Trustworthy configuration management for networked devices using distributed ledgers
| Autor: | Holger Kinkelin, Valentin Hauner, Georg Carle, Heiko Niedermayer |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
Networking and Internet Architecture (cs.NI)
FOS: Computer and information sciences Configuration management Computer Science - Cryptography and Security Traceability business.industry Computer science Separation of concerns Control (management) Information technology 020206 networking & telecommunications 02 engineering and technology Computer security computer.software_genre Computer Science - Networking and Internet Architecture 0202 electrical engineering electronic engineering information engineering Process control 020201 artificial intelligence & image processing business Cryptography and Security (cs.CR) Byzantine fault tolerance computer Building automation |
| Zdroj: | NOMS |
| DOI: | 10.1109/noms.2018.8406324 |
| Popis: | Numerous IoT applications, like building automation or process control of industrial sites, exist today. These applications inherently have a strong connection to the physical world. Hence, IT security threats cannot only cause problems like data leaks but also safety issues which might harm people. Attacks on IT systems are not only performed by outside attackers but also insiders like administrators. For this reason, we present ongoing work on a configuration management system (CMS) that provides control over administrators, restrains their rights, and enforces separation of concerns. We reach this goal by conducting a configuration management process that requires multi-party authorization for critical configurations to achieve Byzantine fault tolerance against attacks and faults by administrators. Only after a configuration has been authorized by multiple experts, it is applied to the targeted devices. For the whole configuration management process, our CMS guarantees accountability and traceability. Lastly, our system is tamper-resistant as we leverage Hyperledger Fabric, which provides a distributed execution environment for our CMS and a blockchain-based distributed ledger that we use to store the configurations. A beneficial side effect of this approach is that our CMS is also suitable to manage configurations for infrastructure shared across different organizations that do not need to trust each other. Author's version -- Final paper to appear in proceedings of 2018 IEEE/IFIP International Workshop on Decentralized Orchestration and Management of Distributed Heterogeneous Things (DOMINOS) co-located with the Network Operations and Management Symposium (NOMS) |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|