Research And Application Of Access Control Model In EPA Network

Industrial ethernet plays a role of bridge of data transmission in industrial field.The device in industrial field is connected to the network through the Industrial Ethernet, carrying out data interaction.At the same time, a large mount of malicious illegal users are also possible access to the network through the Industrial Ethernet, stealing and tampering sensitive privacy data.As a result, user’s access behavior must be certified and restricted.Access control is one of five levels of security model established by the International Organization for Standardization(ISO).And access control is one of the main strategies to protect network security, determing whether the subject have rights to access the object,and the way the subject access the object.In this paper, access control has been studied based on EPA(Ethernet for Plant Automation) network. In order to protect the integrity of the configuration information, mandatory access control model is applied to the EPA network configuration process. HITS Algorithm is applied to determine the safety level of EPA nodes and configuration information can only be flowed from a higher security level node to a lower security level node to prevent maliciously tampering configuration information and protect the integrity of the configuration information.The T-RBAC model is applied to the workflow process tasks of EPA network.In order to facilitate operation and authorization, a form of maxtrix is proposed to show the correspondence relationships between tasks and status, status and roles, roles and permissions. Finally, the T-RBAC model is applied to EPA network clock synchronization. Task status, roles and permissions of clock synchronization process were divided. Permissions transform state machines of master clock node and slave clock node of EPA are designed, carrying out permissions dynamic allocation.Deficiencies of traditional access control models were analyzed. Attribute-based access control(ABAC) thought has been introduced to the EPA network to meet the EPA network access control requirement.In this paper, collection language was used to describe the the attributes of the subject, object, resources and environment.The consistency attribute of the EPA network was analyzed and the access control framework of ABAC of the EPA network was established. For the possible across subnets access control requirement for EPA network, adding a subnet selection system in the gateway nodes is been put forworded. Finally, the attribute-based access control is implemented in EPA network, mainly including identity recognition module, information search module and policies composition module.