https://www.mdu.se/

mdu.sePublications
Change search
Link to record
Permanent link

Direct link
Publications (10 of 16) Show all publications
Leander, B., Causevic, A., Lindström, T. & Hansson, H. (2024). Evaluation of an OPC UA-based access control enforcement architecture. In: International Workshops which were held in conjunction with 28th European Symposium on Research in Computer Security, ESORICS 2023. The Hague 25 September 2023 through 29 September 2023. Code 309159: . Paper presented at 28th European Symposium on Research in Computer Security, ESORICS 2023 (pp. 124-144). Springer Science+Business Media B.V.
Open this publication in new window or tab >>Evaluation of an OPC UA-based access control enforcement architecture
2024 (English)In: International Workshops which were held in conjunction with 28th European Symposium on Research in Computer Security, ESORICS 2023. The Hague 25 September 2023 through 29 September 2023. Code 309159, Springer Science+Business Media B.V., 2024, p. 124-144Conference paper, Published paper (Other academic)
Abstract [en]

Dynamic access control in industrial systems is becoming a concern of greater importance as a consequence of the increasingly flexible manufacturing systems developed within the Industry 4.0 paradigm. With the shift from control system security design based on implicit trust toward a zero-trust approach, fine grained access control is a fundamental requirement. In this article, we look at an access control enforcement architecture and authorization protocol outlined as part of the Open Process Communication Unified Automation (OPC UA) protocol that can allow sufficiently dynamic and fine-grained access control. We present an implementation, and evaluates a set of important quality metrics related to this implementation, as guidelines and considerations for introduction of this protocol in industrial settings. Two approaches for optimization of the authorization protocol are presented and evaluated, which more than halves the average connection establishment time compared to the initial approach.

Place, publisher, year, edition, pages
Springer Science+Business Media B.V., 2024
Series
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics, ISSN 03029743 ; 14398
Keywords
Access control enforcements, Control system security, Dynamic access control, Enforcement architectures, Fine grained, Implicit trusts, Industrial systems, Open process, Process communication, Security design
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-64507 (URN)10.1007/978-3-031-54204-6_7 (DOI)001207238300007 ()2-s2.0-85187776017 (Scopus ID)9783031542039 (ISBN)
Conference
28th European Symposium on Research in Computer Security, ESORICS 2023
Available from: 2023-10-11 Created: 2023-10-11 Last updated: 2024-05-15Bibliographically approved
Markovic, T., Leon, M., Leander, B. & Punnekkat, S. (2023). A Modular Ice Cream Factory Dataset on Anomalies in Sensors to Support Machine Learning Research in Manufacturing Systems. IEEE Access, 11, 29744-29758
Open this publication in new window or tab >>A Modular Ice Cream Factory Dataset on Anomalies in Sensors to Support Machine Learning Research in Manufacturing Systems
2023 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 11, p. 29744-29758Article in journal (Refereed) Published
Abstract [en]

A small deviation in manufacturing systems can cause huge economic losses, and all components and sensors in the system must be continuously monitored to provide an immediate response. The usual industrial practice is rather simplistic based on brute force checking of limited set of parameters often with pessimistic pre-defined bounds. The usage of appropriate machine learning techniques can be very valuable in this context to narrow down the set of parameters to monitor, define more refined bounds, and forecast impending issues. One of the factors hampering progress in this field is the lack of datasets that can realistically mimic the behaviours of manufacturing systems. In this paper, we propose a new dataset called MIDAS (Modular Ice cream factory Dataset on Anomalies in Sensors) to support machine learning research in analog sensor data. MIDAS is created using a modular manufacturing simulation environment that simulates the ice cream-making process. Using MIDAS, we evaluated four different supervised machine learning algorithms (Logistic Regression, Decision Tree, Random Forest, and Multilayer Perceptron) for two different problems: anomaly detection and anomaly classification. The results showed that multilayer perceptron is the most suitable algorithm with respect to model accuracy and execution time. We have made the data set and the code for the experiments publicly available, to enable interested researchers to enhance the state of the art by conducting further studies.

