Verification of Resilience Policies that Assist Attribute Based Access Control

Access control offers mechanisms to control and limit the actions or operations that are performed by a user on a set of resources in a system. Many access control models exist that are able to support this basic requirement. One of the properties examined in the context of these models is their ability to successfully restrict access to resources. Nevertheless, considering only restriction of access may not be enough in some environments, as in critical infrastructures. The protection of systems in this type of environment requires a new line of enquiry. It is essential to ensure that appropriate access is always possible, even when users and resources are subjected to challenges of various sorts. Resilience in access control is conceived as the ability of a system not to restrict but rather to ensure access to resources. In order to demonstrate the application of resilience in access control, we formally define an attribute based access control model (ABAC) based on guidelines provided by the National Institute of Standards and Technology (NIST). We examine how ABAC-based resilience policies can be specified in temporal logic and how these can be formally verified. The verification of resilience is done using an automated model checking technique, which eventually may lead to reducing the overall complexity required for the verification of resilience policies and serve as a valuable tool for administrators

Protection against Cyber Attacks:Introducing Resilience for SCADA Networks

The sovereignty of nations is highly dependent on the continuous and uninterrupted operation of critical infrastructures. Recent security incidents on SCADA networks show that threats in these environments are increasing in sophistication and number. To protect critical infrastructures against cyber attacks and to cope with their complexity, we advocate the application of a resilience strategy. This strategy provides the guidelines and processes to investigate and ensure the resilience of systems. In this abstract, we briefly refer to our definition of resilience, our research work on the verification of resilience policies, and our resilience architecture for protecting SCADA networks against cyber attacks

Design and Engineering of Resilience for Networked Computer Systems

In this chapter we introduce and describe the notion of resilience for networked computer systems. Central to our viewpoint is that such systems need to be designed and engineered to have resilience as a major property. This is in contrast to systems found in nature that may already have resilience, in some cases through a process of evolution. The networked systems that we focus on here will generally be built using Internet technologies, which we briefly introduce. Engineered systems also require attention to their people and organizational aspects in order to produce a resilient outcome. Therefore, the material we present here is intended to combine the technological, organizational, and people aspects of resilient systems design and operation, with reference to utility networks – specifically to an electricity distribution case study. While the field of engineered resilience is advancing quickly, and involves multiple systems, much of what we say in this chapter still remains in the research phase, and has yet to be widely adopted in practice

Access Control in Industrial Internet of Things

The Industrial Internet of Things (IIoT) is an ecosystem that consists of - among others - various networked sensors and actuators, achieving mainly advancements related with lowering production costs and providing workflow flexibility. Introducing access control in such environments is considered to be challenging, mainly due to the variety of technologies and protocols in IIoT devices and networks. Thus, various access control models and mechanisms should be examined, as well as the additional access control requirements posed by these industrial environments. To achieve these aims, we elaborate on existing state-of-the-art access control models and architectures and investigate access control requirements in IIoT, respectively. These steps provide valuable indications on what type of an access control model and architecture may be beneficial for application in the IIoT. We describe an access control architecture capable of achieving access control in IIoT using a layered approach and based on existing virtualization concepts (e.g., the cloud). Furthermore, we provide information on the functionality of the individual access control related components, as well as where these should be placed in the overall architecture. Considering this research area to be challenging, we finally discuss open issues and anticipate these directions to provide interesting multi-disciplinary insights in both industry and academia