Sangsig Kim

A survey of communication network paradigms for substation automation

In the realm of substation automation (SA), communication infrastructure plays a vital role in mediating between physical and virtual worlds of substation. Specification of data exchanges through standardized communication stacks is therefore an important issue for all substation equipment manufacturers seeking to provide vendor interoperability. Nowadays competitive electric utility marketplace, reliable and real-time information become the key factor for reliable delivery of power to the end- users, profitability of the electric utility and customer satisfaction. The operational and commercial demands of electric utilities require a high-performance data communication network that supports both existing functionalities and future operational requirements. As communication arena is changing day by day, the need for efficient and reliable communication infrastructure to address SA is evident. In this respect, a communication network constitutes the core of the SA, thus the design of cost-effective and reliable network architecture is a crucial task. Most of the existing communication networks claim to address the need of communication architecture for SA but in some regard these claims just could not fulfill the constraints imposed by highly available environment for SA. This paper presents a survey and analysis of the current state-of-the-art communication infrastructure in the SA. As Ethernet technology becomes more reliable and also widely available with fiber optical communication so this paper also examines the key issues and requirements for Ethernet in the substation environment and also opens some research challenges.

A feature-based approach for modeling role-based access control systems

Abstract: Role-based access control (RBAC) is a popular access control model for enterprise systems due to its flexibility and scalability. There are many RBAC features available, each providing a different function. Not all features are needed for an RBAC system. Depending on the requirements, one should be able to configure features on a need basis, which reduces development complexity and thus fosters development. However, there have not been suitable methods that enable systematic configuration of RBAC features for system development. This paper presents an approach for configuring RBAC features using a combination of feature modeling and UML modeling. Feature modeling is used for capturing the structure of features and configuration rules, and UML modeling is used for defining the semantics of features. RBAC features are defined based on design principles of partial inheritance and compatibility, which facilitates feature composition and verification. We demonstrate the approach using a banking application and present tool support developed for the approach.

Optimized Security Algorithm for IEC 61850 based Power Utility System

As power grids are integrated into one big umbrella (i.e., Smart Grid), communication network plays a key role in reliable and stable operation of power grids. For successful operation of smart grid, interoperability and security issues must be resolved. Security means providing network system integrity, authentication, and confidentiality service. For a cyber-attack to a power grid system, which may jeopardize the national security, vulnerability of communication infrastructure has a serious impact on the power grid network. While security aspects of power grid network have been studied much, security mechanisms are rarely adopted in power gird communication network. For security issues, strict timing requirements are defined in IEC 61850 for mission critical messages (i.e., GOOSE). In this paper, we apply security algorithms (i.e., MD-5, SHA-1, and RSA) and measure their processing time and transmission delay of secured mission critical messages. The results show the algorithms satisfying the timing requirements defined in IEC 61850 and we observer the algorithm that is optimal for secure communication of mission critical messages. Numerical analysis shows that SHA-1 is preferable for secure GOOSE message sending.

QVT-Based Model Transformation to Support Unification of IEC 61850 and IEC 61970

A smart grid is an electrical power grid infrastructure for improved efficiency, reliability, and safety based on automated monitoring and control of data and communication. IEC 61850 and IEC 61970 are core standards in the smart-grid domain for substation automation and power operation management. There are significant data exchanges involved between the IEC 61850 level and the IEC 61970 level, which require high compatibility between the two standards. However, due to different perspectives and independent evolution, IEC 61850 and IEC 61870 are not compatible and practitioners have to come up with their own data mapping for the standards in an ad-hoc manner. This has led to significant issues on interoperability and data consistency in smart grids. An effective solution for this is to define a common semantic model of the standards and provide a systematic transformation method for transforming a model of the standards to a model of the common semantic model. In this paper, we present a metamodeling approach for unifying IEC 61850 and IEC 61970 and transforming models using query/view/transformation (QVT). We demonstrate the approach using a power transformer example.

A verifiable modeling approach to configurable role-based access control

Role-based access control (RBAC) is a popular access control model for enterprise systems due to its economic benefit and scalability. There are many RBAC features available, each providing a different feature. Not all features are needed for an RBAC system. Depending on the requirements, one should be able to configure RBAC by selecting only those features that are needed for the requirements. However, there have not been suitable methods that enable RBAC configuration at the feature level. This paper proposes an approach for systematic RBAC configuration using a combination of feature modeling and UML modeling. The approach describes feature modeling and design principles for specifying and verifying RBAC features and a composition method for building configured RBAC. We demonstrate the approach by building an RBAC configuration for a bank application.

