https://www.mdu.se/

mdu.sePublications
Change search
Link to record
Permanent link

Direct link
Alternative names
Publications (10 of 50) Show all publications
Leander, B., Causevic, A., Lindström, T. & Hansson, H. (2024). Evaluation of an OPC UA-based access control enforcement architecture. In: International Workshops which were held in conjunction with 28th European Symposium on Research in Computer Security, ESORICS 2023. The Hague 25 September 2023 through 29 September 2023. Code 309159: . Paper presented at 28th European Symposium on Research in Computer Security, ESORICS 2023 (pp. 124-144). Springer Science+Business Media B.V.
Open this publication in new window or tab >>Evaluation of an OPC UA-based access control enforcement architecture
2024 (English)In: International Workshops which were held in conjunction with 28th European Symposium on Research in Computer Security, ESORICS 2023. The Hague 25 September 2023 through 29 September 2023. Code 309159, Springer Science+Business Media B.V., 2024, p. 124-144Conference paper, Published paper (Other academic)
Abstract [en]

Dynamic access control in industrial systems is becoming a concern of greater importance as a consequence of the increasingly flexible manufacturing systems developed within the Industry 4.0 paradigm. With the shift from control system security design based on implicit trust toward a zero-trust approach, fine grained access control is a fundamental requirement. In this article, we look at an access control enforcement architecture and authorization protocol outlined as part of the Open Process Communication Unified Automation (OPC UA) protocol that can allow sufficiently dynamic and fine-grained access control. We present an implementation, and evaluates a set of important quality metrics related to this implementation, as guidelines and considerations for introduction of this protocol in industrial settings. Two approaches for optimization of the authorization protocol are presented and evaluated, which more than halves the average connection establishment time compared to the initial approach.

Place, publisher, year, edition, pages
Springer Science+Business Media B.V., 2024
Series
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics, ISSN 03029743 ; 14398
Keywords
Access control enforcements, Control system security, Dynamic access control, Enforcement architectures, Fine grained, Implicit trusts, Industrial systems, Open process, Process communication, Security design
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-64507 (URN)10.1007/978-3-031-54204-6_7 (DOI)001207238300007 ()2-s2.0-85187776017 (Scopus ID)9783031542039 (ISBN)
Conference
28th European Symposium on Research in Computer Security, ESORICS 2023
Available from: 2023-10-11 Created: 2023-10-11 Last updated: 2024-05-15Bibliographically approved
Leander, B., Causevic, A., Lindström, T. & Hansson, H. (2023). Access Control Enforcement Architectures for Dynamic Manufacturing Systems. In: Proc. - IEEE Int. Conf. Softw. Architecture, ICSA: . Paper presented at Proceedings - IEEE 20th International Conference on Software Architecture, ICSA 2023 (pp. 82-92). Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Access Control Enforcement Architectures for Dynamic Manufacturing Systems
2023 (English)In: Proc. - IEEE Int. Conf. Softw. Architecture, ICSA, Institute of Electrical and Electronics Engineers Inc. , 2023, p. 82-92Conference paper, Published paper (Refereed)
Abstract [en]

Industrial control systems are undergoing a trans-formation driven by business requirements as well as technical advances, aiming towards increased connectivity, flexibility and high level of modularity, that implies a need to revise existing cybersecurity measures. Access control, being one of the major security mechanisms in any system, is largely affected by these advances.In this article we investigate access control enforcement architectures, aiming at the principle of least privilege1 in dynamically changing access control scenarios of dynamic manufacturing systems. Several approaches for permission delegation of dynamic access control policy decisions are described. We present an implementation using the most promising combination of architecture and delegation mechanism for which available industrial standards are applicable.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2023
Keywords
Access Control, Cybersecurity, Dynamic Manufacturing, Industrial Automation and Control Systems
National Category
Control Engineering
Identifiers
urn:nbn:se:mdh:diva-62589 (URN)10.1109/ICSA56044.2023.00016 (DOI)000990536000008 ()2-s2.0-85159186538 (Scopus ID)9798350397499 (ISBN)
Conference
Proceedings - IEEE 20th International Conference on Software Architecture, ICSA 2023
Available from: 2023-05-29 Created: 2023-05-29 Last updated: 2023-10-12Bibliographically approved
Opacin, S., Rizvanovic, L., Leander, B., Mubeen, S. & Causevic, A. (2023). Developing and Evaluating MQTT Connectivity for an Industrial Controller. In: Mediterranean Conf. Embed. Comput., MECO: . Paper presented at 12th Mediterranean Conference on Embedded Computing, MECO 2023. Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Developing and Evaluating MQTT Connectivity for an Industrial Controller
Show others...
2023 (English)In: Mediterranean Conf. Embed. Comput., MECO, Institute of Electrical and Electronics Engineers Inc. , 2023Conference paper, Published paper (Refereed)
Abstract [en]

