https://www.mdu.se/

mdu.sePublikationer
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Dynamic Access Control for Industrial Systems
Mälardalens universitet, Akademin för innovation, design och teknik, Inbyggda system. ABB AB, Sweden.ORCID-id: 0000-0003-2488-5774
2023 (Engelska)Doktorsavhandling, sammanläggning (Övrigt vetenskapligt)
Abstract [en]

Industrial automation and control systems (IACS) are taking care of our most important infrastructures, providing electricity and clean water, producing medicine and food, along with many other services and products we take for granted. The continuous, safe, and secure operation of such systems are obviously of great importance. Future iterations of IACS will look quite different from the ones we use today. Modular and flexible systems are emerging, powered by technical advances in areas such as artificial intelligence, cloud computing, and motivated by fluctuating market demands and faster innovation cycles. Design strategies for dynamic manufacturing are increasingly being adopted. These advances have a fundamental impact on industrial systems at component as well as architectural level. 

As a consequence of the changing operational requirements, the methods used for protection of industrial systems must be revisited and strengthened. This for example includes access control, which is one of the fundamental cyber­security mechanisms that is hugely affected by current developments within IACS. The methods currently used are static and coarse-grained and therefore not well suited for dynamic and flexible industrial systems. A transition in security model is required, from implicit trust towards zero-trust, supporting dynamic and fine-grained access control. 

This PhD thesis discusses access control for IACS in the age of Industry 4.0, focusing on dynamic and flexible manufacturing systems. The solutions pre­sented are applicable at machine-to-machine as well as human-to-machine in­teractions, using a zero-trust strategy. An investigation of the current state of practice for industrial access control is provided as a starting point for the work. Dynamic systems require equally dynamic access control policies, why several approaches on how dynamic access control can be achieved in indus­trial systems are developed and evaluated, covering strategies for policy for­mulations as well as mechanisms for authorization enforcement. 

Abstract [sv]

Vi tar för givet att det alltid ska finnas el, rent dricksvatten, mat och läkemedel. Många av våra grundläggande behov tillgodoses tack vare produkter som är beroende av industriella styrsystem. Att skyddas dessa system ifrån störningar är följaktligen ytterst viktigt. 

Vi är mitt i ett teknikskifte som brukar kallas "Industri 4.0" och som innebär att framtidens industriella system kommer skilja sig avsevärt ifrån dagens. Förän­dringen drivs bland annat av nya krav och förväntningar, exempelvis på ko­rtare tid mellan ide och produktion, möjlighet att anpassa produktionen till snabba marknadsförändringar och tillverkning av individuellt anpassade pro­dukter. Flexibla och skalbara lösningar krävs för att kunna uppfylla dessa krav, till skillnad från dagens system som i allmänhet är utvecklade för massproduk­tion av en specifik produkt. 

Detta påverkar såväl hur produktionssystemen konstrueras som designen av varje ingående komponent. En konsekvens är att metoderna som används för att skydda dagens system måste anpassas och stärkas för att möta framtidens utmaningar. En grundläggande sådan säkerhetsfunktion är behörighetshanter­ing. Nuvarande behörighetshantering är inte tillräckligt flexibel och därmed dåligt anpassad till morgondagens dynamiska system. 

I denna doktorsavhandling undersöks behörighetshantering för framtidens industriella system, med fokus på de dynamiska produktionssystem som behövs för att uppfylla kraven kopplade till Industri 4.0. Med utgångspunkt från en enkätundersökning analyseras dagsläget. Förslag på flera olika tillvägagångssätt för dynamisk behörighetshantering presenteras och utvärderas, såväl med avseende på hur sådana regler kan formuleras som på hur de ska kunna upprätthållas. 

Ort, förlag, år, upplaga, sidor
Västerås: Mälardalen university , 2023. , s. 222
Serie
Mälardalen University Press Dissertations, ISSN 1651-4238 ; 391
Nyckelord [en]
Cybersecurity, Industrial Automation and Control Systems, Industry 4.0, Access Control
Nationell ämneskategori
Kommunikationssystem Datorsystem Reglerteknik
Forskningsämne
datavetenskap
Identifikatorer
URN: urn:nbn:se:mdh:diva-64527ISBN: 978-91-7485-616-3 (tryckt)OAI: oai:DiVA.org:mdh-64527DiVA, id: diva2:1804331
Disputation
2023-12-08, Beta, Mälardalens universitet, Västerås, 13:00 (Engelska)
Opponent
Handledare
Projekt
ARRAYInSecTT
Forskningsfinansiär
EU, Horisont 2020, 876038KK-stiftelsen, ARRAYTillgänglig från: 2023-10-12 Skapad: 2023-10-12 Senast uppdaterad: 2023-11-17Bibliografiskt granskad
Delarbeten
1. An Authorization Service supporting Dynamic Access Control in Manufacturing Systems
Öppna denna publikation i ny flik eller fönster >>An Authorization Service supporting Dynamic Access Control in Manufacturing Systems
(Engelska)Manuskript (preprint) (Övrigt vetenskapligt)
Nationell ämneskategori
Datorsystem
Identifikatorer
urn:nbn:se:mdh:diva-64508 (URN)
Tillgänglig från: 2023-10-11 Skapad: 2023-10-11 Senast uppdaterad: 2023-10-12Bibliografiskt granskad
2. Simulation Environment for Modular Automation Systems
Öppna denna publikation i ny flik eller fönster >>Simulation Environment for Modular Automation Systems
Visa övriga...
2022 (Engelska)Ingår i: IECON 2022 – 48th Annual Conference of the IEEE Industrial Electronics Society, IEEE Computer Society, 2022Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

