Abstract

The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on proprietary and legacy environments to more open and consolidated ones. Supervisory Control and Data Acquisition (SCADA) systems have been widely used not only for industrial processes but also for some experimental facilities. Due to the nature of open environments, managing SCADA systems should meet various security requirements since system administrators need to deal with a large number of entities and functions involved in critical infrastructures. In this paper, we identify necessary access control requirements in SCADA systems and articulate access control policies for the simulated SCADA systems. We also attempt to analyze and realize those requirements and policies in the context of role-based access control that is suitable for simplifying administrative tasks in large scale enterprises.

Original languageEnglish (US)
Pages (from-to)2449-2457
Number of pages9
JournalIEICE Transactions on Information and Systems
VolumeE91-D
Issue number10
DOIs
StatePublished - Oct 2008

Fingerprint

SCADA systems
Access control
Critical infrastructures
Information technology
Industry

Keywords

  • Access control
  • Security policy
  • Supervisory control and data acquisition (SCADA)

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Software
  • Artificial Intelligence
  • Hardware and Architecture
  • Computer Vision and Pattern Recognition

Cite this

Access control management for SCADA systems. / Hong, Seng Phil; Ahn, Gail-Joon; Xu, Wenjuan.

In: IEICE Transactions on Information and Systems, Vol. E91-D, No. 10, 10.2008, p. 2449-2457.

Research output: Contribution to journalArticle

Hong, Seng Phil ; Ahn, Gail-Joon ; Xu, Wenjuan. / Access control management for SCADA systems. In: IEICE Transactions on Information and Systems. 2008 ; Vol. E91-D, No. 10. pp. 2449-2457.
@article{3d4d1710c6034cf99ca32d1166171f3a,
title = "Access control management for SCADA systems",
abstract = "The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on proprietary and legacy environments to more open and consolidated ones. Supervisory Control and Data Acquisition (SCADA) systems have been widely used not only for industrial processes but also for some experimental facilities. Due to the nature of open environments, managing SCADA systems should meet various security requirements since system administrators need to deal with a large number of entities and functions involved in critical infrastructures. In this paper, we identify necessary access control requirements in SCADA systems and articulate access control policies for the simulated SCADA systems. We also attempt to analyze and realize those requirements and policies in the context of role-based access control that is suitable for simplifying administrative tasks in large scale enterprises.",
keywords = "Access control, Security policy, Supervisory control and data acquisition (SCADA)",
author = "Hong, {Seng Phil} and Gail-Joon Ahn and Wenjuan Xu",
year = "2008",
month = "10",
doi = "10.1093/ietisy/e91-d.10.2449",
language = "English (US)",
volume = "E91-D",
pages = "2449--2457",
journal = "IEICE Transactions on Information and Systems",
issn = "0916-8532",
publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
number = "10",

}

TY - JOUR

T1 - Access control management for SCADA systems

AU - Hong, Seng Phil

AU - Ahn, Gail-Joon

AU - Xu, Wenjuan

PY - 2008/10

Y1 - 2008/10

N2 - The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on proprietary and legacy environments to more open and consolidated ones. Supervisory Control and Data Acquisition (SCADA) systems have been widely used not only for industrial processes but also for some experimental facilities. Due to the nature of open environments, managing SCADA systems should meet various security requirements since system administrators need to deal with a large number of entities and functions involved in critical infrastructures. In this paper, we identify necessary access control requirements in SCADA systems and articulate access control policies for the simulated SCADA systems. We also attempt to analyze and realize those requirements and policies in the context of role-based access control that is suitable for simplifying administrative tasks in large scale enterprises.

AB - The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on proprietary and legacy environments to more open and consolidated ones. Supervisory Control and Data Acquisition (SCADA) systems have been widely used not only for industrial processes but also for some experimental facilities. Due to the nature of open environments, managing SCADA systems should meet various security requirements since system administrators need to deal with a large number of entities and functions involved in critical infrastructures. In this paper, we identify necessary access control requirements in SCADA systems and articulate access control policies for the simulated SCADA systems. We also attempt to analyze and realize those requirements and policies in the context of role-based access control that is suitable for simplifying administrative tasks in large scale enterprises.

KW - Access control

KW - Security policy

KW - Supervisory control and data acquisition (SCADA)

UR - http://www.scopus.com/inward/record.url?scp=68849125194&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=68849125194&partnerID=8YFLogxK

U2 - 10.1093/ietisy/e91-d.10.2449

DO - 10.1093/ietisy/e91-d.10.2449

M3 - Article

AN - SCOPUS:68849125194

VL - E91-D

SP - 2449

EP - 2457

JO - IEICE Transactions on Information and Systems

JF - IEICE Transactions on Information and Systems

SN - 0916-8532

IS - 10

ER -