Research On Access Control Methods For Industrial Control System Based On Attributes And Blockchain

In recent years,the Industrial Control System(ICS)presents the characteristics of hierarchy,isomerization and distributed,and the security problems of ICS in the open distributed environment constantly occur.Traditional access control technology has been widely used in the field of Internet security protection,but in the ICS environment,there are problems such as insufficient real-time access control in the multi-task cooperative environment,and weak security of cross-domain access control.By improving the traditional access control model and combining with multi-attribute decision making,block chain and other technologies,this thesis mainly studies the access control methods in the process of multi-task collaboration and cross-domain data sharing under the ICS environment.An efficient and secure fine-grained access control method is proposed to improve the security protection capability of ICS.The main research work is as follows:1.In view of the problems such as the inability to carry out fine-grained access control due to various authority transfer and frequent authority changes in the collaborative environment of ICS,A multi-attribute task-based access control model(MATRBAC)Based on multi-attribute decision is proposed.Firstly,this model evaluates and analyzes multi-attribute factors such as environment,resource and task in access control by using entropy weight TOPSIS method with multi-attribute decision making algorithm,and dynamically reflects the risk value in the process of access control.Secondly,based on the user's historical access records,an algorithm to calculate the user's trust value is designed to dynamically adjust the user's access authority.Finally,the model integrates access control with organizational structure and task attributes in ICS.Experimental results show that the model can meet the requirements of dynamic permission adjustment and fine-grained access control in ICS environment,and has high security.2.In view of the problems of information leakage,performance limit and vulnerability to attack caused by traditional ICS cross-domain access that needs to be carried out on a trusted third party's centralized server,A block chain-based ICS crossdomain access control model is proposed.Firstly,the model takes advantage of the advantages of blockchain in security and decentralization,replaces the gateway with blockchain,and acts as an open and trusted cross-domain access decision-making platform.Then integrate the blockchain into the Attribute-based Access Control Architecture and use the blockchain to make authorization decisions,making crossdomain access control more fair,credible,verifiable,and decentralized.Finally,a general attribute interface for cross-domain access mapping is designed by using the attribute encryption scheme to avoid the leakage of attribute information caused by the direct mapping of attributes between different domains.Experimental results show that the proposed scheme has high efficiency and safety.3.In order to prove the feasibility of the scheme proposed in this thesis and to reduce the supervision burden of administrators,Based on the micro-service architecture,an ICS-oriented authorization and supervision system is designed and implemented.Firstly,the system modules are divided into login authentication,authority management,service gateway,configuration center and other modules.Then we use Spring Cloud to build microservices,and each service is deployed independently.Finally,using the design principle of micro-service and blockchain gateway,the microservice and the cross-domain access control scheme based on blockchain are integrated into the function-centralized gateway.The implementation and test show that the system can realize the security and stability of the dynamic authority supervision,and has good scalability and user experience.