Technical advances as well as continuously evolving business demands are reshaping the need for flexible connectivity in industrial control systems. A way to achieve such needs is by using a service-oriented approach, where a connectivity service middleware provides controller as well as protocol-specific interfaces. The Message Queuing Telemetry Transport (MQTT) protocol is a widely used protocol for device-to-device communication in the Internet of Things (IoT). However it is not commonly integrated in industrial control systems. To address this gap, this paper describes the development and implementation of a prototype of a connectivity service middleware for MQTT within an industrial private control network. The prototype implementation is done in the context of an industrial controller, and used in a simulated modular automation system. Furthermore, various deployment scenarios are evaluated with respect to response time and scalability of the connectivity service.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2023
Keywords
Automation, Control systems, Information services, Internet of things, Middleware, Business demands, Connectivity services, Device-to-Device communications, Industrial control systems, Industrial controllers, Service middlewares, Service-oriented approaches, Specific interface, Technical advances, Transport protocols, Controllers
National Category
Communication Systems
Identifiers
urn:nbn:se:mdh:diva-63917 (URN)10.1109/MECO58584.2023.10154921 (DOI)2-s2.0-85164948603 (Scopus ID)9798350322910 (ISBN)
Conference
12th Mediterranean Conference on Embedded Computing, MECO 2023
Available from: 2023-07-26 Created: 2023-07-26 Last updated: 2024-01-18Bibliographically approved
Mehmed, A., Causevic, A., Steiner, W. & Punnekkat, S. (2022). Early Concept Evaluation of a Runtime Monitoring Approach for Safe Automated Driving. In: 2022 IEEE Zooming Innovation in Consumer Technologies Conference (ZINC): . Paper presented at Zooming Innovation in Consumer Technologies Conference (ZINC), 25-26 May 2022, Novi Sad, Serbia (pp. 53-58). IEEE
Open this publication in new window or tab >>Early Concept Evaluation of a Runtime Monitoring Approach for Safe Automated Driving
2022 (English)In: 2022 IEEE Zooming Innovation in Consumer Technologies Conference (ZINC), IEEE, 2022, p. 53-58Conference paper, Published paper (Refereed)
Abstract [en]

Being used in key features, such as sensing and intelligent path planning, Artificial Intelligence (AI) has become an inevitable part of automated vehicles (AVs). However, their usage in the automotive industry always comes with a 'label' that questions their impact on the overall AV safety. This paper focuses on the safe deployment of AI-based AVs. Among the various ways for ensuring the safety of AI-based AVs is to monitor the safe execution of the system responsible for automated driving (i.e., Automated Driving System (ADS)) at runtime (i.e., runtime monitoring). Most of the research done in the past years focused on verifying whether the path or trajectory generated by the ADS does not immediately collide with objects on the road. However, as we will show in this paper, there are other unsafe situations that do not immediately result in a collision but the monitor should check for them. To build our case, we have looked into the National Highway Traffic Safety Administration (NHTSA) database of 5.9 million police-reported light-vehicle accidents and categorized these accidents into five main categories of unsafe vehicle operations. Furthermore, we have performed a high-level evaluation of the runtime monitoring approach proposed in [1], by estimating what percentage of the total population of 5.9 million of unsafe operations the approach would be able to detect. Lastly, we have performed the same evaluation on other existing runtime monitoring approaches to make a basic comparison of their diagnostic capabilities.

