#SAFIRE-Project is presented at #ConnectedFactories Event in the „Horizontal (automation) and vertical (Cloud) Cyber-security in I4.0” Session #FOF_EU #DigitiseEU
3. Electrolux
Products connected to a cloud-based
system can be optimised through a
reconfiguration process i.e. Cloud-driven
product optimisation
OAS
Optimise production processes and
preventive maintenance activities through
reconfiguration of processes based on Big
Data analysis in the Cloud
ONA
Improvements in Adaptive Machining, Part
Quality and Sustainability, based on
analysing machine usage behaviour
compared to nominal machine usage
behaviour
ATB SAFIRE Project Oveview 3
Case Studies
6. SAFIRE
Manufacturer / Factory
Optimisation
&
Reconfigurati
on Engine
Situation
Determinat
ion
Services
Predictive
Analytics
Engine
Reconfigurati
on Quality
Evaluation
Services
ReconfigurationInterfaces
Secure SAFIRE infrastructure
Connected Product
Network
&Event-driven Data Ingestion Situation Monitoring Services
Security in SAFIRE
ATB SAFIRE Project Oveview 6
7. ATB SAFIRE Project Oveview 7
Security Services in SAFIRE Scenario
Figure 3: SAFIRE initial concept
Figure 4 depicts the different aspects of the SAFIRE generic scenario. Each of the
scenario elements are described in the following sections
8. Protection of Data at Rest
Protection of Data in Transit
Ability to express access control needs
Comprehensible global policy with
effective enforcement mechanism
LINK: SAFIRE solution infrastructure
link with security framework
Application components
Architecture
ATB SAFIRE Project Oveview 8
Key Requirements and
Links to Other Components
9. Use Industrial Internet Consortium’s IIoT Security Framework
(IISF)
Security Methodology
Identify assets to be protected
Identify threats /organisational policy / assumptions on environm’t
Identify security objectives and requirements
Select security technologies to meet requirements
Extend and integrate selected technologies to Security Framework
Provide security guidance to users and administrators
Security Services
Flexible access control policy specification language
Centralised policy administration / policy decision point
Distributed policy enforcement points
Protection of Data at Rest (DAR)
Protection of Data in Transit (DIT)
ATB SAFIRE Project Oveview 9
SAFIRE Security Framework
10. IISF – security framework and ref architecture
Use as a blueprint for completeness of security
approach
NGAC – for security policy and enforcement
Make more universal by making the Policy
Enforcement Points and Policy Query Interfaces
(Policy Server) into Web services
Construct an easily portable implementation of
an NGAC Security Policy Server
Delegate PEP and RAP to system developers
Key Characteristics Audit
Use of features within chosen impl technologies
Perform security feature audit to support
confidence in security solution
ATB SAFIRE Project Oveview 10
Development Approach
11. ATB SAFIRE Project Oveview 11
Next Generation Access Control
Functional Architecture
Policy Enforcement
Point (PEP)
Policy Enforcement
Points (PEP)
PM-Aware
App
Resource-using
Applications
Policy
Decision
Point (PDP)
Policy Info
Point (PIP)
Policy Access &
Administration
Point (PAP)
Resource
Access
Point (PEP)
Resource
Access Points
(RAP)
ResourceProtected
Resources
Policy
Server
Policy
Configuration
Tool
PM-Aware
App
Resource
Managers
Resource
Servers
Policy
Enforcement
Interface
Resource
Access
Interface
Open
Interface
Access
Control
Resource
Access
Policy
Query
Interface
12. NGAC PEPs as Web services
ATB SAFIRE Project Oveview 12
SAFIRE
components
PEP WS
http req
http resp
Proxy
PEP
Web
Service
http req
http resp
Resource
Server
Data access
http req
http resp
13. Cloud-based Situational Analysis for Factories
providing Real-time Reconfiguration Services
More info: www.safire-factories.org
ATB SAFIRE Project Oveview 13