Place, publisher, year, edition, pages
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 2023
Keywords
Sensors, Temperature sensors, Anomaly detection, Mixers, Manufacturing systems, Behavioral sciences, Cooling, Artificial neural networks, Machine learning, Supervised learning, Anomaly classification, artificial neural network, manufacturing dataset, sensor data
National Category
Computer Sciences
Identifiers
urn:nbn:se:mdh:diva-62361 (URN)10.1109/ACCESS.2023.3252901 (DOI)000965953800001 ()2-s2.0-85149838041 (Scopus ID)
Available from: 2023-05-03 Created: 2023-05-03 Last updated: 2023-05-03Bibliographically approved
Leander, B., Causevic, A., Lindström, T. & Hansson, H. (2023). Access Control Enforcement Architectures for Dynamic Manufacturing Systems. In: Proc. - IEEE Int. Conf. Softw. Architecture, ICSA: . Paper presented at Proceedings - IEEE 20th International Conference on Software Architecture, ICSA 2023 (pp. 82-92). Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Access Control Enforcement Architectures for Dynamic Manufacturing Systems
2023 (English)In: Proc. - IEEE Int. Conf. Softw. Architecture, ICSA, Institute of Electrical and Electronics Engineers Inc. , 2023, p. 82-92Conference paper, Published paper (Refereed)
Abstract [en]

Industrial control systems are undergoing a trans-formation driven by business requirements as well as technical advances, aiming towards increased connectivity, flexibility and high level of modularity, that implies a need to revise existing cybersecurity measures. Access control, being one of the major security mechanisms in any system, is largely affected by these advances.In this article we investigate access control enforcement architectures, aiming at the principle of least privilege1 in dynamically changing access control scenarios of dynamic manufacturing systems. Several approaches for permission delegation of dynamic access control policy decisions are described. We present an implementation using the most promising combination of architecture and delegation mechanism for which available industrial standards are applicable.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2023
Keywords
Access Control, Cybersecurity, Dynamic Manufacturing, Industrial Automation and Control Systems
National Category
Control Engineering
Identifiers
urn:nbn:se:mdh:diva-62589 (URN)10.1109/ICSA56044.2023.00016 (DOI)000990536000008 ()2-s2.0-85159186538 (Scopus ID)9798350397499 (ISBN)
Conference
Proceedings - IEEE 20th International Conference on Software Architecture, ICSA 2023
Available from: 2023-05-29 Created: 2023-05-29 Last updated: 2023-10-12Bibliographically approved
Radonjic, I., Basic, E., Leander, B. & Markovic, T. (2023). An Authorization Service supporting Dynamic Access Control in Manufacturing Systems. In: 2023 IEEE World Forum on Internet of Things: The Blue Planet: A Marriage of Sea and Space, WF-IoT 2023: . Paper presented at 9th IEEE World Forum on Internet of Things, WF-IoT 2023, Online, Aveiro, Portugal, 12th-27th October, 2023. Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>An Authorization Service supporting Dynamic Access Control in Manufacturing Systems
2023 (English)In: 2023 IEEE World Forum on Internet of Things: The Blue Planet: A Marriage of Sea and Space, WF-IoT 2023, Institute of Electrical and Electronics Engineers (IEEE), 2023Conference paper, Published paper (Refereed)
Abstract [en]

Cybersecurity is of increasing importance in industrial automation systems. The use of fine-grained and intelligent access control is paramount in emerging manufacturing systems as implicit trust is no longer a viable assumption for interactions within industrial systems. An authorization service is a central component of an access control enforcement architecture, to which resource servers may outsource parts of the policy decision functionality. This paper investigates how to create and integrate an authorization service in an industrial manufacturing system, which uses workflow descriptions combined with operational system states for policy decisions. The implementation is demonstrated in the use case of recipe orchestration in a modular automation system, and a few key quality metrics of the authorization service are evaluated.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2023
Keywords
Authorization, Automation, Decision making, Authorization services, Central component, Cyber security, Dynamic access control, Fine grained, Implicit trusts, Industrial automation system, Industrial systems, Policy decisions, Service supporting, Quality control
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-67701 (URN)10.1109/WF-IoT58464.2023.10539491 (DOI)2-s2.0-85195421405 (Scopus ID)9798350311617 (ISBN)
Conference
9th IEEE World Forum on Internet of Things, WF-IoT 2023, Online, Aveiro, Portugal, 12th-27th October, 2023
Available from: 2024-06-20 Created: 2024-06-20 Last updated: 2024-06-20Bibliographically approved
Leander, B., Johansson, B., Lindström, T., Holmgren, O., Nolte, T. & Papadopoulos, A. (2023). Dependability and Security Aspects of Network-Centric Control. In: IEEE Int. Conf. Emerging Technol. Factory Autom., ETFA: . Paper presented at IEEE International Conference on Emerging Technologies and Factory Automation, ETFA. Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Dependability and Security Aspects of Network-Centric Control
Show others...
2023 (English)In: IEEE Int. Conf. Emerging Technol. Factory Autom., ETFA, Institute of Electrical and Electronics Engineers Inc. , 2023Conference paper, Published paper (Refereed)
Abstract [en]