When developing products or performing experimental research studies, the simulation of physical or logical systems is of great importance for evaluation and verification purposes. For research-, and development-related distributed control systems, there is a need to simulate common physical environments with separate interconnected modules independently controlled, and orchestrated using standardized network communication protocols.The simulation environment presented in this paper is a bespoke solution precisely for these conditions, based on the Modular Automation design strategy. It allows easy configuration and combination of simple modules into complex production processes, with support for individual low-level control of modules, as well as recipe-orchestration for high-level coordination. The use of the environment is exemplified in a configuration of a modular ice-cream factory, used for cybersecurity-related research.

Ort, förlag, år, upplaga, sidor
IEEE Computer Society, 2022
Nationell ämneskategori
Produktionsteknik, arbetsvetenskap och ergonomi
Identifikatorer
urn:nbn:se:mdh:diva-61281 (URN)10.1109/IECON49645.2022.9968835 (DOI)2-s2.0-85143885518 (Scopus ID)9781665480253 (ISBN)
Konferens
IECON 2022 – 48th Annual Conference of the IEEE Industrial Electronics Society, Brussels, Belgium, 17-20 October, 2022
Tillgänglig från: 2022-12-15 Skapad: 2022-12-15 Senast uppdaterad: 2023-10-12Bibliografiskt granskad
3. Evaluation of an OPC UA-based access control enforcement architecture
Öppna denna publikation i ny flik eller fönster >>Evaluation of an OPC UA-based access control enforcement architecture
2024 (Engelska)Ingår i: International Workshops which were held in conjunction with 28th European Symposium on Research in Computer Security, ESORICS 2023. The Hague 25 September 2023 through 29 September 2023. Code 309159, Springer Science+Business Media B.V., 2024, s. 124-144Konferensbidrag, Publicerat paper (Övrigt vetenskapligt)
Abstract [en]

Dynamic access control in industrial systems is becoming a concern of greater importance as a consequence of the increasingly flexible manufacturing systems developed within the Industry 4.0 paradigm. With the shift from control system security design based on implicit trust toward a zero-trust approach, fine grained access control is a fundamental requirement. In this article, we look at an access control enforcement architecture and authorization protocol outlined as part of the Open Process Communication Unified Automation (OPC UA) protocol that can allow sufficiently dynamic and fine-grained access control. We present an implementation, and evaluates a set of important quality metrics related to this implementation, as guidelines and considerations for introduction of this protocol in industrial settings. Two approaches for optimization of the authorization protocol are presented and evaluated, which more than halves the average connection establishment time compared to the initial approach.

Ort, förlag, år, upplaga, sidor
Springer Science+Business Media B.V., 2024
Serie
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics, ISSN 03029743 ; 14398
Nyckelord
Access control enforcements, Control system security, Dynamic access control, Enforcement architectures, Fine grained, Implicit trusts, Industrial systems, Open process, Process communication, Security design
Nationell ämneskategori
Datorsystem
Identifikatorer
urn:nbn:se:mdh:diva-64507 (URN)10.1007/978-3-031-54204-6_7 (DOI)001207238300007 ()2-s2.0-85187776017 (Scopus ID)9783031542039 (ISBN)
Konferens
28th European Symposium on Research in Computer Security, ESORICS 2023
Tillgänglig från: 2023-10-11 Skapad: 2023-10-11 Senast uppdaterad: 2024-05-15Bibliografiskt granskad
4. Access Control Enforcement Architectures for Dynamic Manufacturing Systems
Öppna denna publikation i ny flik eller fönster >>Access Control Enforcement Architectures for Dynamic Manufacturing Systems
2023 (Engelska)Ingår i: Proc. - IEEE Int. Conf. Softw. Architecture, ICSA, Institute of Electrical and Electronics Engineers Inc. , 2023, s. 82-92Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Industrial control systems are undergoing a trans-formation driven by business requirements as well as technical advances, aiming towards increased connectivity, flexibility and high level of modularity, that implies a need to revise existing cybersecurity measures. Access control, being one of the major security mechanisms in any system, is largely affected by these advances.In this article we investigate access control enforcement architectures, aiming at the principle of least privilege1 in dynamically changing access control scenarios of dynamic manufacturing systems. Several approaches for permission delegation of dynamic access control policy decisions are described. We present an implementation using the most promising combination of architecture and delegation mechanism for which available industrial standards are applicable.

