PDF(1097 KB)
A topology and risk-aware access control framework for cyber-physical space
Yan CAO, Zhiqiu HUANG, Yaoshen YU, Changbo KE, Zihao WANG
PDF(1097 KB)
PDF(1097 KB)
A topology and risk-aware access control framework for cyber-physical space
Cyber-physical space is a spatial environment that integrates the cyber world and the physical world, aiming to provide an intelligent environment for users to conduct their day-to-day activities. The interplay between the cyber space and physical space proposes specific security requirements that are not captured by traditional access control frameworks. On one hand, the security of the physical space and the cyber space should be both concerned in the cyber-physical space. On the other hand, the bad results caused by failure in providing secure policy enforcementmay directly affect the controlled physical world. In this paper, we propose an effective access control framework for the cyber-physical space. Firstly, a topology-aware access control (TAAC) model is proposed. It can express the cyber access control, the physical access control, and the interaction access control simultaneously. Secondly, a risk assessment approach is proposed for the policy enforcement phase. It is used to evaluate the user behavior and ensures that the suspicious behaviors executed by authorized users can be handled correctly. Thirdly, we propose a role activation algorithm to ensure that the objects are accessed only by legal and honest users. Finally, we evaluate our approach by using an illustrative example and the performance analysis. The results demonstrate the feasibility of our approach.
cyber-physical space / access control / risk management / role activation
| [1] |
Rajkumar R, Lee I, Sha L, Stankovic J. Cyber-physical systems: the next computing revolution. In: Proceedings of IEEE International Conference on Design Automation Conference. 2010, 731–736
CrossRef
Google scholar
|
| [2] |
Tsigkanos C,Kehrer T, Ghezzi C.Architecting dynamic cyber-physical spaces. Computing, 2016, 98(10): 1011–1040
CrossRef
Google scholar
|
| [3] |
Tsigkanos C, Pasquale L,Ghezzi C,Nuseibeh B. On the interplay between cyber and physical spaces for adaptive security. IEEE Transactions on Dependable & Secure Computing, 2018, 15(3): 466–480
CrossRef
Google scholar
|
| [4] |
Ray I,Ray I.Access control challenges for cyber-physical systems. In: Proceedings of NSF Workshop on Cyber-Physical Systems. 2009
|
| [5] |
Abdunabi R, Al-Lail M, Ray I, France R B. Specification, validation, and enforcement of a generalized spatio-temporal role-based access control model. IEEE Systems Journal, 2013, 7(3): 501–515
CrossRef
Google scholar
|
| [6] |
Kirkpatrick M S,Damiani M L, Bertino E. Prox-RBAC: a proximitybased spatially aware RBAC. In: Proceedings of ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems. 2011, 339–348
CrossRef
Google scholar
|
| [7] |
Toahchoodee M, Ray I. On the formalization and analysis of a spatiotemporal role-based access control model. Journal of Computer Security, 2011, 19(3): 399–452
CrossRef
Google scholar
|
| [8] |
Jin X, Sandhu R, Krishnan R. RABAC: role-centric attribute-based access control. In: Proceedings of International Conference on Mathematical Methods, Models and Architectures for Computer Network Security: Computer Network Security. 2012, 84–96
CrossRef
Google scholar
|
| [9] |
Unal D, Caglayan M U. A formal role-based access control model for security policies in multi-domain mobile networks. Computer Networks, 2013, 57(1): 330–350
CrossRef
Google scholar
|
| [10] |
Skandhakumar N, Salim F,Reid J,Dawson E. Physical access control administration using building information models. In: Proceedings of International Conference on Cyberspace Safety and Security. 2012, 236–250
CrossRef
Google scholar
|
| [11] |