Industrial automation and control systems are responsible for running our most important infrastructures, providing electricity and clean water, producing medicine and food, along with many other services and products we take for granted. The safe and secure operation of these systems is therefore of great importance.One of the emerging trends in industrial automation systems is the transition from static hierarchical controller-centric systems to flexible network-centric systems. This transition has a great impact on the characteristics of industrial automation systems. In this article we describe the network-centric design strategy for industrial automation systems and describe the impact on dependability and security aspects that this strategy brings, looking at both challenges and possibilities.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2023
Keywords
Automation, Network security, Clean waters, Emerging trends, Flexible networks, Hierarchical controllers, Industrial automation and control systems, Industrial automation system, Network-centric controls, Network-centric design, Network-centric system, Security aspects, Hierarchical systems
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-64705 (URN)10.1109/ETFA54631.2023.10275344 (DOI)2-s2.0-85175480429 (Scopus ID)9798350339918 (ISBN)
Conference
IEEE International Conference on Emerging Technologies and Factory Automation, ETFA
Available from: 2023-11-09 Created: 2023-11-09 Last updated: 2023-11-09Bibliographically approved
Opacin, S., Rizvanovic, L., Leander, B., Mubeen, S. & Causevic, A. (2023). Developing and Evaluating MQTT Connectivity for an Industrial Controller. In: Mediterranean Conf. Embed. Comput., MECO: . Paper presented at 12th Mediterranean Conference on Embedded Computing, MECO 2023. Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Developing and Evaluating MQTT Connectivity for an Industrial Controller
Show others...
2023 (English)In: Mediterranean Conf. Embed. Comput., MECO, Institute of Electrical and Electronics Engineers Inc. , 2023Conference paper, Published paper (Refereed)
Abstract [en]

Technical advances as well as continuously evolving business demands are reshaping the need for flexible connectivity in industrial control systems. A way to achieve such needs is by using a service-oriented approach, where a connectivity service middleware provides controller as well as protocol-specific interfaces. The Message Queuing Telemetry Transport (MQTT) protocol is a widely used protocol for device-to-device communication in the Internet of Things (IoT). However it is not commonly integrated in industrial control systems. To address this gap, this paper describes the development and implementation of a prototype of a connectivity service middleware for MQTT within an industrial private control network. The prototype implementation is done in the context of an industrial controller, and used in a simulated modular automation system. Furthermore, various deployment scenarios are evaluated with respect to response time and scalability of the connectivity service.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2023
Keywords
Automation, Control systems, Information services, Internet of things, Middleware, Business demands, Connectivity services, Device-to-Device communications, Industrial control systems, Industrial controllers, Service middlewares, Service-oriented approaches, Specific interface, Technical advances, Transport protocols, Controllers
National Category
Communication Systems
Identifiers
urn:nbn:se:mdh:diva-63917 (URN)10.1109/MECO58584.2023.10154921 (DOI)2-s2.0-85164948603 (Scopus ID)9798350322910 (ISBN)
Conference
12th Mediterranean Conference on Embedded Computing, MECO 2023
Available from: 2023-07-26 Created: 2023-07-26 Last updated: 2024-01-18Bibliographically approved
Leander, B. (2023). Dynamic Access Control for Industrial Systems. (Doctoral dissertation). Västerås: Mälardalen university
Open this publication in new window or tab >>Dynamic Access Control for Industrial Systems
2023 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Industrial automation and control systems (IACS) are taking care of our most important infrastructures, providing electricity and clean water, producing medicine and food, along with many other services and products we take for granted. The continuous, safe, and secure operation of such systems are obviously of great importance. Future iterations of IACS will look quite different from the ones we use today. Modular and flexible systems are emerging, powered by technical advances in areas such as artificial intelligence, cloud computing, and motivated by fluctuating market demands and faster innovation cycles. Design strategies for dynamic manufacturing are increasingly being adopted. These advances have a fundamental impact on industrial systems at component as well as architectural level. 

As a consequence of the changing operational requirements, the methods used for protection of industrial systems must be revisited and strengthened. This for example includes access control, which is one of the fundamental cyber­security mechanisms that is hugely affected by current developments within IACS. The methods currently used are static and coarse-grained and therefore not well suited for dynamic and flexible industrial systems. A transition in security model is required, from implicit trust towards zero-trust, supporting dynamic and fine-grained access control. 

