Access control for cyber-physical systems interconnected to the cloud

Computer Networks

Volumn 134, Issue , 2018, Pages 46-54

  Lopez, Javier ^a   Rubio, Juan E ^a  

^a UNIVERSITY OF MÁLAGA   (Spain)

Author keywords

Access; Cloud; Control; Cyber; Physical; Security; Systems

Indexed keywords

CLOUDS; COMPUTER SYSTEMS; CONTROL ENGINEERING; CYBER PHYSICAL SYSTEM; ECONOMIC AND SOCIAL EFFECTS; EMBEDDED SYSTEMS;

ACCESS; ACCESS CONTROL MECHANISM; CLOUD COMPUTING TECHNOLOGIES; CYBER; CYBER-PHYSICAL SYSTEMS (CPS); INDUSTRIAL ARCHITECTURE; PHYSICAL; SECURITY;

ACCESS CONTROL;

EID: 85041472618     PISSN: 13891286     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.comnet.2018.01.037     Document Type: Article

References (32)

1. Monostori, L., Kdr, B., Bauernhansl, T., Kondoh, S., Kumara, S., Reinhart, G., Sauer, O., Schuh, G., Sihn, W., Ueda, K., Cyber-physical systems in manufacturing. CIRP Ann. Manuf. Technol. 65:2 (2016), 621–641, 10.1016/j.cirp.2016.06.005.
2. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), Overview of cyber vulnerabilities, 2017, https://ics-cert.us-cert.gov/content/overview-cyber-vulnerabilities, last retrieved in May 2017.
3. Federal Office for Information Security, Industrial control system security: top 10 threats and countermeasures 2016, 2016, (https://www.allianz-fuer-cybersicherheit.de/ACS/DE/_/downloads/BSI-CS_005E.pdf?__blob=publicationFile&v=3, last retrieved in May 2017).
4. International Society of Automation, ISA-95 standard, 2017, (https://www.isa.org/isa95/, last retrieved in December 2017).
5. Younis, Y.A., Kifayat, K., Merabti, M., An access control model for cloud computing. J. Inf. Secur. Appl. 19:1 (2014), 45–60.
6. Hu, V.C., Kent, K.A., Guidelines for Access Control System Evaluation Metrics. 2012, US Department of Commerce, National Institute of Standards and Technology.
7. Sandhu, R.S., Samarati, P., Access control: principle and practice. IEEE Commun. Mag. 32:9 (1994), 40–48.
8. Lampson, B.W., Protection. ACM SIGOPS Oper. Syst. Rev. 8:1 (1974), 18–24.
9. Samarati, P., Di Vimercati, S.D.C., Access control: policies, models, and mechanisms. Lect. Notes Comput. Sci. 2171 (2001), 137–196.
10. Lindqvist, H., Mandatory access control, Master's Thesis in Computing Science, Umea University, Department of Computing Science, SE-901., 87, 2006.
11. Biba, K.J., Integrity considerations for secure computer systems. Technical report, 1977, MITRE CORP BEDFORD MA.
12. Ferraiolo, D., Cugini, J., Kuhn, D.R., Role-based access control (RBAC): features and motivations. Proceedings of the Eleventh Annual Computer Security Application Conference, 1995, 241–248.
13. B. Laurie, Access control (v0.1), 2017, (http://www.links.org/files/capabilities.pdf, last retrieved in May 2017).
14. Suhendra, V., A survey on access control deployment. International Conference on Security Technology, 2011, Springer, Berlin, Heidelberg, 11–20.
15. Munawer, Q., Administrative Models for Role-Based Access Control. 2000, George Mason University.
16. Vaidya, J., Atluri, V., Warner, J., Guo, Q., Role engineering via prioritized subset enumeration. IEEE Trans. Dependable Secur. Comput. 7:3 (2010), 300–314.
17. Frank, M., Buhmann, J.M., Basin, D., On the definition of role mining. Proceedings of the Fifteenth ACM Symposium on Access Control Models and Technologies, 2010, ACM, 35–44.
18. Al-Kahtani, M.A., Sandhu, R., A model for attribute-based user-role assignment. Proceedings of the Eighteenth Annual Computer Security Applications Conference, 2002, IEEE, 353–362.
19. Jin, X., Krishnan, R., Sandhu, R.S., A unified attribute-based access control model covering DAC, MAC and RBAC. DBSec 12 (2012), 41–55.
20. Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J., Formal model and policy specification of usage control. ACM Trans. Inf. Syst. Secur. 8:4 (2005), 351–387.
21. Gusmeroli, S., Piccione, S., Rotondi, D., A capability-based security approach to manage access control in the internet of things. Math. Comput. Model. 58:5 (2013), 1189–1205.
22. Cheng, P.-C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S., Fuzzy multi-level security: an experiment on quantified risk-adaptive access control. Proceedings of the IEEE Symposium on Security and Privacy, 2007, IEEE, 222–230.
23. Oh, S., Park, S., Task–role-based access control model. Inf. Syst. 28:6 (2003), 533–562.
24. Narayanan, H.A.J., Güneş, M.H., Ensuring access control in cloud provisioned healthcare systems. Proceedings of the Consumer Communications and Networking Conference (CCNC), 2011, IEEE, 247–251.
25. Oh, S., Park, S., Task-role based access control (T-RBAC): an improved access control model for enterprise environment. Proceedings of the International Conference on Database and Expert Systems Applications, 2000, Springer, 264–273.
26. Fischer-Hübner, S., IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms. 2001, Springer-Verlag.
27. Ni, Q., Bertino, E., Lobo, J., Brodie, C., Karat, C.-M., Karat, J., Trombeta, A., Privacy-aware role-based access control. ACM Trans. Inf. Syst. Secur., 13(3), 2010, 24.
28. Hernandez-Ramos, J.L., Jara, A.J., Marın, L., Skarmeta, A.F., Distributed capability-based access control for the internet of things. J. Internet Serv. Inf. Secur. 3:3/4 (2013), 1–16.
29. Hu, V.C., Kuhn, D.R., Ferraiolo, D.F., The computational complexity of enforceability validation for generic access control rules. Proceedings of the IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, 1, 2006, IEEE, 7–pp.
30. WG15 of IEC TC57, IEC 62351, 2007, (http://www.iec.ch/smartgrid/standards/, last retrieved in May 2017).
31. Stouffer, K.A., Falco, J.A., Scarfone, K.A., Guide to Industrial Control Systems (ICS) Security. 2013, Special Publication (NIST SP)-800-82 Rev 1.
32. Hu, V.C., Ferraiolo, D., Kuhn, D.R., Assessment of Access Control Systems. 2006, US Department of Commerce, National Institute of Standards and Technology.