Secure Granular Interoperability with OPC UA
ISSN der Zeitschrift
INFORMATIK 2019: 50 Jahre Gesellschaft für Informatik – Informatik für Gesellschaft (Workshop-Beiträge)
Standardization of Industry 4.0 Automation and Control Systems
Gesellschaft für Informatik e.V.
Open Platform Communications Unified Architecture (OPC UA) is the communication standard earmarked for future industrial automation, particularly for the Industry 4.0 (I4.0) infrastructure where it provides the key services for interoperability and built-in communication security. OPC UA defines several models for these services and has already been deployed by industrial partners in their efforts to achieve I4.0 market readiness and to provide more robust systems. Of particular interest is the security services offered by OPC UA, as they are expected to strengthen the security posture of industrial automation systems, which have so far suffered a number of sophisticated cyber-attacks. In general, cyber-attacks are more severe based on the level of access acquired by the attacker, for example, an attacker with unrestricted administrative level access can issue more powerful commands. It is safe to say then that a more stringent access control security concept can offer systems greater protection from unauthorized access. Several access control models exist, which are categorized under two headings discretionary (data owners/users set the access control rules) and non-discretionary (security administrators control the access granted to users). Here, a non-discretionary access control model, namely the attributebased access control (ABAC) model is compared to the role-based access control (also nondiscretionary) typically assumed with OPC UA, to ascertain how a more granular security structure with ABAC could provide additional security advantages for industry.