Mikel Uriarte

Enhanced multi-domain access control for secure mobile collaboration through Linked Data cloud in manufacturing

Collaborative networked organizations represent an important paradigm to help manufacturing companies to cope with the challenges of market turbulence. However, although manufacturing companies are increasingly aiming to implement mobile collaboration models, there are still some barriers that prevent manufacturers from effectively sharing big data leveraged in particular by the use of Internet of Things technologies. These barriers are basically related to the lack of security controls and lightweight data management enablers that would guarantee the protection of sensitive information published on the Linked Data cloud and leverage customers from the burden of linked data sharing. The aim of this paper is to present and discuss the industrial application of the necessary extensions to traditional role-based multi-domain access control approaches to enable secure and mobile collaboration among manufacturing enterprises in logistic, manufacturing and e-Commerce processes in the context of the Web of Data.

Integrated and Personalised Risk Management in the Sensing Enterprise

Due to its impact on economy, resources, environment and society, manufacturing is of strategic value to Europe. European manufacturing has to embrace a new logic of global socioeconomic sustainability, in which it addresses not only the welfare of its population, but also of emerging economies, contributing at the same time to the preservation of the environment and the resources. Megatrends that have a considerable impact on European manufacturing are:

ComVantage: Mobile Enterprise Collaboration Reference Framework and Enablers for Future Internet Information Interoperability

Future Internet Networked Enterprise Systems demand enhanced collaboration and mobility support. FI technologies are fundamental for increased service differentiation and cost optimisation in manufacturing environments. However, such ICT-based capabilities are not easy to introduce, in particular to SMEs, due to high costs and complexity. To progress in more effective development of value added services based on Web 2.0 principles within a mobile enterprise collaboration context, the complexity of collaboration in terms of information management needs to be leveraged from the end-users. Linked Data (LD) provides a universal and lightweight approach for the collaboration network. However, the elaboration of collaborative business processes based on LD still needs to be properly formulated for FI systems. The aim of this paper is to present a reference architecture for mobile enterprise collaboration based on LD interoperability. Moreover, security, semantic data lifting, business process modelling interoperability and mobile app orchestration enablers are presented to facilitate trustful and effective inter-organisational collaboration.

Flexibility vs. security in linked enterprise data access control graphs

Linked Data offers easy extensibility and interoperability of information spaces. This provides a great potential for industrial companies allowing to share information with partners in a virtual enterprise. Hence, together they can become faster and more flexible which results in an advantage in the market. However, there is still the barrier to protect own information with a fine grain. Access control graphs are an approach for this issue. Information is put into different views by executing infer mechanisms on role-based policy rules. Afterwards queries are automatically rewritten at runtime in order to match the generated views and provide only data from views that should be accessible by the authenticated role. This paper demonstrates the balance between flexibility and security using this approach. The amount and complexity of the policy rules are highly dependent on the information model used. However, a moderate restriction of the huge flexibility in the information modelling allows for few rules but those are powerful ones. Additionally, the approach allows can also be leveraged for consistency checking of Linked Data data structures. Thus, clients can rely on these information invariants and the information provider can rely on the fact that fine grained access is granted.

Expressive Policy-Based Access Control for Resource-Constrained Devices

Upcoming smart scenarios enabled by the Internet of Things envision smart objects that expose services that can adapt to user behavior or be managed with the goal of achieving higher productivity, often in multi-stakeholder applications. In such environments, smart things are cheap sensors (and actuators) and, therefore, constrained devices. However, they are also critical components because of the importance of the provided information. Therefore, strong security is a must. Nevertheless, existing feasible approaches do not cope well with the principle of least privilege; they lack both expressiveness and the ability to update the policy to be enforced in the sensors. In this paper, we propose an access control model that comprises a policy language that provides dynamic fine-grained policy enforcement in the sensors based on local context conditions. This dynamic policy cycle requires a secure, efficient, and traceable message exchange protocol. For that purpose, a security protocol called Hidra is also proposed. A security and performance evaluation demonstrates the feasibility and adequacy of the proposed protocol and access control model.

