A Robust Implementation Of A Building Resources Access Rights Management System
| Autor: | E. Neagoe, V. Balanica |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2015 |
| Předmět: | |
| DOI: | 10.5281/zenodo.1100323 |
| Popis: | A Smart Building Controller (SBC) is a server software that offers secured access to a pool of building specific resources, executes monitoring tasks and performs automatic administration of a building, thus optimizing the exploitation cost and maximizing comfort. This paper brings to discussion the issues that arise with the secure exploitation of the SBC administered resources and proposes a technical solution to implement a robust secure access system based on roles, individual rights and privileges (special rights). {"references":["\"Basics of BACnet\", http://kargs.net, 2014.","ANSI/ASHRAE STANDARD Addendum 135-2001, \"BACnet ® — A\nData Communication Protocol for Building Automation,\" 2004.","Contemporary Control Systems Inc., \"BAS automation - Building on\nBACnet,\" 2013.","Z. W. Z. Wang, X. L. X. Liu, and S. W. S. Wu, BACnet intelligent home\nsupervisory control system based on multi-agent, vol. 2. 2005, pp. 761–\n764.","W. Kastner, G. Neugschwandtner, S. Soucek, and H. M. Newman,\n\"Communication Systems for Building Automation and Control,\" vol.\n93, no. 6, 2005.","R. H. Weber, \"Internet of Things – New security and privacy\nchallenges,\" Comput. Law Secur. Rev., vol. 26, no. 1, pp. 23–30, Jan.\n2010.","R. Ausanka-Cures, \"Methods for access control: advances and\nlimitations,\" Harvey Mudd Coll., 2001.","E. Lee, \"Cyber Physical Systems: Design Challenges,\" 2008 11th IEEE\nInt. Symp. Object Component-Oriented Real-Time Distrib. Comput., pp.\n363–369, May 2008.","D. Basin, M. Clavel, J. Doser, and M. Egea, \"Automated analysis of\nsecurity-design models,\" Inf. Softw. Technol., vol. 51, no. 5, pp. 815–\n831, May 2009.\n[10] S. D. Gribble, \"Robustness in complex systems,\" Proc. Eighth Work.\nHot Top. Oper. Syst., pp. 21–26.\n[11] D. Ferraiolo and D. Kuhn, \"Role-based access controls,\" Natl. Comput.\nSecur. Conf., no. 15, pp. 554–563, 1992.\n[12] R. S. Sandhu, D. Ferraiolo, and R. Kuhn, \"The NIST Model for Role-\nBased Access Control: Towards A Unified Standard,\" in 5th ACM\nWorkshop on Role Based Access Control, 2012, pp. 47–63.\n[13] R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, \"Role-\nBased Access Control Models,\" IEEE Comput., vol. 29, no. 2, pp. 38–\n47, 1996.\n[14] M. Nyanchama and S. Osborn, \"Access Rights Administration in Role-\nBased Security Systems,\" DBSec, pp. 1–23, 1994.\n[15] S. Osborn, R. Sandhu, and Q. Munawer, \"Configuring role-based access\ncontrol to enforce mandatory and discretionary access control policies,\"\nACM Trans. Inf. Syst. Secur., vol. 3, no. 2, pp. 85–106, May 2000.\n[16] M. Nyanchama and S. Osborn, \"Modeling Mandatory Access Control in\nRole-Based Security Systems,\" DBSec, no. 1990, 1995.\n[17] D. R. Kuhn, E. J. Coyne, and T. R. Weil, \"Adding Attributes to Role-\nBased Access Control,\" Computer (Long. Beach. Calif)., vol. 43, no. 6,\npp. 79–81, Jun. 2010.\n[18] D. Kuhn, \"Vulnerability hierarchies in access control configurations,\"\nSafe Config, IEEE, 2011.\n[19] G. Stoneburner, C. Hayden, and A. Feringa, \"Engineering Principles for\nInformation Technology Security (A Baseline for Achieving Security),\nRevision A\", 2004.\n[20] K. M. Khan and J. Han, \"Assessing security properties of software\ncomponents: a software engineer's perspective,\" Aust. Softw. Eng. Conf.\nASWEC06, p. 10 pp.–210, 2006.\n[21] H. A. Weber, \"Role-Based Access Control: The NIST Solution,\" InfoSec\nRead. Room, SANS Inst., 2003.\n[22] N. Kern, C. Kesavan, and A. Daswani, \"Foundations of Security,\"\nFoundations of Security. Apress, pp. 3–24, 2007.\n[23] A. Josang, B. AlFayyadh, T. Grandison, M. AlZomai, and J. McNamara,\nSecurity Usability Principles for Vulnerability Analysis and Risk\nAssessment, no. December. Ieee, 2007, pp. 269–278.\n[24] D. R. Raymond and S. F. Midkiff, Denial-of-Service in Wireless Sensor\nNetworks: Attacks and Defenses, vol. 7, no. 1. IEEE, 2008, pp. 74–81.\n[25] L. Meyer and W. T. Penzhorn, Denial of service and distributed denial\nof service-today and tomorrow, vol. 2. 2004.\n[26] R. K. Guha, Z. Furqan, and S. Muhammad, Discovering Man-in-the-\nMiddle Attacks in Authentication Protocols. Ieee, 2007, pp. 1–7.\n[27] B. Aziz and G. Hamilton, Detecting Man-in-the-Middle Attacks by\nPrecise Timing, vol. 0. Ieee, 2009, pp. 81–86.\n[28] A. M. Hagalisletto, Errors in Attacks on Authentication Protocols. 2007,\npp. 223 –229.\n[29] P. R. Babu, D. L. Bhaskari, and C. Satyanarayana, \"A Comprehensive\nAnalysis of Spoofing,\" Int. J. Adv. Comput. Sci. Appl., vol. 1, no. 6, pp.\n157–162, 2010.\n[30] R. Weber and R. Weber, Internet of things: legal perspectives. Springer-\nVerlag Berlin Heidelberg, 2010."]} |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|