Ort, förlag, år, upplaga, sidor
Institute of Electrical and Electronics Engineers Inc., 2023
Nyckelord
Access Control, Cybersecurity, Dynamic Manufacturing, Industrial Automation and Control Systems
Nationell ämneskategori
Reglerteknik
Identifikatorer
urn:nbn:se:mdh:diva-62589 (URN)10.1109/ICSA56044.2023.00016 (DOI)000990536000008 ()2-s2.0-85159186538 (Scopus ID)9798350397499 (ISBN)
Konferens
Proceedings - IEEE 20th International Conference on Software Architecture, ICSA 2023
Tillgänglig från: 2023-05-29 Skapad: 2023-05-29 Senast uppdaterad: 2023-10-12Bibliografiskt granskad
5. A Questionnaire Study on the Use of Access Control in Industrial Systems
Öppna denna publikation i ny flik eller fönster >>A Questionnaire Study on the Use of Access Control in Industrial Systems
2021 (Engelska)Ingår i: 26th IEEE International Conference on Emerging Technologies and Factory Automation ETFA 2021, Västerås, Sweden, 2021Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Industrial systems have traditionally been kept isolated from external networks. However, business benefits are pushing for a convergence between the industrial systems and new information technology environments such as cloud computing, as well as higher level of connectivity between different systems. This makes cybersecurity a growing concern for industrial systems. In strengthening security, access control is a fundamental mechanisms for providing security in these systems. However, access control is relatively immature in traditional industrial systems, as compared to modern IT systems, and organizations’ adherence to an established cybersecurity standard or guideline can be a deciding factor for choices of access control techniques used. This paper presents the results of a questionnaire study on the usage of access control within industrial system that are being developed, serviced or operated by Swedish organizations, contrasted to their usage of cybersecurity standards and guidelines. To be precise, the article focuses on two fundamental requirements of cybersecurity: identification and authentication control, and presents related findings based on a survey of the Swedish industry.

Ort, förlag, år, upplaga, sidor
Västerås, Sweden: , 2021
Nationell ämneskategori
Teknik och teknologier Datorsystem
Identifikatorer
urn:nbn:se:mdh:diva-56749 (URN)10.1109/ETFA45728.2021.9613151 (DOI)000766992600005 ()2-s2.0-85122949386 (Scopus ID)978-1-7281-2989-1 (ISBN)
Konferens
26th IEEE International Conference on Emerging Technologies and Factory Automation ETFA 2021, 07 Sep 2021, Västerås, Sweden
Projekt
ARRAY - Automation Region Research AcademyInSecTT: Intelligent Secure Trustable Things
Tillgänglig från: 2021-12-16 Skapad: 2021-12-16 Senast uppdaterad: 2023-10-12Bibliografiskt granskad
6. Toward an Ideal Access Control Strategy for Industry 4.0 Manufacturing Systems
Öppna denna publikation i ny flik eller fönster >>Toward an Ideal Access Control Strategy for Industry 4.0 Manufacturing Systems
2021 (Engelska)Ingår i: IEEE Access, E-ISSN 2169-3536, Vol. 9, s. 114037-114050Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Industrial control systems control and supervise our most important and critical infrastructures, such as power utilities, clean water plants and nuclear plants, as well as the manufacturing industries at the base of our economy. These systems are currently undergoing a transformation driven by the Industry 4.0 evolution, characterized by increased connectivity and flexibility. Consequently, the cybersecurity threat landscape for industrial control systems is evolving as well. Current strategies used for access control within industrial control systems are relatively rudimentary. It is evident that some of the emerging cybersecurity threats related to Industry 4.0 could be better mitigated using more fine-grained access control policies. In this article we discuss and describe a number of access control strategies that could be used within manufacturing systems. We evaluate the strategies in a simulation experiment, using a number of attack-scenarios. Moreover, a method is outlined for automatic policy-generation based on engineering-data, which is aligned with one of the best performing strategies.

Ort, förlag, år, upplaga, sidor
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 2021
Nyckelord
Access control, Manufacturing, Manufacturing systems, Task analysis, Production, Process control, Computer security, cybersecurity, Industry 4, 0, modular automation
Nationell ämneskategori
Inbäddad systemteknik
Identifikatorer
urn:nbn:se:mdh:diva-55824 (URN)10.1109/ACCESS.2021.3104649 (DOI)000686749800001 ()2-s2.0-85113335982 (Scopus ID)
Tillgänglig från: 2021-09-09 Skapad: 2021-09-09 Senast uppdaterad: 2023-10-12Bibliografiskt granskad

Open Access i DiVA

fulltext(9445 kB)207 nedladdningar
Filinformation
Filnamn FULLTEXT02.pdfFilstorlek 9445 kBChecksumma SHA-512
873e8f61605e494a2749e911a9f58aa119898c619cb60f754758a46a3af17fe7b5069dcfd4c1cb7af1f17aa610ab6f45884f43a568fc65157af692bffc9e9884
Typ fulltextMimetyp application/pdf

Person

Leander, Björn

Sök vidare i DiVA

Av författaren/redaktören
Leander, Björn
Av organisationen
Inbyggda system
KommunikationssystemDatorsystemReglerteknik

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 208 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

isbn
urn-nbn

Altmetricpoäng

isbn
urn-nbn
Totalt: 1527 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf