Безопасность информационных технологий (Sep 2024)

Access control model in ICS

  • Muhannad O. Zaid Alkilani,
  • Irina V. Mashkina

DOI
https://doi.org/10.26583/bit.2024.3.06
Journal volume & issue
Vol. 31, no. 3
pp. 124 – 136

Abstract

Read online

The purpose of this article is to develop a model for an access control policy and to formulate a method for creating a model of information security threat scenarios in industrial control system (ICS). The results of developing an access control policy model based on role assignment are presented. This model encompasses the information assets derived from the analysis of technological processes ˗ access objects that are vital for the functioning of the industrial network. In addition to that a specific and refined list of personnel access subjects ˗ responsible for maintaining production technological processes within the ICS context is provided. Furthermore, a hierarchy of user roles has been constructed, wherein the role of a super user, possessing all privileges, has been excluded, and an access differentiation matrix has been developed. The model can be utilized in the development of a customized access differentiation policy within the scope of administrative policies of information security. The article formulates a way for EPC-modelling of scenarios depicting the implementation of information security threats. These scenarios outline the stages of complex multi-component attacks targeting the objects of the ICS. It depicts situations where cybercriminals infiltrate the external subnet ˗ the enterprise network ˗ and subsequently penetrate the internal industrial network, violating access management policies. An example illustrating the construction of a threat scenario targeting an OPC-server based on EPC-model is provided. This example delineates the tactics and techniques employed by cybercriminals, leading to the realization of a security incident from the Threats Data Bank. The method for constructing scenarios enables the visual representation of the sequence of actions undertaken by attacker. This sequence involves the exploitation of vulnerabilities and techniques, as well as the resultant events that influence the progression of the attack. SIEM (Security Information and Event Management) can be constructed to detect sequences of events identified using EPC-modeling. Therefore, the developed scenarios will contribute to timely detection and appropriate response during the early stages of cyberattack implementation.

Keywords