HADA: Hybrid Access Decision Architecture for Building Automation and Control Systems
Industrial Control Systems (ICS) and Building Automation and Control Systems (BACS) are being deployed to enable monitoring and control of various intelligent systems like Heating, Ventilation and Air Conditioning (HVAC), safety, access and lighting systems. Each system is an integral part of the ICS and BACS, allowing for optimized industrial operations where devices interact with each other, with users and with other third party systems such as energy management. A key need when interacting
... when interacting is the controlled and trustworthy disclosure of information so that only authenticated and authorized entities can have access and control the resources of a device. However, secure authentication and authorization is not easy due to the combined distributed/centralized operation of ICS and BACS, its large scale deployment, as well as the resourceconstrained nature of sensors and actuators. This paper analyzes the security requirements and constraints in ICS/BACS and proposes the Hybrid Access Decision Architecture (HADA) to allow for interoperability between centralized and distributed access control methods. While a central party is in control of policy specification, the system also allows for the deployment of lightweight and compact access control policies to the target devices so that access control decisions can take place in a distributed manner. Our prototype that is based on 6LoWPAN/CoAP IP protocols and binary JSON access control policies shows the feasibility of our approach.