A twofold model for the analysis of access control policies in industrial networked systems

Requirements concerning the specification and correct implementation of access control policies have become more and more popular in industrial networked systems during the last years. Unfortunately, the peculiar characteristics of industrial systems often prevent the designer from taking full advantage of technologies and techniques already developed and profitably employed in other application areas. In particular, the unavailability and/or impossibility of adopting hardware (h/w) and software (s/w) mechanisms able to automatically enforce the policies defined at a high level of abstraction, often results in checking the correctness of policy implementation in the real system manually. The first step towards carrying out this cumbersome task in an automated way is the development of a model able to capture both the high level policy specification as well as the details and low-level mechanisms characterizing the actual system implementation. This paper introduces a twofold model for the description of access control policies in industrial environments aimed at coping with this requirement and which can be profitably adopted in several kinds of automated analysis.