This PhD thesis discusses access control for IACS in the age of Industry 4.0, focusing on dynamic and flexible manufacturing systems. The solutions pre­sented are applicable at machine-to-machine as well as human-to-machine in­teractions, using a zero-trust strategy. An investigation of the current state of practice for industrial access control is provided as a starting point for the work. Dynamic systems require equally dynamic access control policies, why several approaches on how dynamic access control can be achieved in indus­trial systems are developed and evaluated, covering strategies for policy for­mulations as well as mechanisms for authorization enforcement. 

Abstract [sv]

Vi tar för givet att det alltid ska finnas el, rent dricksvatten, mat och läkemedel. Många av våra grundläggande behov tillgodoses tack vare produkter som är beroende av industriella styrsystem. Att skyddas dessa system ifrån störningar är följaktligen ytterst viktigt. 

Vi är mitt i ett teknikskifte som brukar kallas "Industri 4.0" och som innebär att framtidens industriella system kommer skilja sig avsevärt ifrån dagens. Förän­dringen drivs bland annat av nya krav och förväntningar, exempelvis på ko­rtare tid mellan ide och produktion, möjlighet att anpassa produktionen till snabba marknadsförändringar och tillverkning av individuellt anpassade pro­dukter. Flexibla och skalbara lösningar krävs för att kunna uppfylla dessa krav, till skillnad från dagens system som i allmänhet är utvecklade för massproduk­tion av en specifik produkt. 

Detta påverkar såväl hur produktionssystemen konstrueras som designen av varje ingående komponent. En konsekvens är att metoderna som används för att skydda dagens system måste anpassas och stärkas för att möta framtidens utmaningar. En grundläggande sådan säkerhetsfunktion är behörighetshanter­ing. Nuvarande behörighetshantering är inte tillräckligt flexibel och därmed dåligt anpassad till morgondagens dynamiska system. 

I denna doktorsavhandling undersöks behörighetshantering för framtidens industriella system, med fokus på de dynamiska produktionssystem som behövs för att uppfylla kraven kopplade till Industri 4.0. Med utgångspunkt från en enkätundersökning analyseras dagsläget. Förslag på flera olika tillvägagångssätt för dynamisk behörighetshantering presenteras och utvärderas, såväl med avseende på hur sådana regler kan formuleras som på hur de ska kunna upprätthållas. 

Place, publisher, year, edition, pages
Västerås: Mälardalen university, 2023. p. 222
Series
Mälardalen University Press Dissertations, ISSN 1651-4238 ; 391
Keywords
Cybersecurity, Industrial Automation and Control Systems, Industry 4.0, Access Control
National Category
Communication Systems Computer Systems Control Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-64527 (URN)978-91-7485-616-3 (ISBN)
Public defence
2023-12-08, Beta, Mälardalens universitet, Västerås, 13:00 (English)
Opponent
Supervisors
Projects
ARRAYInSecTT
Funder
EU, Horizon 2020, 876038Knowledge Foundation, ARRAY
Available from: 2023-10-12 Created: 2023-10-12 Last updated: 2023-11-17Bibliographically approved
Leander, B., Markovic, T. & Leon, M. (2023). Enhanced Simulation Environment to Support Research in Modular Manufacturing Systems. In: IECON Proc: . Paper presented at IECON Proceedings (Industrial Electronics Conference). IEEE Computer Society
Open this publication in new window or tab >>Enhanced Simulation Environment to Support Research in Modular Manufacturing Systems
2023 (English)In: IECON Proc, IEEE Computer Society , 2023Conference paper, Published paper (Refereed)
Abstract [en]

Modular automation provides a challenge for traditional physics simulators, especially if they are used as a simulator in the loop of a development or research project looking at behavior from a systems level. In this paper, we present extensions of a previously developed simulation environment that is tailored to provide these characteristics. The extensions include simulation engine level improvements, such as including better modeling of the material flow, and sensor anomaly injections to model sensor faults or tampering, as well as system-level enhancements and functionality including certificate handling and anomaly detection methods using machine learning. This simulation environment has proven useful for education as well as research and engineering work, and with the provided extensions several new directions of use can be envisioned. The system is demonstrated in the use case of a modular ice-cream factory, including all the new and enhanced functionalities.

