KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지

AC4E: An Access Control Model for Emergencies of Mission-Critical Cyber-Physical Systems

  • Chen, Dong (School of Information Science and Engineering, Northeastern University) ;
  • Chang, Guiran (Computing Center, Northeastern University) ;
  • Jia, Jie (School of Information Science and Engineering, Northeastern University)
  • Received : 2012.05.11
  • Accepted : 2012.08.16
  • Published : 2012.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Access control is an essential security component in protecting sensitive data and services from unauthorized access to the resources in mission-critical Cyber-Physical Systems (CPSs). CPSs are different from conventional information processing systems in such that they involve interactions between the cyber world and the physical world. Therefore, existing access control models cannot be used directly and even become disabled in an emergency situation. This paper proposes an adaptive Access Control model for Emergences (AC4E) for mission-critical CPSs. The principal aim of AC4E is to control the criticalities in these systems by executing corresponding responsive actions. AC4E not only provides the ability to control access to data and services in normal situations, but also grants the correct set of access privileges, at the correct time, to the correct set of subjects in emergency situations. It can facilitate adaptively responsive actions altering the privileges to specific subjects in a proactive manner without the need for any explicit access requests. A semiformal validation of the AC4E model is presented, with respect to responsiveness, correctness, safety, non-repudiation and concurrency, respectively. Then a case study is given to demonstrate how the AC4E model detects, responds, and controls the emergency events for a typical CPS adaptively in a proactive manner. Eventually, a wide set of simulations and performance comparisons of the proposed AC4E model are presented.

