The Research On Role-delegation Access Control Mechanism Based On Blockchain For Industrial Control System

The information revolution has caused tremendous changes in Industrial Control System,and the system have become more open and modern,but it also brings security risks.In response to the frequent network security incidents in Industrial Control System in recent years,researchers believe that there is a lack of security access control mechanism is the main influencing factor.Role-based access control is one of the commonly used access control methods.However,this mechanism has problems such as poor scalability,and centralized authorization servers are prone to single points of failure.Besides,with the deep integration of industrial enterprise IT networks and OT networks,users in different domains within the enterprise may need to access network resources in other domains,incorrect policy configuration and lack of flexible delegation when delegating permissions to users outside the domain will increase the risk of being attacked.In addition,some illegal behaviors of malicious internal employees,such as frequent access to system resources in a short period of time,or abuse of their own permissions,will also pose a serious threat to the system.The distributed and tamper-proof and auditing features of blockchain make it very popular in this field.In response to the above problems,based on blockchain technology and delegation-role based access control mechanism,this thesis proposes a new access control mechanism DRBAC(Delegation-Role Based Access Control)suitable for Industrial Control System.The main research work is as follows:1.In view of the frequent security incidents of Industrial Control System in recent years,this thesis studys the access control strategy,propose an access control method based on blockchain technology,analyzes various traditional access control schemes and gives the corresponding characteristics;2.Through the research of industrial enterprise network model and blockchain technology,in view of the access control problem of industrial enterprise network,the DRBAC mechanism divides the network into different domains,and formulates finegrained access strategy for each domain to prevent unauthorized users access network resources and critical data,allow users in the corporate network domain to access resources in other domain through role delegation;3.The access control strategy is implemented through smart contract,and the monitoring and logging functions of the blockchain are used to store and track key information in a safe and auditable manner,detect malicious activities by comparing users' historical behaviors and punish them accordingly;Finally,by building a private blockchain locally,this thesis tests the proposed DRBAC scheme,and analyzes the security,feasibility,and system overhead of the scheme.