Geepalla E, Bordbar B, Du X. Spatio-temporal role based access control for physical access control systems. In: Proceedings of IEEE International Conference on Emerging Security Technologies. 2013, 39–42
CrossRef
Google scholar
|
| [12] |
Chen D, Chang G, Sun D, Jia J, Wang X. Modeling access control for cyber-physical systems using reputation. Computers & Electrical Engineering, 2012, 38(5): 1088–1101
CrossRef
Google scholar
|
| [13] |
Venkatasubramanian K K, Mukherjee T, Gupta S K S. CAAC – an adaptive and proactive access control approach for emergencies in smart infrastructures. ACM Transactions on Autonomous and Adaptive Systems, 2014, 8(4): 1–18
CrossRef
Google scholar
|
| [14] |
Wu G,Lu D,Xia F, Yao L. A fault-tolerant emergency-aware access control scheme for cyber-physical systems. Information Technology & Control, 2011, 40(1): 29–40
CrossRef
Google scholar
|
| [15] |
Akhuseyinoglu N B,Joshi J. A risk-aware access control framework for cyber-physical systems. In: Proceedings of IEEE International Conference on Collaboration and Internet Computing. 2017, 349–358
CrossRef
Google scholar
|
| [16] |
Baracaldo N, Joshi J.An adaptive risk management and access control framework to mitigate insider threats. Computers & Security, 2013, 39(4): 237–254
CrossRef
Google scholar
|
| [17] |
Baracaldo N, Palanisamy B, Joshi J. G-SIR: an insider attack resilient geo-social access control framework. IEEE Transactions on Dependable & Secure Computing, 2017, 16: 84–98
CrossRef
Google scholar
|
| [18] |
Tsigkanos C, Pasquale L, Ghezzi C, Nuseibeh B. Ariadne: topology aware adaptive security for cyber-physical systems. In: Proceedings of IEEE International Conference on Software Engineering. 2015, 729–732
CrossRef
Google scholar
|
| [19] |
Cao Y, Huang Z, Ke C,Xie J, Wang J. A topology-aware access control model for collaborative cyber-physical spaces: specification and verification. Computers& Security, 2019
CrossRef
Google scholar
|
| [20] |
Kuhn D R, Coyne E J,Weil T R. Adding attributes to role-based access control. Computer, 2010, 43(6): 79–81
CrossRef
Google scholar
|
| [21] |
Ultra J D, Pancho-Festin S. A simple model of separation of duty for access control models. Computers & Security, 2017, 68: 69–80
CrossRef
Google scholar
|
| [22] |
Cao Y, Huang Z, Kan S, Peng H, Ke C. Location-constrained access control model and verification methods. Journal of Computer Research and Development, 2018, 55(8): 1809–1825
|
| [23] |
Cao Y, Huang Z, Kan S, Fan D, Yang Y.Specification and verification of a topology-aware access control model for cyber-physical spaces. Tsinghua Science and Technology, 2019, 24(5): 497–519
CrossRef
Google scholar
|
| [24] |
Chakraborty S, Ray I. TrustBAC: integrating trust relationships into the RBAC model for access control in open systems. In: Proceedings of ACM Symposium on Access Control Models and Technologies. 2006, 49–58
CrossRef
Google scholar
|
| [25] |
Baracaldo N, Joshi J. Beyond accountability: using obligations to reduce risk exposure and deter insider attacks. In: Proceedings of ACM Symposium on Access Control Models and Technologies. 2013, 213–224
CrossRef
Google scholar
|
| [26] |
Bijon K Z, Krishnan R, Sandhu R. A framework for risk-aware role based access control. In: Proceedings of IEEE Communications and Network Security. 2013, 462–469
CrossRef
Google scholar
|
| [27] |
Chen L, Crampton J. Risk-aware role-based access control. In: Proceedings of International Conference on Security and Trust Management. 2011, 140–156
CrossRef
Google scholar
|
| [28] |
Santos D R D, Marinho R, Schmitt G R,Westphall C M, Westphall C B. A framework and risk assessment approaches for risk-based access control in the cloud. Journal of Network & Computer Applications, 2016, 74: 86–97
CrossRef
Google scholar
|
/
| 〈 |
|
〉 |
AI Summary
