FluidTrust - Enabling trust by fluid access control to data and physical resources in Industry 4.0 systems

Duration: 2020 - 2022/2023
Funded by: DFG - Deutsche Forschungsgemeinschaft (grant number: HE8596/1-1), Czech Science Foundation (GACR) (grant number: 20-24814J)
Principal Investigators:  Robert Heinrich, Petr Hnetynka
Members: (not complete yet)Tomas Bures, Robert Heinrich, Petr Hnetynka, Stephan Seifermann, Maximilian Walter
Organizations: Univerzita Karlova, Karlsruhe Institute of Technology

The digitization of industry (Industry 4.0) enacts ad-hoc cooperation between organizations in supply and production chains that goes beyond rigid hierarchical processes and increases efficiency and individualization of end-products. Modern software-intensive systems in Industry 4.0 process data in dynamic contexts with distributed and decentralized computing resources according to multiple organizational roles with different privileges to access data and physical resources. The high level of heterogeneity, complexity and dynamicity make these systems different from traditional systems as the sheer number of possible situations that may occur at runtime results in high level of uncertainty. Access control in these systems requires significant paradigm shift with respect to existing approaches. The high level of dynamicity prohibits relying on static structures and deprecates many techniques to access control specification and analysis. The uncertainty poses even more significant hurdle as it collides with the traditional interpretation and modelling of access control where access/deny decisions are sharp and fully determined. In systems plagued with uncertainty, like Industry 4.0 systems, the rigid interpretation of access control causes many problems. For example, exceptional situations like partial failure of a card reader system should not prohibit supply trucks entering a factory, even though in a strict sense, they cannot be authorized properly. To strictly forbid access in such situations following fully determined rules may result in significant loss due to stop of production and thus is not acceptable. Instead, access control (and trust in general) must be understood in “fluid” sense, and not be determined by rigid rules, but rather as continuous space where risk and loss associated with access control models and together are tied to dynamic situations. Though several works focused on context-dependent security and fuzzy rules, the connection between dynamicity (i.e., dynamically changing system structure and behaviour) and uncertainty (which not only pertains to isolated values, but takes form of uncertainty about structure, behaviour, risk and loss) creates a novel challenge which requires novel fundamental basic research approaches. FluidTrust addresses specifically this novel combination of high level of uncertainty and high level of dynamicity and aims at providing models and analysis techniques for design time specification, runtime enforcement and guarantees of access control to data and physical resources in highly dynamic and uncertain systems. The solution pursued in the project will connect approaches to fuzzy semantics with specification of dynamic access control using autonomic component ensembles with architecture-based data flows that derive confidentiality requirements. This is a joint Czech-German project.