Enforcing security and assurance properties in cloud environment

Before deploying their infrastructure (resources, data, communications, ) on a Cloud computing platform, companies want to be sure that it will be properly secured. At deployment time, the company provides a security policy describing its security requirements through a set of properties. Once its infrastructure deployed, the company want to be assured that this policy is applied and enforced. But describing and enforcing security properties and getting strong evidences of it is a complex task. To address this issue, in [1], we have proposed a language that can be used to express both security and assurance properties on distributed resources. Then, we have shown how these global properties can be cut into a set of properties to be enforced locally. In this paper, we show how these local properties can be used to automatically configure security mechanisms. Our language is context-based which allows it to be easily adapted to any resource naming systems e.g., Linux and Android (with SELinux) or PostgreSQL. Moreover, by abstracting low-level functionalities (e.g., deny write to a file) through capabilities, our language remains independent from the security mechanisms. These capabilities can then be combined into security and assurance properties in order to provide high-level functionalities, such as confidentiality or integrity. Furthermore, we propose a global architecture that receives these properties and automatically configures the security and assurance mechanisms accordingly. Finally, we express the security and assurance policies of an industrial environment for a commercialized product and show how its security is enforced.

Implementation and Operation of Collaborative Manufacturing Networks

Collaborative networks of manufacturers, suppliers and even customers are an emerging trend in global manufacturing. Higher flexibility, shorter time to market and economic as well as technological synergies create value and strengthen the market position of such virtual enterprises. The ComVantage framework already provides a sophisticated technical approach for dynamic collaborative manufacturing networks based on semantic data, mobile app orchestration, business process modelling and sophisticated access control. This article discusses the services and processes that are necessary to implement and operate a virtual enterprise using the ComVantage framework. It identifies services and service providers, and proposes an infrastructure and a tool environment for the ComVantage approach.

Survey on Access Control Models Feasible in Cyber-Physical Systems

Security is a key aspect in the development of innovative and valuable services based on Cyber-Physical Systems (CPSs). In the last years, the research area related to CPS security has received a significant attention, dealing with the design of different architectures, security protocols, and policy models. However, beyond monitoring data publishing behavior, CPSs are expected to offer some manageability-related services, and the proper fine-grained and flexible access control model remains challenging due to both criticality and feasibility. In fact, traditional security countermeasures cannot be applied directly to any sensor in CPS scenarios, because they are too resource-consuming and not optimized for resource-deprived devices. Different access control models facing both feasibility and enforcement tightness are arising as a way to solve the mentioned issues related to resource limitations, and this study provides a deep survey on them.

Sensing Enabled Capabilities for Access Control Management

Current knowledge and assets that support organizations competitiveness must be protected. This protection is highly dependent on a proper access control management. Unfortunately, traditional access control management approaches are rigid and isolated, constrained by proprietary requirements not easily interoperable. In this chapter, a new framework approach is presented and described. It provides a flexible, open, fluid and collaborative middleware for building access control management systems, based on the Sensing Enriched Access Control (SEAC) concept. This framework establishes the principles allowing the development of an access control management system that copes with today organization’s needs. The chapter also provides a description of a real use case raised to validate the framework, as well as the laboratory results supporting its scalability.

Sensing Enabled Capabilities for Access Control Management: IoT as an Enabler for the Advanced Management of Access Control

Current knowledge and assets that support organizations competitiveness must be protected. This protection is highly dependent on a proper access control management. Unfortunately, traditional access control management approaches are rigid and isolated, constrained by proprietary requirements not easily interoperable. In this article, the ACIO framework is presented and described. It provides a flexible, open, fluid and collaborative middleware for building access control management systems, based on the Sensing Enabled Access Control (SEAC) concept. This framework establishes the principles allowing the development of an access control management system that copes with today organizations needs. The paper also provides a description of a real use case raised to validate the framework, as well as the laboratory results supporting its scalability.