Skip to main content
SpringerLink
Log in

Dynamic Access Control in Industry 4.0 Systems

  • Chapter
  • First Online:
Digital Transformation

Abstract

Industry 4.0 enacts ad-hoc cooperation between machines, humans, and organizations in supply and production chains. The cooperation goes beyond rigid hierarchical process structures and increases the levels of efficiency, customization, and individualisation of end-products. Efficient processing and cooperation requires exploiting various sensorand process data and sharing them across various entities including computer systems, machines, mobile devices, humans, and organisations. Access control is a common security mechanism to control data sharing between involved parties. However, access control to virtual resources is not sufficient in presence of Industry 4.0 because physical access has a considerable effect on the protection of information and systems. In addition, access control mechanisms have to become capable of handling dynamically changing situations arising from ad-hoc horizontal cooperation or changes in the environment of Industry 4.0 systems. Established access control mechanisms do not consider dynamic changes and the combination with physical access control yet. Approaches trying to address these shortcomings exist but often do not consider how to get information such as the sensitivity of exchanged information. This chapter proposes a novel approach to control physical and virtual access tied to the dynamics of custom product engineering, hence, establishing confidentiality in ad-hoc horizontal processes. The approach combines static design-time analyses to discover data properties with a dynamic runtime access control approach that evaluates policies protecting virtual and physical assets. The runtime part uses data properties derived from the static design-time analysis, as well as the environment or system status to decide about access.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    As the exact position of a worker outside the factory can be potentially very sensitive information, in our implementation we are using abstracted values like close, far, etc.

  2. 2.

    https://github.com/Trust40-Project/Palladio-Addons-DataProcessing-MetaModel

  3. 3.

    https://github.com/Trust40-Project/Palladio-Addons-DataProcessing-Editor

  4. 4.

    https://github.com/Trust40-Project/Palladio-Addons-DataProcessing-PrologModel

  5. 5.

    https://github.com/Trust40-Project/Palladio-Addons-DataProcessing-AnalysisTransformation

  6. 6.

    https://github.com/Trust40-Project/Palladio-Addons-DataProcessing-PrologModel/tree/master/bundles/org.palladiosimulator.pcm.dataprocessing.prolog.transformation

  7. 7.

    https://fluidtrust.ipd.kit.edu

References

  1. Amir Shayan Ahmadian et al. “Model-Based Privacy Analysis in Industrial Ecosystems”. In: Modelling Foundations and Applications - 13th European Conference, ECMFA@STAF 2017, Marburg, Germany, July 19–20, 2017, Proceedings. Ed. by Anthony Anjorin and Huáscar Espinoza. Vol. 10376. Lecture Notes in Computer Science. Springer, 2017, pp. 215–231. https://doi.org/10.1007/978-3-319-61482-3_13.

  2. Wolfgang Ahrendt et al., eds. Deductive Software Verification - The KeY Book - From Theory to Practice. Vol. 10001. Lecture Notes in Computer Science. Springer, 2016. ISBN: 978-3-319-49811-9. https://doi.org/10.1007/978-3-319-49812-6.

  3. Rima Al Ali et al. “Dynamic security rules for legacy systems”. In: Proceedings of the 13th European Conference on Software Architecture, ECSA 2019, Paris, France, September 9–13, 2019, Companion Proceedings (Proceedings Volume 2), ed. by Laurence Duchien et al. ACM, 2019, pp. 277–284. https://doi.org/10.1145/3344948.3344974.

  4. Rima Al Ali et al. “Toward autonomically composable and context-dependent access control specification through ensembles”. In: Int. J. Softw. Tools Technol. Transf. 22.4 (2020), pp. 511–522. https://doi.org/10.1007/s10009-020-00556-1.

  5. Christopher Bailey, David W. Chadwick, and Rogério de Lemos. “Selfadaptive federated authorization infrastructures”. In: J. Comput. Syst. Sci. 80.5 (2014), pp. 935–952. https://doi.org/10.1016/j.jcss.2014.02.003.

  6. Steffen Becker, Heiko Koziolek, and Ralf H. Reussner. “The Palladio component model for model-driven performance prediction”. In: J. Syst. Softw. 82.1 (2009), pp. 3–22. https://doi.org/10.1016/j.jss.2008.03.066.

  7. Franz Brosch et al. “Architecture-Based Reliability Prediction with the Palladio Component Model”. In: IEEE Trans. Software Eng. 38.6 (2012), pp. 1319–1339. https://doi.org/10.1109/TSE.2011.94.

  8. Lubomír Bulej et al. “IVIS: Highly customizable framework for visualization and processing of IoT data”. In: 46th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2020, Portoroz, Slovenia, August 26–28, 2020. IEEE, 2020, pp. 585–588. https://doi.org/10.1109/SEAA51224.2020.00095.

  9. Frédéric Cuppens and Alexandre Miège. “Modelling Contexts in the Or- BAC Model”. In: 19th Annual Computer Security Applications Conference (ACSAC 2003), 8–12 December 2003, Las Vegas, NV, USA. IEEE Computer Society, 2003, pp. 416–425. https://doi.org/10.1109/CSAC.2003.1254346.

