Automated fixing of access policy implementation in Industrial Networked Systems
This addresses security vulnerabilities in industrial systems, but it appears incremental as it applies existing RBAC paradigms to a specific domain.
The paper tackles the problem of ensuring correct implementation of access control policies in Industrial Networked Systems by proposing a framework that verifies policies and automatically computes credential reassignments to resolve conflicts, though no concrete numbers are provided.
Access control (AC) is the core of every architectural solution for information security. Indeed, no effective protection scheme can abstract from the careful design of access control policies, and infrastructures underlying modern Industrial Networked Systems (INSs) are not exceptions from this point of view. This paper presents a comprehensive framework for INS access control. The proposed approach enables the description of both positive and negative AC policies, by applying the Role Based Access Control (RBAC) paradigm to typical INS implementations, while taking into account different levels of abstraction. Suitable techniques are adopted to check whether or not policies are correctly implemented in the system (verification). When conflicts are detected, possible (re)assignments of credentials to the system users are automatically computed, that can be adopted to correct anomalies (conflict resolution).