Place, publisher, year, edition, pages
IEEE, 2022
Keywords
accident prevention, highway accidents, motion planning, vehicles
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-51849 (URN)10.1109/ZINC55034.2022.9840649 (DOI)2-s2.0-85136371722 (Scopus ID)978-1-6654-8374-2 (ISBN)
Conference
Zooming Innovation in Consumer Technologies Conference (ZINC), 25-26 May 2022, Novi Sad, Serbia
Available from: 2020-10-26 Created: 2020-10-26 Last updated: 2022-09-07Bibliographically approved
Frasheri, M., Struhar, V., Papadopoulos, A. V. & Causevic, A. (2022). Ethics of autonomous collective decision-making: The caesar framework. Science and Engineering Ethics, 28(6), Article ID 61.
Open this publication in new window or tab >>Ethics of autonomous collective decision-making: The caesar framework
2022 (English)In: Science and Engineering Ethics, ISSN 1353-3452, E-ISSN 1471-5546, Vol. 28, no 6, article id 61Article in journal (Refereed) Published
Abstract [en]

In recent years, autonomous systems have become an important research area and application domain, with a significant impact on modern society. Such systems are characterized by different levels of autonomy and complex communication infrastructures that allow for collective decision-making strategies. There exist several publications that tackle ethical aspects in such systems, but mostly from the perspective of a single agent. In this paper we go one step further and discuss these ethical challenges from the perspective of an aggregate of autonomous systems capable of collective decision-making. In particular, in this paper, we propose the Caesar approach through which we model the collective ethical decision-making process of a group of actors—agents and humans, as well as define the building blocks for the agents participating in such a process, namely Caesar agents. Factors such as trust, security, safety, and privacy, which affect the degree to which a collective decision is ethical, are explicitly captured in Caesar. Finally, we argue that modeling the collective decision-making in Caesar provides support for accountability. 

Place, publisher, year, edition, pages
Springer Nature, 2022
Keywords
Autonomous systems, Ethical decision-making, Multi-agent systems
National Category
Computer Sciences
Identifiers
urn:nbn:se:mdh:diva-61155 (URN)10.1007/s11948-022-00414-0 (DOI)000888724500002 ()2-s2.0-85142483228 (Scopus ID)
Available from: 2022-12-07 Created: 2022-12-07 Last updated: 2023-04-12Bibliographically approved
Leander, B., Markovic, T., Causevic, A., Lindström, T., Hansson, H. & Punnekkat, S. (2022). Simulation Environment for Modular Automation Systems. In: IECON 2022 – 48th Annual Conference of the IEEE Industrial Electronics Society: . Paper presented at IECON 2022 – 48th Annual Conference of the IEEE Industrial Electronics Society, Brussels, Belgium, 17-20 October, 2022. IEEE Computer Society
Open this publication in new window or tab >>Simulation Environment for Modular Automation Systems
Show others...
2022 (English)In: IECON 2022 – 48th Annual Conference of the IEEE Industrial Electronics Society, IEEE Computer Society, 2022Conference paper, Published paper (Refereed)
Abstract [en]

When developing products or performing experimental research studies, the simulation of physical or logical systems is of great importance for evaluation and verification purposes. For research-, and development-related distributed control systems, there is a need to simulate common physical environments with separate interconnected modules independently controlled, and orchestrated using standardized network communication protocols.The simulation environment presented in this paper is a bespoke solution precisely for these conditions, based on the Modular Automation design strategy. It allows easy configuration and combination of simple modules into complex production processes, with support for individual low-level control of modules, as well as recipe-orchestration for high-level coordination. The use of the environment is exemplified in a configuration of a modular ice-cream factory, used for cybersecurity-related research.

