Computer Science

Computer Science ›› 2021, Vol. 48 ›› Issue (9): 306-316.doi: 10.11896/jsjkx.210300235

• Information Security • Previous Articles     Next Articles

Blockchain-based Role-Delegation Access Control for Industrial Control System

GUO Xian, WANG Yu-yue, FENG Tao, CAO Lai-cheng, JIANG Yong-bo, ZHANG Di   

  1. School of Computer and Communication,Lanzhou University of Technology,Lanzhou 730050,China
  • Received:2021-03-23 Revised:2021-06-24 Online:2021-09-15 Published:2021-09-10
  • About author:GUO Xian,born in 1971,associate professor,is a senior member of China Computer Federation.His main research interests include network and information security,blockchain and design and analysis of security protocol.
  • Supported by:
    National Natural Science Foundation of China(61461027) and Natural Science Foundation of Gansu Province(20JR5RA467).

PDF (PC)

1047

Abstract: The concept of “network perimeter” in industrial control system is becoming vague due to the integration of IT and OT technology.The fine-grained access control strategy that intends to protect each network connection can ensure the network security of industrial control system.The role-delegation-based access control scheme can delegate an access right of user in a domain to a user in another domain or a company partner so that these users can remotely access the network resources of the industrial enterprise.However,these benefits resulted from the delegation may increase the attack surface for industrial control system.The blockchain technology with decentralization,tamper-proof,auditable and other characteristics can be considered as a basic framework of the role-delegation access control for network resources in industrial control system.This paper proposes a role-delegation access control scheme DRBAC based on blockchain.DRBAC includes several important components:user role management and delegation,access control,monitoring mechanism,etc.The DRBAC solution is implemented based on smart contract.The DRBAC ensures that each network connection must be protected by fine-grained access control strategies.Finally,the correctness,feasibility and overhead of DRBAC are tested and analyzed in a private blockchain network.

Key words: Access control, Blockchain, Delegatable role, Industrial control system, Smart contract

CLC Number: 

