Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

SAFIRE Security Concept at EFFRA Event

24 Aufrufe

Veröffentlicht am

#SAFIRE-Project is presented at #ConnectedFactories Event in the „Horizontal (automation) and vertical (Cloud) Cyber-security in I4.0” Session #FOF_EU #DigitiseEU

Veröffentlicht in: Wissenschaft
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

SAFIRE Security Concept at EFFRA Event

  1. 1. Cloud-based Situational Analysis for Factories providing Real-time Reconfiguration Services ATB SAFIRE Project Oveview 1
  2. 2. ATB SAFIRE Project Oveview 2 Motivation
  3. 3.  Electrolux  Products connected to a cloud-based system can be optimised through a reconfiguration process i.e. Cloud-driven product optimisation  OAS  Optimise production processes and preventive maintenance activities through reconfiguration of processes based on Big Data analysis in the Cloud  ONA  Improvements in Adaptive Machining, Part Quality and Sustainability, based on analysing machine usage behaviour compared to nominal machine usage behaviour ATB SAFIRE Project Oveview 3 Case Studies
  4. 4. ATB SAFIRE Project Oveview 4 SAFIRE Concept
  5. 5. SAFIRE Security Framework ATB SAFIRE Project Oveview 5
  6. 6. SAFIRE Manufacturer / Factory Optimisation & Reconfigurati on Engine Situation Determinat ion Services Predictive Analytics Engine Reconfigurati on Quality Evaluation Services ReconfigurationInterfaces Secure SAFIRE infrastructure Connected Product Network &Event-driven Data Ingestion Situation Monitoring Services Security in SAFIRE ATB SAFIRE Project Oveview 6
  7. 7. ATB SAFIRE Project Oveview 7 Security Services in SAFIRE Scenario Figure 3: SAFIRE initial concept Figure 4 depicts the different aspects of the SAFIRE generic scenario. Each of the scenario elements are described in the following sections
  8. 8.  Protection of Data at Rest  Protection of Data in Transit  Ability to express access control needs  Comprehensible global policy with effective enforcement mechanism  LINK: SAFIRE solution infrastructure link with security framework  Application components  Architecture ATB SAFIRE Project Oveview 8 Key Requirements and Links to Other Components
  9. 9.  Use Industrial Internet Consortium’s IIoT Security Framework (IISF)  Security Methodology  Identify assets to be protected  Identify threats /organisational policy / assumptions on environm’t  Identify security objectives and requirements  Select security technologies to meet requirements  Extend and integrate selected technologies to Security Framework  Provide security guidance to users and administrators  Security Services  Flexible access control policy specification language  Centralised policy administration / policy decision point  Distributed policy enforcement points  Protection of Data at Rest (DAR)  Protection of Data in Transit (DIT) ATB SAFIRE Project Oveview 9 SAFIRE Security Framework
  10. 10.  IISF – security framework and ref architecture  Use as a blueprint for completeness of security approach  NGAC – for security policy and enforcement  Make more universal by making the Policy Enforcement Points and Policy Query Interfaces (Policy Server) into Web services  Construct an easily portable implementation of an NGAC Security Policy Server  Delegate PEP and RAP to system developers  Key Characteristics Audit  Use of features within chosen impl technologies  Perform security feature audit to support confidence in security solution ATB SAFIRE Project Oveview 10 Development Approach
  11. 11. ATB SAFIRE Project Oveview 11 Next Generation Access Control Functional Architecture Policy Enforcement Point (PEP) Policy Enforcement Points (PEP) PM-Aware App Resource-using Applications Policy Decision Point (PDP) Policy Info Point (PIP) Policy Access & Administration Point (PAP) Resource Access Point (PEP) Resource Access Points (RAP) ResourceProtected Resources Policy Server Policy Configuration Tool PM-Aware App Resource Managers Resource Servers Policy Enforcement Interface Resource Access Interface Open Interface Access Control Resource Access Policy Query Interface
  12. 12. NGAC PEPs as Web services ATB SAFIRE Project Oveview 12 SAFIRE components PEP WS http req http resp Proxy PEP Web Service http req http resp Resource Server Data access http req http resp
  13. 13. Cloud-based Situational Analysis for Factories providing Real-time Reconfiguration Services More info: www.safire-factories.org ATB SAFIRE Project Oveview 13