Modeling access control for cyber-physical systems using reputation

The emergence of Cyber-Physical Systems (CPSs) heralds the ubiquitous and autonomous globally interconnected networks of embedded devices with their own means of interaction with the physical environment. The complex interactions with the physical environment significantly increase security risks. Especially, for mission-critical CPSs, sensitive data are closely related to security issues and are accessed only by authorized users. Role based access control is an essential component for protecting CPSs from unauthorized access. However, existing mechanisms are inadequate. We argue that role assignment should not depend on the remaining energy of a node but its reputation. This paper proposes a role-based access control model, R2BAC, for CPSs using reputation. The definitions and evaluation metrics of trust and reputation are given in order to evaluate the behavior of the nodes. Then reputation evaluation scheme and role assignment scheme are presented, respectively. In addition, we give the proofs of correctness and complexity analysis for R2BAC. Eventually, a wide set of simulations are provided to evaluate its performance.

Graphical abstractThis paper proposes a reputation-based RBAC access control model to enhance the security of CPSs. Trust based reputation is employed to evaluate the nodes’ behavior in the past transactions. The proofs, analyses and experiments performed in this paper show that the performance of access models not depend on AEC but the reputation of nodes in CPSs.Figure optionsDownload full-size imageDownload as PowerPoint slideHighlights► We model access control for CPSs using reputation. ► Nodes’ reputation information can enhance the security and network performance of CPSs. ► The influences of different configure values on the results are also studied.