  10. Mohammad Dastbaz. “Industry 4.0 (i4.0): The Hype, the Reality, and the Challenges Ahead”. In: Industry 4.0 and Engineering for a Sustainable Future. Ed. by Mohammad Dastbaz and Peter Cochrane. Cham: Springer International Publishing, 2019, pp. 1–11. ISBN: 978-3-030-12953-8. https://doi.org/10.1007/978-3-030-12953-8_1.

  11. Jyoti Deogirikar and Amarsinh Vidhate. “Security attacks in IoT: A survey”. In: 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC). 2017, pp. 32–37. https://doi.org/10.1109/I-SMAC.2017.8058363.

  12. David F. Ferraiolo et al. Policy Machine: Features, Architecture, and Specification. en. Tech. rep. NIST IR 7987r1. National Institute of Standards and Technology, Oct. 2015, NIST IR 7987r1. https://doi.org/10.6028/NIST.IR.7987r1.

  13. David F. Ferraiolo et al. “Proposed NIST standard for role-based access control”. In: ACM Trans. Inf. Syst. Secur. 4.3 (2001), pp. 224–274. https://doi.org/10.1145/501978.501980.

  14. Steven Furnell, ed. Securing information and communications systems: principles, technologies, and applications. en. Artech House computer security series. Boston: Artech House, 2008. ISBN: 978-1-59693-228-9.

    Google Scholar 

  15. Sebastian Hahner et al. “Modeling Data Flow Constraints for Design-Time Confidentiality Analysis”. In: 18th IEEE International Conference on Software Architecture Companion, ICSA Companion 2021, Stuttgart, Germany, March 22–26, 2021. IEEE, 2021, pp. 15–21. https://doi.org/10.1109/ICSA-C52384.2021.00009.

  16. Vincent C. Hu, D. Richard Kuhn, and David F. Ferraiolo. “Attribute- Based Access Control”. In: Computer 48.2 (2015), pp. 85–88. https://doi.org/10.1109/MC.2015.33.

  17. Jan Jürjens. Secure systems development with UML. Springer, 2005. ISBN: 978-3-540-00701-2. https://doi.org/10.1007/b137706.

  18. Anas Abou El Kalam et al. “Organization based access contro”. In: 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), 4–6 June 2003, Lake Como, Italy. IEEE Computer Society, 2003, p. 120. https://doi.org/10.1109/POLICY.2003.1206966.

  19. Kuzman Katkalov et al. “Model-Driven Development of Information Flow- Secure Systems with IFlow”. In: International Conference on Social Computing (SocialCom’13). IEEE Computer Society, 2013, pp. 51–56. https://doi.org/10.1109/SocialCom.2013.14.

  20. Jeffrey O. Kephart and David M. Chess. “The Vision of Autonomic Computing”. In: Computer 36.1 (2003), pp. 41–50. https://doi.org/10.1109/MC.2003.1160055.

  21. Torsten Lodderstedt, David A. Basin, and Jürgen Doser. “SecureUML: A UML-Based Modeling Language for Model-Driven Security”. In: UML 2002 - The Unified Modeling Language, 5th International Conference, Dresden, Germany, September 30–October 4, 2002, Proceedings. Ed. by Jean-Marc Jézéquel, Heinrich Hußmann, and Stephen Cook. Vol. 2460. Lecture Notes in Computer Science. Springer, 2002, pp. 426–441. https://doi.org/10.1007/3-540-45800-X_33.

  22. Phu Hong Nguyen et al. “An extensive systematic review on the Model- Driven Development of secure systems”. In: Inf. Softw. Technol. 68 (2015), pp. 62–81. https://doi.org/10.1016/j.infsof.2015.08.006.26.

  23. Ralf H. Reussner et al. Modeling and Simulating Software Architectures: The Palladio Approach. The MIT Press, 2016. ISBN: 026203476X.

    Google Scholar 

  24. Kiana Rostami et al. “Architecture-based Assessment and Planning of Change Requests”. In: Proceedings of the 11th International ACM SIG-SOFT Conference on Quality of Software Architectures, QoSA’15 (part of CompArch 2015). ACM, 2015, pp. 21–30. https://doi.org/10.1145/2737182.2737198.

  25. Ahmad-Reza Sadeghi, Christian Wachsmann, and Michael Waidner. “Security and privacy challenges in industrial internet of things”. In: Proceedings of the 52nd Annual Design Automation Conference, San Fran-cisco, CA, USA, June 7–11, 2015. ACM, 2015, 54:1–54:6. https://doi.org/10.1145/2744769.2747942.

  26. Eric Schmieders, Andreas Metzger, and Klaus Pohl. “Runtime Model- Based Privacy Checks of Big Data Cloud Services”. In: Service-Oriented Computing - 13th International Conference, ICSOC 2015, Goa, India, November 16–19, 2015, Proceedings. Ed. by Alistair Barros et al. Vol. 9435. Lecture Notes in Computer Science. Springer, 2015, pp. 71–86. https://doi.org/10.1007/978-3-662-48616-0_5.