Place, publisher, year, edition, pages
IEEE Computer Society, 2022
National Category
Production Engineering, Human Work Science and Ergonomics
Identifiers
urn:nbn:se:mdh:diva-61281 (URN)10.1109/IECON49645.2022.9968835 (DOI)2-s2.0-85143885518 (Scopus ID)9781665480253 (ISBN)
Conference
IECON 2022 – 48th Annual Conference of the IEEE Industrial Electronics Society, Brussels, Belgium, 17-20 October, 2022
Available from: 2022-12-15 Created: 2022-12-15 Last updated: 2023-10-12Bibliographically approved
Leander, B., Causevic, A., Lindström, T. & Hansson, H. (2021). A Questionnaire Study on the Use of Access Control in Industrial Systems. In: 26th IEEE International Conference on Emerging Technologies and Factory Automation ETFA 2021: . Paper presented at 26th IEEE International Conference on Emerging Technologies and Factory Automation ETFA 2021, 07 Sep 2021, Västerås, Sweden. Västerås, Sweden
Open this publication in new window or tab >>A Questionnaire Study on the Use of Access Control in Industrial Systems
2021 (English)In: 26th IEEE International Conference on Emerging Technologies and Factory Automation ETFA 2021, Västerås, Sweden, 2021Conference paper, Published paper (Refereed)
Abstract [en]

Industrial systems have traditionally been kept isolated from external networks. However, business benefits are pushing for a convergence between the industrial systems and new information technology environments such as cloud computing, as well as higher level of connectivity between different systems. This makes cybersecurity a growing concern for industrial systems. In strengthening security, access control is a fundamental mechanisms for providing security in these systems. However, access control is relatively immature in traditional industrial systems, as compared to modern IT systems, and organizations’ adherence to an established cybersecurity standard or guideline can be a deciding factor for choices of access control techniques used. This paper presents the results of a questionnaire study on the usage of access control within industrial system that are being developed, serviced or operated by Swedish organizations, contrasted to their usage of cybersecurity standards and guidelines. To be precise, the article focuses on two fundamental requirements of cybersecurity: identification and authentication control, and presents related findings based on a survey of the Swedish industry.

Place, publisher, year, edition, pages
Västerås, Sweden: , 2021
National Category
Engineering and Technology Computer Systems
Identifiers
urn:nbn:se:mdh:diva-56749 (URN)10.1109/ETFA45728.2021.9613151 (DOI)000766992600005 ()2-s2.0-85122949386 (Scopus ID)978-1-7281-2989-1 (ISBN)
Conference
26th IEEE International Conference on Emerging Technologies and Factory Automation ETFA 2021, 07 Sep 2021, Västerås, Sweden
Projects
ARRAY - Automation Region Research AcademyInSecTT: Intelligent Secure Trustable Things
Available from: 2021-12-16 Created: 2021-12-16 Last updated: 2023-10-12Bibliographically approved
El Hachem, J., Lisova, E. & Causevic, A. (2021). Securing system-of-systems through a game theory approach. In: Proceedings of the ACM Symposium on Applied Computing: . Paper presented at 36th Annual ACM Symposium on Applied Computing, SAC 2021; Virtual, Online; South Korea; 22 March 2021 through 26 March 2021 (pp. 1443-1446). Association for Computing Machinery
Open this publication in new window or tab >>Securing system-of-systems through a game theory approach
2021 (English)In: Proceedings of the ACM Symposium on Applied Computing, Association for Computing Machinery , 2021, p. 1443-1446Conference paper, Published paper (Refereed)
Abstract [en]

Enabling System-of-Systems (SoS) security is an important activity when engineering SoS solutions like autonomous vehicles, provided that they are also highly safety-critical. An early analysis of such solutions caters for proper security architecture decisions, preventing potential high impact attacks and ensuring people's safety. However, SoS characteristics such as emergent behavior, makes security decision-making at the architectural level a challenging task. To tackle this challenge, it is essential to first address known vulnerabilities related to each CS, that an adversary may exploit to realize his attacks within the unknown SoS environment. In this paper we investigate how to use Game Theory (GT) approaches to guide the architect in choosing an appropriate security solution. We formulate a game with three players and their corresponding strategies and payoffs. The proposal is illustrated on an autonomous quarry example showing its usefulness in supporting a security architect to choose the the most suitable security strategy. 

