Security Analysis and Improvement of Data Logistics in AutomationML-Based Engineering Networks

The Automation Markup Language (AutomationML) is a concept developed in 2008 in order to provide a versatile data format for seamless exchangeability of engineering data, with the goal of simplifying the design and creation of cyber-physical production systems. Different software, such as CAD programs, shall be able to support this format. Especially in the case of collaborative work and data exchange, security can become an important issue as current approaches do not fulfill the essential security objectives necessary, meaning that authenticity, integrity, and confidentiality of the stored files are not ensured from the start of product design to the end product. This raises questions not only about the confidentiality of company information but also about the safety of production lines and end products. Leakage of confidential information (e.g., construction plans), leading to unintended spread of know-how, can be an expensive consequence. Unauthorized and undetected (malicious) modifications may even lead to faults in end products, availability issues, or serious accidents within the production line. This chapter focuses on the demonstration of open issues within AutomationML-based engineering project environments. We are going to demonstrate why some kind of security layer (i.e., layer ensuring access control and privileges, as well as ensuring data integrity) is crucial when using AutomationML. Therefore, we provide assumptions about potential attacks and their potential consequences. We introduce an approach to identify and analyze assets, potential threats and vulnerabilities, resulting risks, as well as countermeasures that are relevant for ensuring the abovementioned properties: confidentiality of know-how, availability of the assets, and the integrity of relevant data.

[1]  Leyla Bilge,et al.  Before we knew it: an empirical study of zero-day attacks in the real world , 2012, CCS.

[2]  Remi Arnaud,et al.  COLLADA: Sailing the Gulf of 3D Digital Content Creation , 2006 .

[3]  Eugene H. Spafford,et al.  Understanding insiders: An analysis of risk-taking behavior , 2013, Inf. Syst. Frontiers.

[4]  Tim A. Osswald,et al.  Injection molding handbook , 2008 .

[5]  Dan Suciu,et al.  Controlling Access to Published Data Using Cryptography , 2003, VLDB.

[6]  E. Hippel Cooperation between Rivals: Informal Know-How Trading , 1987 .

[7]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[8]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[9]  Andrew Grantham,et al.  Understanding one aspect of the knowledge leakage concept: people , 2006 .

[10]  Matthew McCullough,et al.  Version Control with Git: Powerful Tools and Techniques for Collaborative Software Development , 2009 .

[11]  Vijay Varadharajan,et al.  Achieving Secure Role-Based Access Control on Encrypted Data in Cloud Storage , 2013, IEEE Transactions on Information Forensics and Security.

[12]  Stephen Hailes,et al.  Security of smart manufacturing systems , 2018 .

[13]  Bo Sheng,et al.  Elliptic curve cryptography-based access control in sensor networks , 2006, Int. J. Secur. Networks.

[14]  John D. Blischak,et al.  A Quick Introduction to Version Control with Git and GitHub , 2016, PLoS Comput. Biol..

[15]  Peter G. Neumann,et al.  Risking Communications Security: Potential Hazards of the Protect America Act , 2008, IEEE Security & Privacy.

[16]  Matthias Bartelt,et al.  From Conception Phase up to Virtual Verification Using AutomationML , 2014 .

[17]  Leyla Bilge,et al.  Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat , 2012, RAID.

[18]  Rachelle Bosua,et al.  Protecting organizational competitive advantage: A knowledge leakage perspective , 2014, Comput. Secur..

[19]  Gaute Wangen,et al.  The Role of Malware in Reported Cyber Espionage: A Review of the Impact and Mechanism , 2015, Inf..

[20]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[21]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[22]  Nigel P. Smart Access Control Using Pairing Based Cryptography , 2003, CT-RSA.

[23]  Stefan Biffl,et al.  Efficient monitoring of multi-disciplinary engineering constraints with semantic data integration in the Multi-Model Dashboard process , 2014, Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA).

[24]  Rainer Drath,et al.  AutomationML - the glue for seamless automation engineering , 2008, 2008 IEEE International Conference on Emerging Technologies and Factory Automation.

[25]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[26]  Evangelos Aktoudianakis,et al.  Relationship based access control , 2016 .

[27]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[28]  R. Drath,et al.  The system-independent data exchange format CAEX for supporting an automatic configuration of a production monitoring and control system , 2008, 2008 IEEE International Symposium on Industrial Electronics.

[29]  R. L. Tucker Industrial Espionage As Unfair Competition , 1998 .

[30]  Vijay Varadharajan,et al.  Enforcing Role-Based Access Control for Secure Data Storage in the Cloud , 2011, Comput. J..