  • TP393
[1]LI Q,TANG Q L,CHEN Y T,et al.Research on IntelligentManufacturing System Architecture,Reference Model and Standardization Framework[J].Computer Integrated Manufacturing System,2018,24(3):539-549.
[2]LI J,QIU J J,SHAO M K,et al.Research on the status quo,restriction factors and improvement countermeasures of the key technologies,products and industrial ecology of the integration of industrialization and industrialization in my country[J].Computer Integrated Manufacturing System,2019,25(9):2334-2343.
[3]WANG F Y,ZHANG J,ZHANG J,et al.Industrial Intelligent Networking:Basic Concepts,Key Technologies and Core Applications[J].Acta Automatica Sinica,2018,44(9):1606-1617.
[4]WANG W H,CHEN Z Y.Intelligent Manufacturing Security Model Based on Improved Blockchain[J].Computer Science,2021,48(2):295-302.
[5]FILKINS B,DOUG W,JASON D.SANS 2019 State of OT-ICS Cybersecurity Survey [EB/OL].SANS Survey,2019.https://www.sans.org/webcasts/2019-state-ot-ics-cybersecurity-survey-109625/.
[6]WANG Y T.“New infrastructure” boosts the overall upgrade of artificial intelligence infrastructure[J].Communication World,2020(7):20-21.
[7]GONZALEZ D,ALHENAKI F,MIRAKHORLI M.Architec-tural Security Weaknesses in Industrial Control Systems (ICS) an Empirical Study Based on Disclosed Software Vulnerabilities[C]//2019 IEEE International Conference on Software Architecture (ICSA).Hamburg,Germany,2019:31-40.
[8]SHA L T,XIAO F,CHEN W,et al.Backdoor privacy leakage perception method for industrial IoT environment[J].Journal of Software,2018,29(7):1863-1879.
[9]ZHANG W A,HONG Z,ZHU J W,et al.Overview of network intrusion detection methods for industrial control systems[J].Control and Decision,2019,34(11):2277-2288.
[10]ROSE S,BORCHERT O,MITCHELL S,et al.Zero Trust Architecture[R].National Institute of Standards and Technology,2020.
[11]深云SDP[EB/OL].https://www.deepcloudsdp.com/index.html.
[12]ROSIC D,NOVAK U,VUKMIROVIC S.Role-Based AccessControl Model Supporting Regional Division in Smart Grid System[C]//2013 Fifth International Conference on Computational Intelligence,Communication Systems and Networks.Madrid,2013:197-201.
[13]NASR P M,VARJANI A Y.An alarm based access controlmodel for SCADA system[C]//2015 Smart Grid Conference (SGC).Tehran,2015:145-151.
[14]YANG H.Research on Security Access Technology of WindFarm SCADA System Based on Identity Authentication[D].Beijing:North China Electric Power University,2016.
[15]FIGUEROA-LORENZO S,AÑORGA J,ARRIZABALAGA S.A Role-Based Access Control Model in Modbus SCADA Systems.A Centralized Model Approach[J].Sensors,2019,19(20):4455.
[16]ES-SALHI K,ESPES D,CUPPENS N.DTE Access ControlModel for Integrated ICS Systems[C]//Proceedings of the 14th International Conference on Availability,Reliability and Security (ARES '19).New York,NY,USA,2019:1-9.
[17]STOUFFER K,FALCO J,SCARFONE K.Guide to industrial control systems (ICS) security[J].NIST Special Publication,2011,800(82):16.
[18]GILSINN J.ISA-99-Industrial Automation & Control Systems Security ISA99 Committee·Addresses Industrial Automation and Control [EB/OL].https://www.isa.org/standards-and-publications/isa-standards/isa-standards-committees/isa99.
[19]SANDHU R S,COYNE E J,FEINSTEIN H L,et al.Role-based access control models[J].Computer,1996,29(2):38-47.
[20]BARKA E,SANDHU R.Framework for role-based delegation models[C]//Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).New Orleans,LA,USA,2000:168-176.
[21]ZHANG X,OH S,SANDHU R.PBDM:a flexible delegationmodel in RBAC[C]//Proceedings of the Eighth ACM Sympo-sium on Access Control Models and Technologies (SACMAT'03).New York,NY,USA,2003:149-157.
[22]CAI X Q,DENG Y,ZHANG L,et al.The principle and coretechnology of blockchain[J].Chinese Journal of Computers,2021,44(1):84-131.
[23]ZENG S Q,HUO R,HUANG T,et al.A review of blockchain technology research:principles,progress and applications[J].Journal on Communications,2020,41(1):134-151.
[24]SHAO Q F,ZHANG Z,ZHU Y C,et al.Overview of enter-prise-level blockchain technology[J].Journal of Software,2019,30(9):2571-2592.
