The distributiveness and heterogeneity of today’s systems of systems, such as the Internet of Things (IoT), on-line banking systems, and contemporary emergency information systems, require the integration of access and usage control mechanisms, for managing the right of access both to the corresponding services, and the plethora of information that is generated in a daily basis. Usage Control (UCON) is such a mechanism, allowing the fine-grained policy based management of system resources, based on dynamic monitoring and evaluation of object, subject, and environmental attributes. Yet, as we presented in an earlier article, a number of improvements can be introduced to the standard model regarding its resilience on active attacks, the simplification of the policy writing, but also in terms of run-time efficiency and scalability. In this article, we present an enhanced usage control architecture, that was developed for tackling the aforementioned issues. In order to achieve that, a dynamic role allocation system will be added to the existing architecture, alongside with a service grouping functionality which will be based on attribute aggregation. This is structured in accordance to a risk-based framework, which has been developed in order to aggregate the risk values that the individual attributes encapsulate into a unified risk value. These architectural enhancements are utilized in order to improve the resilience, scalability, and run-time efficiency of the existing model.
Enhancing Usage Control for Performance: An Architecture for Systems of Systems
The work described in this website has been conducted within the project NeCS. This project has received funding from the European Union’s Horizon 2020 (H2020) research and innovation programme under the Grant Agreement no 675320. This website and the content displayed in it do not represent the opinion of the European Union, and the European Union is not responsible for any use that might be made of its content.
Author (ESR):
Athanasios Rizos (Consiglio Nazionale Delle Ricerche)
Venue:
4th Workshop On The Security Of Industrial Control Systems & Of Cyber-Physical Systems (CyberICPS 2018) In Conjunction With ESORICS 2018
Date:
Monday, September 3, 2018 to Friday, September 7, 2018