The Industrie 4.0 Asset Administration Shell as Information Source for Security Analysis

One of the essential concepts of the Reference Architecture Model Industrie 4.0 (RAMI4.0) is the uniform modelling of assets by means of a common meta-data model called the Asset Administration Shell (AAS). However, important practical experience with this concept is still missing, as not many use cases for the AAS have yet been implemented. Thus, practical issues within the AAS concept and respective solutions are hard to identify. In this paper, presents our experience with the implementation of an AAS use case. The AAS is used as information source to create an ontology, which is then used for security analysis. The paper discusses the use-case-specific modelling language selection and provides a practical examination of several of our implementations that use OWL and OPC UA together. Furthermore, it provides recommendations for the implementation of Asset Administration Shells for this and similar use cases.

[1]  Rainer Drath,et al.  AutomationML - the glue for seamless automation engineering , 2008, 2008 IEEE International Conference on Emerging Technologies and Factory Automation.

[2]  Jürgen Beyerer,et al.  Industrial Internet of Things supporting Factory Automation , 2016, Autom..

[3]  Christian Haas,et al.  Towards Computer-Aided Security Life Cycle Management for Critical Industrial Control Systems , 2018, CRITIS.

[4]  Martin J. Dürst,et al.  Internationalized Resource Identifiers (IRIs) , 2005, RFC.

[5]  Craig A. Knoblock,et al.  Karma: A System for Mapping Structured Sources into the Semantic Web , 2012, ESWC.

[6]  Nicole Schmidt,et al.  AutomationML in a Nutshell , 2017, Handbuch Industrie 4.0.

[7]  Mathias Ekstedt,et al.  CySeMoL: A tool for cyber security analysis of enterprises , 2013 .

[8]  Alexander Clemm,et al.  A YANG Data Model for Network Topologies , 2018, RFC.

[9]  Nahid Shahmehri,et al.  An Ontology of Information Security , 2007, Int. J. Inf. Secur. Priv..

[10]  Christian Bizer,et al.  The R2R Framework: Publishing and Discovering Mappings on the Web , 2010, COLD.

[11]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[12]  Martin J. O'Connor,et al.  SQWRL: A Query Language for OWL , 2009, OWLED.

[13]  Jürgen Beyerer,et al.  Towards the modelling of complex communication networks in AutomationML , 2017, 2017 22nd IEEE International Conference on Emerging Technologies and Factory Automation (ETFA).

[14]  Simon N. Foley,et al.  Management of security policy configuration using a Semantic Threat Graph approach , 2011, J. Comput. Secur..

[15]  Maurizio Lenzerini,et al.  TBox and ABox Reasoning in Expressive Description Logics , 1996, KR.

[16]  Martin Bjorklund,et al.  YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF) , 2010 .

[17]  Jürgen Schönwälder,et al.  Network Configuration Protocol (NETCONF) , 2011, RFC.

[18]  Thomas R. Gruber,et al.  A translation approach to portable ontology specifications , 1993, Knowl. Acquis..