Return to search

Next Generation Access Control as a support core system in the Arrowhead Framework

In the fourth industrial revolution known as Industry 4.0, massive amounts of data is collected, processed and communicated by cyber-physical systems and Internet of Things (IoT). Although the nature of this data varies, industrial data is often proprietary and may cause harm to the data owner in the event of a resource leak. Nonetheless, Industrial Internet of Things (IIoT) and System of Systems (SoS) architectures frequently rely on data sharing in partner eco-systems to produce value, necessitating selective and granular access control to prevent sensitive data from being unintentionally shared. This thesis explores the possibilities of providing unified access control for services in the Arrowhead Framework (AF), a framework that provides an architecture for building IoT-based automation systems. Strong security mechanisms currently exist in AF for ensuring that access to services provided by constituent provider systems is only granted to authorized consumers. However, there is often a need for more dynamic and fine-granular access control than what is currently offered at an orchestration level. An Arrowhead system which employs a general policy language to express policy based access control can offer a broad and unified service solution, enabling frequent access queries from different application systems, dynamic policy change, and contextual policy variables. Such a system has the potential to be a highly versatile asset for policy enforcement in Arrowhead SoS, and may serve as a go-to support system in AF. Next Generation Access Control (NGAC) is an attribute-based access control (ABAC) standard based on relations between data elements to create, manage and enforce access control policies, and enables systematic access control with a high level of granularity. We examine how NGAC can be used to securely enforce access control policies for data sharing with AF, and present a SoS solution that demonstrates the use of NGAC as the access control model for a resource system. The solution includes an Arrowhead policy server that enables enforcement of ABAC for Arrowhead-compliant application systems. We further examine the possibilities of easing integration of Arrowhead systems, and present a Policy Enforcement Point (PEP) library for the policy server.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:ltu-91235
Date January 2022
CreatorsEsenov, Ilaman
PublisherLuleå tekniska universitet, Institutionen för system- och rymdteknik
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.002 seconds