Skip to main content
SpringerLink
Log in

A topology and risk-aware access control framework for cyber-physical space

  • Research Article
  • Published:
Frontiers of Computer Science Aims and scope Submit manuscript

Abstract

Cyber-physical space is a spatial environment that integrates the cyber world and the physical world, aiming to provide an intelligent environment for users to conduct their day-to-day activities. The interplay between the cyber space and physical space proposes specific security requirements that are not captured by traditional access control frameworks. On one hand, the security of the physical space and the cyber space should be both concerned in the cyber-physical space. On the other hand, the bad results caused by failure in providing secure policy enforcement may directly affect the controlled physical world. In this paper, we propose an effective access control framework for the cyber-physical space. Firstly, a topology-aware access control (TAAC) model is proposed. It can express the cyber access control, the physical access control, and the interaction access control simultaneously. Secondly, a risk assessment approach is proposed for the policy enforcement phase. It is used to evaluate the user behavior and ensures that the suspicious behaviors executed by authorized users can be handled correctly. Thirdly, we propose a role activation algorithm to ensure that the objects are accessed only by legal and honest users. Finally, we evaluate our approach by using an illustrative example and the performance analysis. The results demonstrate the feasibility of our approach.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Rajkumar R, Lee I, Sha L, Stankovic J. Cyber-physical systems: the next computing revolution. In: Proceedings of IEEE International Conference on Design Automation Conference. 2010, 731–736

  2. Tsigkanos C, Kehrer T, Ghezzi C. Architecting dynamic cyber-physical spaces. Computing, 2016, 98(10): 1011–1040

    Article  MathSciNet  Google Scholar 

  3. Tsigkanos C, Pasquale L, Ghezzi C, Nuseibeh B. On the interplay between cyber and physical spaces for adaptive security. IEEE Transactions on Dependable & Secure Computing, 2018, 15(3): 466–480

    Article  Google Scholar 

  4. Ray I, Ray I. Access control challenges for cyber-physical systems. In: Proceedings of NSF Workshop on Cyber-Physical Systems. 2009

  5. Abdunabi R, Al-Lail M, Ray I, France R B. Specification, validation, and enforcement of a generalized spatio-temporal role-based access control model. IEEE Systems Journal, 2013, 7(3): 501–515

    Article  Google Scholar 

  6. Kirkpatrick M S, Damiani M L, Bertino E. Prox-RBAC: a proximity-based spatially aware RBAC. In: Proceedings of ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems. 2011, 339–348

  7. Toahchoodee M, Ray I. On the formalization and analysis of a spatiotemporal role-based access control model. Journal of Computer Security, 2011, 19(3): 399–452

    Article  Google Scholar 

  8. Jin X, Sandhu R, Krishnan R. RABAC: role-centric attribute-based access control. In: Proceedings of International Conference on Mathematical Methods, Models and Architectures for Computer Network Security: Computer Network Security. 2012, 84–96

  9. Unal D, Caglayan M U. A formal role-based access control model for security policies in multi-domain mobile networks. Computer Networks, 2013, 57(1): 330–350

    Article  Google Scholar 

  10. Skandhakumar N, Salim F, Reid J, Dawson E. Physical access control administration using building information models. In: Proceedings of International Conference on Cyberspace Safety and Security. 2012, 236–250

  11. Geepalla E, Bordbar B, Du X. Spatio-temporal role based access control for physical access control systems. In: Proceedings of IEEE International Conference on Emerging Security Technologies. 2013, 39–42

  12. Chen D, Chang G, Sun D, Jia J, Wang X. Modeling access control for cyber-physical systems using reputation. Computers & Electrical Engineering, 2012, 38(5): 1088–1101

    Article  Google Scholar 

  13. Venkatasubramanian K K, Mukherjee T, Gupta S K S. CAAC — an adaptive and proactive access control approach for emergencies in smart infrastructures. ACM Transactions on Autonomous and Adaptive Systems, 2014, 8(4): 1–18

    Article  Google Scholar 

  14. Wu G, Lu D, Xia F, Yao L. A fault-tolerant emergency-aware access control scheme for cyber-physical systems. Information Technology & Control, 2011, 40(1): 29–40

    Article  Google Scholar 

  15. Akhuseyinoglu NB, Joshi J. Arisk-aware access control framework for cyber-physical systems. In: Proceedings of IEEE International Conference on Collaboration and Internet Computing. 2017, 349–358

  16. Baracaldo N, Joshi J. An adaptive risk management and access control framework to mitigate insider threats. Computers & Security, 2013, 39(4): 237–254

    Article  Google Scholar 

  17. Baracaldo N, Palanisamy B, Joshi J. G-SIR: an insider attack resilient geo-social access control framework. IEEE Transactions on Dependable & Secure Computing, 2017, 16: 84–98

