
- 2020
- Volume:
- 96
- Issue:
- 96
- Issue Sort Value:
- 2020-0096-0096-0000
- Page Start:
- Page End:
- Publication Date:
- 2020-09
- Subjects:
- Attribute-based access control -- Cyber-physical systems -- Action generation -- Risk -- Separation of duties
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2020.101802 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 13815.xml