The specification and verification of access control policies are fundamental steps in the process of securing industrial control systems and critical infrastructures. The focus of this paper is on bridging the semantic gap between high-level access control policies specified in the Role-Based Access Control (RBAC) framework and the low-level security mechanisms actually implemented in the physical system. Our approach is based on a novel kind of model, which includes two distinct views of the system, namely an RBAC-based specification and a low-level system description. The descriptive capabilities of the model are presented through an example derived from a real prototype plant for printed circuit boards re-manufacturing/de-manufacturing.
On the Description of Access Control Policies in Networked Industrial Systems
M Cheminod;L Durante;L Seno;A Valenzano
2014
Abstract
The specification and verification of access control policies are fundamental steps in the process of securing industrial control systems and critical infrastructures. The focus of this paper is on bridging the semantic gap between high-level access control policies specified in the Role-Based Access Control (RBAC) framework and the low-level security mechanisms actually implemented in the physical system. Our approach is based on a novel kind of model, which includes two distinct views of the system, namely an RBAC-based specification and a low-level system description. The descriptive capabilities of the model are presented through an example derived from a real prototype plant for printed circuit boards re-manufacturing/de-manufacturing.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
