A constraint and risk-aware approach to attribute-based access control for cyber-physical systems

Abstract

Cyber-physical systems (CPSs) integrate cyber components and physical processes. This integration enhances the capabilities of physical systems by incorporating intelligence into objects and services. On the other hand, the integration of cyber and physical components and the interaction between them introduce new security threats. Since CPSs are mostly safety-critical systems, data stored and communicated in them are highly critical. Hence, there is a crucial need for protecting the data and resources in CPSs against unauthorized accesses. In this paper, we propose an access control (AC) framework to address CPS related security issues. The proposed framework consists of two parts: a Cyber-Physical Access Control model (CPAC) and a Generalized Action Generation Model (GAGM). CPAC utilizes an attribute-based approach and extends it with cyber-physical components and cyber-physical interactions. In addition, we incorporate Separation of Duty (SoD) constraints into the CPAC model. GAGM is used to augment the enforcement of access policies. We present formal representations of CPAC and GAGM and demonstrate their use in a sample scenario for a medical CPS. We propose an algorithm for enforcing authorization policies. We implement the CPAC model and compare its performance against the core attribute-based access control model. We present an authorization enforcement approach and show through our experimental results its feasibility.