Keywords

References

  1. W. Wolf, "Cyber-physical System", Computer, vol.42, no.43, pp.88-89, 2009.
  2. R. Poovendran., "Cyber-physical systems close encounters between two parallel worlds", in Proc. of the IEEE, vol.98, no.8, pp.1363-1366, 2010.
  3. K. D. Chang and J. L. Chen, "A survey of trust management in WSNs, internet of things and future internet", KSII Transactions on Internet and Information Systems, vol.6, no.1, pp. 5-19, January, 2012.
  4. C. Z. Lai, H. Li, Y. Y. Zhang and J. Cao, "Security Issues on Machine to Machine Communications", KSII Transactions on Internet and Information Systems, vol.6, no.2, pp.498-514, Feb.2012.
  5. A. Banerjee, K. K. Venkatasubramanian, T. Mukherjee and S. K. S. Gupta, "ensuring safety, security, and sustainability of mission-critical cyber-physical systems", in Proc. of the IEEE, vol.100, no.1, pp.283-299, 2012.
  6. L. Insup, O. Sokolsky, et al., "challenges and research directions in medical cyber-physical systems", in Proc. of the IEEE, vol.100, no.1, pp.75-90, 2012.
  7. S. Sridhar, A. Hahn, M. Govindarasu, "Cyber-physical system security for the electric power grid", in Proc. of the IEEE, vol.100, no.1, pp.210-224, 2012.
  8. M. Yili, T. H. J. Kim, et al., "Cyber-physical security of a smart grid infrastructure", in Proc. of the IEEE, vol.100, no.1, pp.195-209, 2012.
  9. J. Sztipanovits, X. Koutsoukos, et al., "Toward a science of cyber-physical system integration", in Proc. of the IEEE, vol.100, no.1, pp.29-44, 2012.
  10. M. Chen, S. Gonzalez, V. Leung, Q. Zhang and M. Li, "2G-RFID based E-healthcare System", IEEE Wireless Communications Magazine, vol.17, no.1, pp.37-43, Feb.2010.
  11. M. Chen, S. Gonzalez, Q. Zhang and V. Leung, "Code-Centric RFID System Based on Software Agent Intelligence", IEEE Intelligent Systems, vol.25, no.2, pp.12-19, Mar.2010.
  12. R. S. Sandhu, E. J. Coyne, et al., "Role-Based Access Control Models", Computer, vol.29, no.2, pp.38-47, Feb.1996. https://doi.org/10.1109/2.485845
  13. S. Chakraborty, I. Ray, "TrustBAC-Integrating trust relationships into the RBAC model for access control in open systems", in Proc. of the 11th ACM Symp. on Access Control Models And Technologies, New York: ACM Press, pp.49-58, 2006.
  14. D. Povey, "Optimistic Security: A New Access Control Paradigm", in Proc. of New Security Paradigms Workshop 1999, pp.40-45, 1999.
  15. A. Corrad, R. Montanari and D. Tibaldi, "Context-based access control management in ubiquitous environments", in Proc. of Third IEEE International Symposium on Network Computing and Applications , pp.253-260, 30 Aug.2004.
  16. K. Venkatasubramanian, T. Mukherjee, and S. K. S. Gupta , " Caac-An adaptive and proactive access control approach for emergencies for smart infrastructures", ACM Trans. Autonom. Adaptive Syst. (Special Issue on Adaptive Security), to be published.
  17. I. Ray and M. Toahchoodee, "A Spatio-Temporal Access Control Model Supporting Delegation for Pervasive Computing Applications", in Proc. of the 5th International Conference on Trust, Privacy and Security in Digital Business, pp.48-58, Sep.2008.
  18. I. Ray and M. Toahchoodee. "A Spatio-Temporal Role-Based Access Control Model", in Proc. of the 21st Annual IFIP TC-11 WG 11.3 Working Conference on Data and Applications Security, pp.211-226, Jul.2007.
  19. S. Yu, K. Ren and W. Lou, "FDAC: Toward fine-grained distributed data access control in wireless sensor networks," in Proc. of IEEE INFOCOM 2009, pp.963-971, 2009.
  20. S. Misra and A. Vaish, "Reputation-based role assignment for role-based access control in wireless sensor networks", Journal of Computer Communications of Elsevier, vol.34, no.3, pp.281-294 2010.
  21. S. K. S. Gupta, T. Mukherjee and K. Venkatasubramanian, "Criticality Aware Access Control Model for Pervasive Applications", in Proc. of the 4th IEEE Conference on Pervasive Computing and Communications, pp.251-257, 2006.
  22. K. G. Christos and M. Ioannis, "Flexible Team-Based Access Control Using Contexts", in Proc. of the sixth ACM symposium on Access control models and technologies, ACM SIGSAC, pp.21-27, 2001.
  23. G. W. Wu, D. Z. Lu, et al., "A fault-tolerant emergency-aware access controls scheme for cyber-physical systems", Information Technology and control, vol.40, no.1, pp. 29-39, 2011.
  24. S. Yu, K. Ren, W. Lou, "FDAC: Toward fine-grained distributed data access control in wireless sensor networks," in Proc. of IEEE INFOCOM 2009, pp.963-971, 2009.
  25. L. Sha et al., "Cyber-physical systems: A new frontier," Machine Learning in Cyber Trust: Security, Privacy, and Reliability, 2009.
  26. O. D. Mohatar, A. F. Sabater, J. M. Sierra, "A lightweight authentication scheme for wireless sensor networks", Ad Hoc Networks, vol.9, no.5, pp.727-735, Jul.2011. https://doi.org/10.1016/j.adhoc.2010.08.020
  27. N. Li, N. Zhang, S. Das, et al., "Privacy preservation in wireless sensor networks: A state-of-the-art survey," Ad Hoc Networks, vol.7, no.8, pp.1501-1514, Nov.2009. https://doi.org/10.1016/j.adhoc.2009.04.009
  28. B. Carbunar, Y. Yu, W. Shi, et al., "Query privacy in wireless sensor networks," ACM Transactions on Sensor Networks, vol.6, no.2, pp.1-34, 2010.
  29. R. Zhang, Y. Zhang and K. Ren, "DP2AC: Distributed privacy-preserving access control in sensor networks", in Proc. of INFOCOM 2009, pp.1251-1259, 2009.
  30. T. Mukherjee, K. Venkatasubramanian, et al., "Performance Modeling of Critical Event Management for Ubiquitous Computing Applications", in Proc. of The International Symposium on Modeling, Analysis and Simulations of Wireless and Mobile Systems, ACM/IEEE, pp.12-19, 2006.
  31. M. Sloman and E. Lupu, "Security and Management Policy Specification", IEEE Network, vol.16, no.2, pp.10-19, Apr.2002. https://doi.org/10.1109/65.993218
  32. J. F. Wan, H. H. Yan, H. Suo, et al., "Advances in cyber-physical systems research", KSII Transactions on Internet and Information Systems, nol.5, no.11, pp.1891-1908, Nov.2011.
  33. D. Chen and G. R. Chang, "A survey on security issues of m2m communications in cyber-physical systems", KSII Transactions on Internet and Information Systems, vol.6, no.1, pp.24-45, Jan.2012.