Industry 4.0 is advancing the use of Internet of Things (IoT) devices in industrial applications, which enables efficient device-to-device (D2D) communication. However, these devices are often heterogeneous in nature, i.e. from different manufacturers, use different protocols, etc. and adds requirements such as security, interoperability, etc.To address these requirements, the Service-Oriented Architecture-Based (SOA) Arrowhead Framework was previously proposed using the concept of local clouds. These local clouds provide a set of mandatory and support core systems to enable industrial automation applications. One of these mandatory core systems is an Authentication, Authorisation and Accounting (AAA) system, which is used to authenticate and provide access control to the devices in a local cloud. In an industrial context, with multiple stakeholders, the AAA must support fine-grain access control. For example, in a distributed control loop, a controller should only have read access to its sensor such as a flow meter and write access to its actuator, such as a valve. The controller should not have access to any other information besides what is needed to implement the desired functionality.In this work, an NGAC-based AAA solution to achieve finegrain service level access control between IoT devices has been proposed and implemented. The solution is presented using a district heating use case.
Data sanitization has been studied in the context of architectures for high assurance systems, language-based information flow controls, and privacy-preserving data publication. A range of sanitization strategies has been developed to address the wide variety of data content and contexts that arise in practice. It is therefore tempting to separate the complex downgrading operations into untrusted data sanitizers while leaving the verification of security policy to simpler trusted guards that mediate information flow between different sensitivity levels. We argue that this can be a false economy and may result in more restrictive information flow than is necessary. We also observe that the guarantees provided by language-based declassification algorithms do not hold without exacting requirements for the runtime environment, and that the satisfaction of these requirements is the precise goal of MILS architectures, making the two disciplines well-matched complements.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.