[25]BUTERIN V.Ethereum:a next generation smart contract anddecentralized application platform [EB/OL].http://ethereum.org/ethereum.html.
[26]LIU A D,DU X H,WANG N,et al.Big data access control mechanism based on blockchain[J].Journal of Software,2019,30(9):2636-2654.
[27]DU R Z,LIU Y,TIAN J F.Access control method based on smart contract in the Internet of Things[J].Computer Research and Development,2019,56(10):2287-2298.
[28]NUSS M,PUCHTA A,KUNZ M.Towards blockchain-basedidentity and access management for internet of things in enterprises[C]//International Conference on Trust and Privacy in Digital Business.Cham:Springer,2018:167-181.
[29]SHI J S,LI R.Summary of blockchain access control under the Internet of Things[J].Journal of Software,2019,30(6):1632-1648.
[30]MAESA D D F,MORI P,RICCI L.Blockchain based access control[C]//IFIP International Conference on Distributed Applications and Interoperable Systems.Cham:Springer,2017:206-220.
[31]MAESA F D D,MORI P,RICCI L,Blockchain Based AccessControl Services[C]//2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber,Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).Halifax,NS,Canada,2018:1379-1386.
[32]JEMEL M,SERHROUCHNI A.Decentralized Access ControlMechanism with Temporal Dimension Based on Blockchain[C]//2017 IEEE 14th International Conference on e-Business Engineering (ICEBE).Shanghai,2017:177-182.
[33]WANG S,ZHANG Y,ZHANG Y.A blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems[J].IEEE Access,2018,6:38437-38450.
[34]HU S,HOU L,CHEN G,et al.Reputation-based distributedknowledge sharing system in blockchain[C]//Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems:Computing,Networking and Services (MobiQuitous'18).New York,NY,USA,2018:476-481.
[35]FERDOUS M S,MARGHERI A,PACI F,et al.Decentralised Runtime Monitoring for Access Control Systems in Cloud Fe-derations[C]//2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).Atlanta,GA,2017:2632-2633.
[36]ALANSARI S,PACI F,SASSONE V.A Distributed AccessControl System for Cloud Federations[C]//2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).Atlanta,GA,2017:2131-2136.
[37]ZHANG Y Y,KASAHARA S,SHEN Y L,et al.Smart Contract-Based Access Control for the Internet of Things[J].IEEE Internet of Things Journal,2018,6(2):1594-1605.
[38]CRUZ J P,KAJI Y,YANAI N.RBAC-SC:Role-based access control using smart contract[J].IEEE Access,2018,6:12240-12251.
[39]YAN Z,GAN G,RIAD K.BC-PDS:Protecting Privacy and Self-Sovereignty through Blockchains for OpenPDS[C]//2017 IEEE Symposium on Service-Oriented System Engineering (SOSE).San Francisco,CA,2017:138-144.
[40]RAHMAN M U,GUIDI B,BAIARDI F,et al.Context-Aware and Dynamic Role-Based Access Control Using Blockchain[C]//International Conference on Advanced Information Networking and Applications.Cham:Springer,2020:1449-1460.
[41]GUO H,MEAMARI E,SHEN C C.Multi-authority attribute-based access control with smart contract[C]//Proceedings of the 2019 International Conference on Blockchain Technology.2019:6-11.
[42]MAESA D D F,MORI P,RICCI L.A blockchain based ap-proach for the definition of auditable Access Control systems[J].Computers & Security,2019,84:93-119.
[43]CRAMPTON J,KHAMBHAMMETTU H.Delegation in role-based access control[J].International Journal of Information Security,2008,7(2):123-136.
[44]ZHANG L,AHN G J,CHU B T.A rule-based framework for role-based delegation and revocation[J].ACM Transactions on Information and System Security (TISSEC),2003,6(3):404-441.
[45]WANG R.Research on attribute-based delegated access control model and its application in smart home[D].Xi'an:Xidian University,2019.
[46]GUSMEROLI S,PICCIONE S,ROTONDI D.A capability-based security approach to manage access control in the Internet of Things[J].Mathematical & Computer Modelling,2013,58(5/6):1189-1205.
[47]PUSSEWALAGE H S G,OLESHCHUK V A.BlockchainBased Delegatable Access Control Scheme for a Collaborative E-Health Environment[C]//2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber,Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).Halifax,NS,Canada,2018:1204-1211.