Place, publisher, year, edition, pages
IEEE Computer Society, 2023
Keywords
Anomaly detection, Engineering research, Materials handling, Anomaly detection methods, Engineering works, Machine-learning, Material Flow, Model sensors, Modulars, Sensors faults, Simulation engine, Simulation environment, System levels, Industrial research
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-65151 (URN)10.1109/IECON51785.2023.10311913 (DOI)2-s2.0-85179184526 (Scopus ID)9798350331820 (ISBN)
Conference
IECON Proceedings (Industrial Electronics Conference)
Available from: 2023-12-21 Created: 2023-12-21 Last updated: 2023-12-21Bibliographically approved
Dao, V.-L. & Leander, B. (2022). Anomaly Attack Detection in Wireless Networks Using DCNN. In: 2022 IEEE 8th World Forum on Internet of Things, WF-IoT 2022: . Paper presented at 8th IEEE World Forum on Internet of Things, WF-IoT 2022, Online, Yokohama, Japan, 26 October 2022 through 11 November 2022. Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Anomaly Attack Detection in Wireless Networks Using DCNN
2022 (English)In: 2022 IEEE 8th World Forum on Internet of Things, WF-IoT 2022, Institute of Electrical and Electronics Engineers Inc. , 2022Conference paper, Published paper (Refereed)
Abstract [en]

The use of wireless devices in industrial sectors has increased due to its various advantages related to cost and flexibility. However, legitimate wireless communication systems are vulnerable to cybersecurity attacks, due to its inherent open nature. Detection of rogue devices therefore plays a crucial role in critical wireless applications. In this paper we design a deep convolutional neural network (DCNN) to classify legitimate and rogue devices using raw IQ samples as input data. An algorithm is presented to find the optimal number of convolutional layers and number of filters for each layer under an accuracy constraint, in order to enable fast prediction time. Furthermore, we investigate how wireless channel models affect the accuracy and prediction time of the designed DCNN model. Our obtained results are benchmarked against previous DCNN models. Moreover, we discuss how the systems should react to a detected rogue device, considering the IEC 62443 standard.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2022
Keywords
deep learning, finger-printing, IEC 62443, rogue device detection, Anomaly detection, Convolution, Cybersecurity, Deep neural networks, Neural network models, Wireless networks, Attack detection, Convolutional neural network, Finger printing, Industrial sector, Neural network model, Prediction time, Wireless devices, Convolutional neural networks
National Category
Computer Sciences
Identifiers
urn:nbn:se:mdh:diva-63902 (URN)10.1109/WF-IoT54382.2022.10152227 (DOI)001017754700120 ()2-s2.0-85164147423 (Scopus ID)9781665491532 (ISBN)
Conference
8th IEEE World Forum on Internet of Things, WF-IoT 2022, Online, Yokohama, Japan, 26 October 2022 through 11 November 2022
Available from: 2023-07-19 Created: 2023-07-19 Last updated: 2023-12-04Bibliographically approved
Leander, B., Markovic, T., Causevic, A., Lindström, T., Hansson, H. & Punnekkat, S. (2022). Simulation Environment for Modular Automation Systems. In: IECON 2022 – 48th Annual Conference of the IEEE Industrial Electronics Society: . Paper presented at IECON 2022 – 48th Annual Conference of the IEEE Industrial Electronics Society, Brussels, Belgium, 17-20 October, 2022. IEEE Computer Society
Open this publication in new window or tab >>Simulation Environment for Modular Automation Systems
Show others...
2022 (English)In: IECON 2022 – 48th Annual Conference of the IEEE Industrial Electronics Society, IEEE Computer Society, 2022Conference paper, Published paper (Refereed)
Abstract [en]

When developing products or performing experimental research studies, the simulation of physical or logical systems is of great importance for evaluation and verification purposes. For research-, and development-related distributed control systems, there is a need to simulate common physical environments with separate interconnected modules independently controlled, and orchestrated using standardized network communication protocols.The simulation environment presented in this paper is a bespoke solution precisely for these conditions, based on the Modular Automation design strategy. It allows easy configuration and combination of simple modules into complex production processes, with support for individual low-level control of modules, as well as recipe-orchestration for high-level coordination. The use of the environment is exemplified in a configuration of a modular ice-cream factory, used for cybersecurity-related research.

Place, publisher, year, edition, pages
IEEE Computer Society, 2022
National Category
Production Engineering, Human Work Science and Ergonomics
Identifiers
urn:nbn:se:mdh:diva-61281 (URN)10.1109/IECON49645.2022.9968835 (DOI)2-s2.0-85143885518 (Scopus ID)9781665480253 (ISBN)
Conference
IECON 2022 – 48th Annual Conference of the IEEE Industrial Electronics Society, Brussels, Belgium, 17-20 October, 2022
Available from: 2022-12-15 Created: 2022-12-15 Last updated: 2023-10-12Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-2488-5774

Search in DiVA

Show all publications