Talks and Poster Presentations (with Proceedings-Entry):
B. Brenner, A. Ekelhart, E. Weippl:
"A versatile Security Layer for AutomationML";
Talk: 17th IEEE International Conference on Industrial Informatics (INDIN 2019),
- 2019-07-25; in: "Proceedings of INDIN 2019",
The XML-based data format AutomationML enables vendor-independent exchange of design data between
discipline-specific design tools. It is based on Computer Aided
Engineering Exchange (CAEX) and hence, compatible with the
W3C standards XMLEnc (XML encryption) and XMLDSig
(XML signatures). However, despite the importance of protecting
engineering data, so far no concept has been presented to ensure
and control on a fine-grained level the confidentiality, authenticity
and accessibility of information stored in AutomationML files.
In this paper, we introduce a basic access control scheme for
AutomationML that enables to define user read and write access
for each component. Furthermore, the scheme supports nonrepudiation based on a change history and so-called "signature
chains". It is also capable of supporting views and restricted
access to components. The scheme is based on cryptographic
measures - i.e. cryptographic hashing, symmetric encryption,
signatures, and asymmetric encryption - and enforces its access control mechanisms through encryption to protect against
unauthorized reading, and signature chains to protect against
unauthorized manipulation and to ensure non-repudiation. This
approach has the benefit to be independent of the underlying
file and operating system, storage location, etc., and it keeps full
CAEX-conformity by extending AutomationML.
This concept can serve as basis for software tools that support
AutomationML and want to integrate access control features
directly into AutomationML.
AutomationML, Protection of Engineering Data, Cyber-Physical Systems Security, CPS Security
Created from the Publication Database of the Vienna University of Technology.