[48]TAPAS N,MERLINO G,LONGO F.Blockchain-Based IoT-Cloud Authorization and Delegation[C]//2018 IEEE International Conference on Smart Computing (SMARTCOMP).Taormina,2018:411-416.
[49]LE T,MUTKA M W.CapChain:A Privacy Preserving Access Control Framework Based on Blockchain for Pervasive Environments[C]//2018 IEEE International Conference on Smart Computing (SMARTCOMP).Taormina,2018:57-64.
[50]OUADDAH A,ABOU ELKALAM A,AIT OUAHMAN A.FairAccess:anew Blockchain-based access control framework for the Internet of Things[J].Security and Communication Networks,2016,9(18):5943-5964.
[51]XU R,CHEN Y,BLASCH E,et al.BlendCAC:A BLockchain-Enabled Decentralized Capability-Based Access Control for IoTs[C]//2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber,Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).Halifax,NS,Canada,2018:1027-1034.
[52]XU R,CHEN Y,BLASCH E,et al.Blendcac:A smart contract enabled decentralized capability-based access control mechanism for the iot[J].Computers,2018,7(3):39.
[53]NAKAMURA Y,ZHANG Y,SASABE M,et al.ExploitingSmart Contracts for Capability-Based Access Control in the Internet of Things[J].Sensors,2020,20(6):1793.
[54]LIN C,HE D,HUANG X,et al.BSeIn:A blockchain-based secure mutual authentication with fine-grained access control system for industry 4.0[J].Journal of Network and Computer Applications,2018,116:42-52.
[55]ISA 95/PERA [EB/OL].https://isa-95.com.
[1] GUO Peng-jun, ZHANG Jing-zhou, YANG Yuan-fan, YANG Shen-xiang. Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft [J]. Computer Science, 2022, 49(9): 268-274.
[2] WANG Zi-kai, ZHU Jian, ZHANG Bo-jun, HU Kai. Research and Implementation of Parallel Method in Blockchain and Smart Contract [J]. Computer Science, 2022, 49(9): 312-317.
[3] HUANG Song, DU Jin-hu, WANG Xing-ya, SUN Jin-lei. Survey of Ethereum Smart Contract Fuzzing Technology Research [J]. Computer Science, 2022, 49(8): 294-305.
[4] ZHOU Hang, JIANG He, ZHAO Yan, XIE Xiang-peng. Study on Optimal Scheduling of Power Blockchain System for Consensus Transaction ofEach Unit [J]. Computer Science, 2022, 49(6A): 771-776.
[5] LI Bo, XIANG Hai-yun, ZHANG Yu-xiang, LIAO Hao-de. Application Research of PBFT Optimization Algorithm for Food Traceability Scenarios [J]. Computer Science, 2022, 49(6A): 723-728.
[6] FU Li-yu, LU Ge-hao, WU Yi-ming, LUO Ya-ling. Overview of Research and Development of Blockchain Technology [J]. Computer Science, 2022, 49(6A): 447-461.
[7] GAO Jian-bo, ZHANG Jia-shuo, LI Qing-shan, CHEN Zhong. RegLang:A Smart Contract Programming Language for Regulation [J]. Computer Science, 2022, 49(6A): 462-468.
[8] WEI Hong-ru, LI Si-yue, GUO Yong-hao. Secret Reconstruction Protocol Based on Smart Contract [J]. Computer Science, 2022, 49(6A): 469-473.
[9] MAO Dian-hui, HUANG Hui-yu, ZHAO Shuang. Study on Automatic Synthetic News Detection Method Complying with Regulatory Compliance [J]. Computer Science, 2022, 49(6A): 523-530.
[10] WANG Si-ming, TAN Bei-hai, YU Rong. Blockchain Sharding and Incentive Mechanism for 6G Dependable Intelligence [J]. Computer Science, 2022, 49(6): 32-38.
[11] SUN Hao, MAO Han-yu, ZHANG Yan-feng, YU Ge, XU Shi-cheng, HE Guang-yu. Development and Application of Blockchain Cross-chain Technology [J]. Computer Science, 2022, 49(5): 287-295.
[12] YANG Zhen, HUANG Song, ZHENG Chang-you. Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE [J]. Computer Science, 2022, 49(5): 325-332.
[13] REN Chang, ZHAO Hong, JIANG Hua. Quantum Secured-Byzantine Fault Tolerance Blockchain Consensus Mechanism [J]. Computer Science, 2022, 49(5): 333-340.
[14] FENG Liao-liao, DING Yan, LIU Kun-lin, MA Ke-lin, CHANG Jun-sheng. Research Advance on BFT Consensus Algorithms [J]. Computer Science, 2022, 49(4): 329-339.
[15] YANG Xin-yu, PENG Chang-gen, YANG Hui, DING Hong-fa. Rational PBFT Consensus Algorithm with Evolutionary Game [J]. Computer Science, 2022, 49(3): 360-370.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.