Automated fixing of access policy implementation in Industrial Networked Systems

TL;DR

This paper introduces a comprehensive framework for Industrial Networked Systems access control that verifies policy correctness and automatically resolves conflicts through credential reassignment, enhancing security policy implementation.

Contribution

It presents a novel approach applying RBAC to INS, with techniques for verification and automatic conflict resolution in access control policies.

Findings

Effective detection of policy conflicts

Automated credential reassignment for conflict resolution

Improved accuracy in access control policy implementation

Abstract

Access control (AC) is the core of every architectural solution for information security. Indeed, no effective protection scheme can abstract from the careful design of access control policies, and infrastructures underlying modern Industrial Networked Systems (INSs) are not exceptions from this point of view. This paper presents a comprehensive framework for INS access control. The proposed approach enables the description of both positive and negative AC policies, by applying the Role Based Access Control (RBAC) paradigm to typical INS implementations, while taking into account different levels of abstraction. Suitable techniques are adopted to check whether or not policies are correctly implemented in the system (verification). When conflicts are detected, possible (re)assignments of credentials to the system users are automatically computed, that can be adopted to correct anomalies (conflict resolution).