Access Control Management for SCADA Systems

Seng-Phil HONG  Gail-Joon AHN  Wenjuan XU  

IEICE TRANSACTIONS on Information and Systems   Vol.E91-D   No.10   pp.2449-2457
Publication Date: 2008/10/01
Online ISSN: 1745-1361
DOI: 10.1093/ietisy/e91-d.10.2449
Print ISSN: 0916-8532
Type of Manuscript: PAPER
Category: Application Information Security
access control,  security policy,  supervisory control and data acquisition (SCADA),  

Full Text: PDF(1MB)>>
Buy this Article

The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on proprietary and legacy environments to more open and consolidated ones. Supervisory Control and Data Acquisition (SCADA) systems have been widely used not only for industrial processes but also for some experimental facilities. Due to the nature of open environments, managing SCADA systems should meet various security requirements since system administrators need to deal with a large number of entities and functions involved in critical infrastructures. In this paper, we identify necessary access control requirements in SCADA systems and articulate access control policies for the simulated SCADA systems. We also attempt to analyze and realize those requirements and policies in the context of role-based access control that is suitable for simplifying administrative tasks in large scale enterprises.