Place, publisher, year, edition, pages
Association for Computing Machinery, 2021
Keywords
Autonomous systems, game theory, security by design, service oriented architecture, systems-of-systems
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-54221 (URN)10.1145/3412841.3442125 (DOI)001108757100186 ()2-s2.0-85104996198 (Scopus ID)9781450381048 (ISBN)
Conference
36th Annual ACM Symposium on Applied Computing, SAC 2021; Virtual, Online; South Korea; 22 March 2021 through 26 March 2021
Available from: 2021-05-17 Created: 2021-05-17 Last updated: 2024-01-24Bibliographically approved
Leander, B., Causevic, A., Hansson, H. & Lindstrom, T. (2021). Toward an Ideal Access Control Strategy for Industry 4.0 Manufacturing Systems. IEEE Access, 9, 114037-114050
Open this publication in new window or tab >>Toward an Ideal Access Control Strategy for Industry 4.0 Manufacturing Systems
2021 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 9, p. 114037-114050Article in journal (Refereed) Published
Abstract [en]

Industrial control systems control and supervise our most important and critical infrastructures, such as power utilities, clean water plants and nuclear plants, as well as the manufacturing industries at the base of our economy. These systems are currently undergoing a transformation driven by the Industry 4.0 evolution, characterized by increased connectivity and flexibility. Consequently, the cybersecurity threat landscape for industrial control systems is evolving as well. Current strategies used for access control within industrial control systems are relatively rudimentary. It is evident that some of the emerging cybersecurity threats related to Industry 4.0 could be better mitigated using more fine-grained access control policies. In this article we discuss and describe a number of access control strategies that could be used within manufacturing systems. We evaluate the strategies in a simulation experiment, using a number of attack-scenarios. Moreover, a method is outlined for automatic policy-generation based on engineering-data, which is aligned with one of the best performing strategies.

Place, publisher, year, edition, pages
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 2021
Keywords
Access control, Manufacturing, Manufacturing systems, Task analysis, Production, Process control, Computer security, cybersecurity, Industry 4, 0, modular automation
National Category
Embedded Systems
Identifiers
urn:nbn:se:mdh:diva-55824 (URN)10.1109/ACCESS.2021.3104649 (DOI)000686749800001 ()2-s2.0-85113335982 (Scopus ID)
Available from: 2021-09-09 Created: 2021-09-09 Last updated: 2023-10-12Bibliographically approved
Leander, B., Causevic, A. & Hansson, H. (2020). A Recipe-based Algorithm for Access Control in Modular Automation Systems. Västerås, Sweden: Mälardalen Real-Time Research Centre, Mälardalen University
Open this publication in new window or tab >>A Recipe-based Algorithm for Access Control in Modular Automation Systems
2020 (English)Report (Other academic)
Abstract [en]

In the emerging trend towards modular automation, a need for adaptive, strict access control between interacting components has been identified as a key challenge. In this article we discuss the need for such a functionality, and propose a workflow-driven method for automatic access control policies generation within a modular automation system. The solution is based on recipes, formulated using Sequential Function Charts (SFC). The generated policies are expressed using Next Generation Access Control (NGAC), an Attribute Based Access Control (ABAC) standard developed by NIST. We provide (1) a definition of required policies for device-to device interactions within a modular automation system, (2) an algorithm for automatic generation of access policies, (3) a formal proof of the correctness of this algorithm, and (4) an illustration of its use.

Place, publisher, year, edition, pages
Västerås, Sweden: Mälardalen Real-Time Research Centre, Mälardalen University, 2020
National Category
Engineering and Technology Computer Systems
Identifiers
urn:nbn:se:mdh:diva-50888 (URN)MDH-MRTC-333/2020-1-SE (ISRN)
Projects
ARRAY - Automation Region Research Academy
Available from: 2020-09-23 Created: 2020-09-23 Last updated: 2022-11-08Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0001-5293-3804

Search in DiVA

Show all publications