    Article  Google Scholar 

  18. Tsigkanos C, Pasquale L, Ghezzi C, Nuseibeh B. Ariadne: topology aware adaptive security for cyber-physical systems. In: Proceedings of IEEE International Conference on Software Engineering. 2015, 729–732

  19. Cao Y, Huang Z, Ke C, Xie J, Wang J. A topology-aware access control model for collaborative cyber-physical spaces: specification and verification. Computers& Security, 2019

  20. Kuhn D R, Coyne E J, Weil T R. Adding attributes to role-based access control. Computer, 2010, 43(6): 79–81

    Article  Google Scholar 

  21. Ultra J D, Pancho-Festin S. A simple model of separation of duty for access control models. Computers & Security, 2017, 68: 69–80

    Article  Google Scholar 

  22. Cao Y, Huang Z, Kan S, Peng H, Ke C. Location-constrained access control model and verification methods. Journal of Computer Research and Development, 2018, 55(8): 1809–1825

    Google Scholar 

  23. Cao Y, Huang Z, Kan S, Fan D, Yang Y. Specification and verification of a topology-aware access control model for cyber-physical spaces. Tsinghua Science and Technology, 2019, 24(5): 497–519

    Article  Google Scholar 

  24. Chakraborty S, Ray I. TrustBAC: integrating trust relationships into the RBAC model for access control in open systems. In: Proceedings of ACM Symposium on Access Control Models and Technologies. 2006, 49–58

  25. Baracaldo N, Joshi J. Beyond accountability: using obligations to reduce risk exposure and deter insider attacks. In: Proceedings of ACM Symposium on Access Control Models and Technologies. 2013, 213–224

  26. Bijon K Z, Krishnan R, Sandhu R. A framework for risk-aware role based access control. In: Proceedings of IEEE Communications and Network Security. 2013, 462–469

  27. Chen L, Crampton J. Risk-aware role-based access control. In: Proceedings of International Conference on Security and Trust Management. 2011, 140–156

  28. Santos D R D, Marinho R, Schmitt G R, Westphall C M, Westphall C B. A framework and risk assessment approaches for risk-based access control in the cloud. Journal of Network & Computer Applications, 2016, 74: 86–97

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported by the National Natural Science Foundation of China (Grant Nos. 61772270, 61602262 and 61602237), Jiangsu Natural Science Foundation of China (BK20170809), National High Technology Research and Development Program of China (2015AA015303).

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing, 211106, China

    Yan Cao, Zhiqiu Huang, Yaoshen Yu, Changbo Ke & Zihao Wang

  2. Key Laboratory of Safety-Critical Software, Ministry of Industry and Information Technology, Nanjing, 211106, China

    Yan Cao, Zhiqiu Huang & Yaoshen Yu

  3. Collaborative Innovation Center of Novel Software Technology and Industrialization, Nanjing, 211106, China

    Zhiqiu Huang

  4. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, 210023, China

    Changbo Ke

Authors
  1. Yan Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhiqiu Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yaoshen Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Changbo Ke
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zihao Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhiqiu Huang.

Additional information

Yan Cao is currently a PhD candidate in the department of computer sciences and technology, Nanjing University of Aeronautics and Astronautics, China. She has participated in several research projects and industrial projects about IT security. Her research interests include cyber-physical space, security and privacy, formal methods, and software engineering.

Zhiqiu Huang is currently a professor at the department of computer sciences and technology, Nanjing University of Aeronautics and Astronautics, China. He has supported several research projects of the National Natural Science Foundation of China about privacy and security. He has participated in several industrial projects working on the area of IT security. His research interests include safety and dependable software development, formal methods, security and privacy.

Yaoshen Yu is currently a PhD candidate in the department of computer sciences and technology, Nanjing University of Aeronautics and Astronautics, China. His research interests include formal methods, software engineering, safety and security.

Changbo Ke received the PhD degree in software engineering from Nanjing University of Aeronautics and Astronautics, China in 2015. He is currently a post-doctoral student in Nanjing University of Aeronautics and Astronautics and also a teacher at the colleague of computer science, Nanjing University of Posts and Telecommunications, China. His research interests include Web service, software engineering, privacy protection, and formal methods.

Zihao Wang is currently a master student at the department of computer sciences and technology, Nanjing University of Aeronautics and Astronautics, China. His research interests include security and privacy, block chain technology.

Electronic supplementary material

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Cao, Y., Huang, Z., Yu, Y. et al. A topology and risk-aware access control framework for cyber-physical space. Front. Comput. Sci. 14, 144805 (2020). https://doi.org/10.1007/s11704-019-8454-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11704-019-8454-0

Keywords

Search

Navigation