Attribute-based Approaches for Secure Data Sharing in the Industry

Abstract: In the Industry 4.0 era, secure and efficient data sharing is vital for innovation and operational enhancement. Industry 4.0 envisions a highly connected ecosystem where machines, devices, and stakeholders collaborate in real time to optimize processes, enhance productivity, and create new value propositions. However, this surge in data-driven collaboration brings forth a critical challenge, ensuring the secure and controlled sharing of sensitive information. As organizations embrace the potential of Industry 4.0, the need for robust mechanisms to achieve key data security properties of data integrity, confidentiality, and availability, while enabling efficient data exchange becomes paramount. However, while the promise of Industry 4.0 presents promising opportunities, it also introduces a set of challenges intrinsic to data security solutions. These solutions, while promising in providing fine-grained data security, introduce complexities such as administrative overhead and substantial management efforts for the users. Striking a balance between robust security and operational ease is critical for enabling seamless data exchange within the evolving landscape of Industry 4.0.This thesis explores the realm of Attribute-based approaches to achieve the desired secure data sharing, pivotal in the digitized Industry 4.0 environment.  An overarching objective is to achieve compatibility of these data-securing mechanisms with the Industry 4.0 paradigms through the usage of attribute-based approaches. This includes the exploration of the existing solutions within the state-of-the-art and its analysis in the context of usability and practicality for industrial adoption. Access control entails the establishment of policies and mechanisms to regulate who can access specific resources or information, under what conditions, and to what extent. The study will delve into various access control models and their applicability, with a particular emphasis on Attribute-Based Access Control. Moreover, through the creation of proofs-of-concepts implementations, we explore the usability of Attribute-based Access Control (ABAC) models and policy languages, applied to different aspects of the data-sharing process.  Manageability, user-friendliness, and fine-granularity of the access control were identified as key properties for the usability of data securing technologies in industry. Hence, discovering and addressing challenges for such properties is of special focus for this thesis. In addition, this thesis explores attribute-based encryption techniques, seeking to augment data security while minimizing additional operational complexities. Moreover, this thesis also explores the implications of third-party cloud services, popular in Industry 4.0 environments, as well as third-party stakeholder data sharing to motivate the need to ensure both in-transit and at-rest data security.This thesis makes significant contributions in the domain of secure data sharing in Industry 4.0. First, it contextualizes access control within the broader data security landscape and explores state-of-the-art Attribute-Based Access Control policy languages. The research designs, evaluates, and automates ABAC models to address fine-granularity and manageability gaps, with a focus on user-friendliness for industrial adoption. Furthermore, it proposes and implements an automated management solution for integrating new data sources in Service-Oriented Architecture (SOA) industrial data-sharing applications, within the Eclipse Arrowhead Framework. This includes the innovative proposal of contractual automation of access control policies to enhance efficiency and security. Moreover, the research delves into the realm of attribute-based encryption approaches, conducting a state-of-the-art exploration and gap analysis, with a special focus on uncovering the adoption barriers associated with this technology.  Lastly, the thesis designs, implements, and evaluates an ABAC-Enabled ABE solution architecture, covering the discovered gaps, and offering an expressive and user-friendly approach to secure data sharing. These contributions collectively advance the field of data security and access control in the context of Industry 4.0 and similar evolving industrial landscapesThe research indicated that Attribute-based approaches hold promise for practical data protection at rest through access control mechanisms, especially within fine-grained policies. The study explores ABAC in a graph-based policy language, Next-generation Access Control (NGAC), showcasing its potential for reducing administrative workload related to policy management. Simplified policy creation and expression enhance the ease of model implementation. These insights extend to ABE, highlighting the value of delegating attribute management for reduced administrative complexity and improved expressiveness within ABE schemes. This approach allows for automation techniques developed for ABAC policy management to be translated into ABE schemes.