A Feature-Based Modeling Approach for Building Hybrid Access Control Systems

Role-Based Access Control (RBAC) and Mandatory Access Control (MAC) are widely used access control models. They are often used together in domains where both data integrity and information flow are concerned. There is much work on combined use of RBAC and MAC policies at the kernel level, which focuses on enforcing hybrid policies at run-time. However, there is little work on techniques for developing hybrid systems of RBAC and MAC from a development perspective. In this work, we present a feature-based modeling approach for developing hybrid access control systems. In the approach, RBAC and MAC are designed in terms of features and features are configured based on requirements. Configured features are then composed to produce a design model that supports hybrid access control. The approach enables systematic development of hybrid systems of RBAC and MAC and reduces development complexity and errors through need-based configuration of features in early development phases. We use a hospital system to demonstrate the approach. Tool support for the approach is also discussed.

Communication Networks for Interoperability and Reliable Service in Substation Automation System

The IEC 61850 presents the international standard for communication networks and systems in substations. The standard discusses the detail of the requirements and the architecture of substation automation system as well as data type and format. The TEC 61850 will substitute the traditional hardwired analog communication network using up- to-date communication protocols for interoperability and reliable service. Basically all IEDs are connected through TCP/UDP and IP over Ethernet based LAN to exchange data. Thanks to the Ethernet frame, we can deploy any type of advanced communication technology for communication in substation. This paper discusses the technical issues associated with the communication networks integration in detail. We consider the possible topologies in Ethernet architecture with the topic in the discussion of the pros and cons of their architecture, and the required functionality of each network elements in detail. Several data types, e.g., GOOSE, time synchronization, and FTP, which uses different protocol stack, are used in substation system with their own delay requirements. Communication profiles for these services are discussed in this paper. We also present the system configuration, requirements, and architecture of the system. We establish a guideline to build a communication networks in substation automation system based on IEC 61850 and presents the ad-hoc based architecture for survivable substation automation system.

A metamodeling approach to unifying IEC 61850 and IEC 61970

A smart grid is an electrical power grid infrastructure for improved efficiency, reliability, and safety based on automated monitoring and control of data and communication. IEC 61850 and IEC 61970 are core standards in the smart grid domain for substation automation and power operation management. Significant data exchange is involved between the IEC 61850 level and the IEC 61970 level. However, due to different perspectives on smart grid and independent evolution, IEC 61850 and IEC 61970 are not compatible. This forces practitioners to come up with their own data mappings between the standards in an ad-hoc manner, which leads to significant issues on interoperability and data consistency. An effective solution for this is to define a common semantic model for both substation automation and operation management. In this paper, we present a metamodeling approach for unifying IEC 61850 and IEC 61970 to provide a common semantic model and demonstrate the approach using a power transformer example.

Building hybrid access control by configuring RBAC and MAC features

Abstract Context Role-Based Access Control (RBAC) and Mandatory Access Control (MAC) are widely used access control models. They are often used together in domains where both data integrity and information flow are concerned. However, there is little work on techniques for building hybrid access control of RBAC and MAC. Objective In this work, we present a systematic approach for developing a hybrid access control model using feature modeling with the aim of reducing development complexity and error-proneness. Method In the approach, RBAC and MAC are defined in terms of features based on partial inheritance. Features are then configured for specific access control requirements of an application. Configured features are composed homogeneously and heterogeneously to produce a hybrid access model for the application. The resulting hybrid model is then instantiated in the context of the application to produce an initial design model supporting both RBAC and MAC. We evaluate the approach using a hospital system and present its tool support. Results RBAC and MAC features that are specifically configured for the application are systematically incorporated into a design model. The heterogeneous features of RBAC and MAC are not only present in the resulting model, but also semantically composed for seamless integration of RBAC and MAC. Discharging the proof obligations of composition rules to the resulting model proves its correctness. The successful development of the prototype demonstrates its practicality. Conclusion Features in the access control domain are relatively small in size and are suitable to be defined as design building blocks. The formal definition of partial inheritance and composition methods in the presented approach enables precisely specifying access control features and feature configuration, which paves the way for systematic development of a hybrid access control model in an early development phase.