  27. Stephan Seifermann, Robert Heinrich, and Ralf H. Reussner. “Data-Driven Software Architecture for Analyzing Confidentiality”. In: IEEE International Conference on Software Architecture, ICSA 2019, Hamburg, Germany, March 25–29, 2019. IEEE, 2019, pp. 1–10. https://doi.org/10.1109/ICSA.2019.00009.

  28. Stephan Seifermann et al. “A Unified Model to Detect Information Flow and Access Control Violations in Software Architectures”. In: Proceedings of the 18th International Conference on Security and Cryptography, SE-CRYPT 2021, July 6–8, 2021. Ed. by Sabrina De Capitani di Vimercati and Pierangela Samarati. SCITEPRESS, 2021, pp. 26–37. https://doi.org/10.5220/0010515300260037.

  29. Stephan Seifermann et al. “Detecting Violations of Access Control and Information Flow Policies in Data Flow Diagrams”. In: The Journal of Systems and Software (2022). accepted, to appear.

    Google Scholar 

  30. Carlos Eduardo da Silva et al. “Self-Adaptive Role-Based Access Control for Business Processes”. In: 12th IEEE/ACM International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS@ICSE 2017, Buenos Aires, Argentina, May 22–23, 2017. IEEE Computer Society, 2017, pp. 193–203. https://doi.org/10.1109/SEAMS.2017.13.

  31. Gregor Snelting et al. “Checking probabilistic noninterference using JOANA”. In: it Inf. Technol. 56.6 (2014), pp. 280–287. https://doi.org/10.1515/itit-2014-1051.

  32. Khalifa Toumi, César Andrés, and Ana R. Cavalli. “Trust-orBAC: A Trust Access Control Model in Multi-Organization Environments”. Ed. by Venkat N. Venkatakrishnan and Diganta Goswami. Vol. 7671. Lecture Notes in Computer Science. Springer, 2012, pp. 89–103. https://doi.org/10.1007/978-3-642-35130-3_7.

  33. Katja Tuma, Riccardo Scandariato, and Musard Balliu. “Flaws in Flows: Unveiling Design Flaws via Information Flow Analysis”. In: IEEE International Conference on Software Architecture, ICSA 2019, Hamburg, Germany, March 25–29, 2019. IEEE, 2019, pp. 191–200. https://doi.org/10.1109/ICSA.2019.00028.

  34. Dinesh C. Verma et al. “Generative policy model for autonomic management”. In: 2017 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computed, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation, SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI 2017, San Francisco, CA, USA, August 4–8, 2017. IEEE, 2017, pp. 1–6. https://doi.org/10.1109/UIC-ATC.2017.8397410.

  35. Zeineb Ben Yahya, Farah Barika Ktata, and Khaled Ghédira. “Multiorganizational Access Control Model Based on Mobile Agents for Cloud Computing”. In: 2016 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2016, Omaha, NE, USA, October 13–16, 2016. IEEE Computer Society, 2016, pp. 656–659. https://doi.org/10.1109/WI.2016.0116.

Download references

Acknowledgements

This work was funded by the DFG (German Research Foundation)—project number 432576552, HE8596/1-1 (FluidTrust). It was also supported by funding from the topic Engineering Secure Systems of the Helmholtz Association (HGF) and by KASTEL Security Research Labs (46.23.03). The work was also partially supported by the Czech Science Foundation project 20-24814J and partially supported by Charles University institutional funding SVV 260451.

Author information

Authors and Affiliations

  1. KASTEL – Institute of Information Security and Dependability, Dependability of Software-Intensive Systems Group, Karlsruhe Institute of Technology, Karlsruhe, Germany

    Robert Heinrich, Stephan Seifermann, Maximilian Walter, Sebastian Hahner & Ralf Reussner

  2. Faculty of Mathematics and Physics, Department of Distributed and Dependable Systems, Charles University, Prague, Czech Republic

    Tomáš Bureš, Petr Hnětynka & Jan Pacovský

Authors
  1. Robert Heinrich
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stephan Seifermann
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Maximilian Walter
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sebastian Hahner
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ralf Reussner
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Tomáš Bureš
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Petr Hnětynka
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Jan Pacovský
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Robert Heinrich .

Editor information

Editors and Affiliations

  1. Technische Universität München, Garching b. München, Bayern, Germany

    Birgit Vogel-Heuser

  2. Johannes Kepler University Linz, Linz, Oberösterreich, Austria

    Manuel Wimmer

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer-Verlag GmbH, DE, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Heinrich, R. et al. (2023). Dynamic Access Control in Industry 4.0 Systems. In: Vogel-Heuser, B., Wimmer, M. (eds) Digital Transformation. Springer Vieweg, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-65004-2_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-65004-2_6

  • Published:

  • Publisher Name: Springer Vieweg, Berlin, Heidelberg

  • Print ISBN: 978-3-662-65003-5

  • Online ISBN: 978-3-662-65004-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation