Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL
Help

22 Managing and Securing Critical Infras... > 22.3 A Policy and Trust Framework to... - Pg. 556

556 CHAPTER 22 Managing and Securing Critical Infrastructure techniques. In [15], Rogers et al. proposed an authenticated control framework for distributed voltage support on the smart grid. In this frame- work, various authentication techniques, such as digital signature [16] and HMAC [17], are used to secure the control of end-user reactive-power- capable devices to mitigate low voltage problems at the transmission system level. Metke et al. [18] discuss key security technologies for a smart grid system, including public key infrastructures and trusted computing. Another security solution for CPS is the access control method. In [19], a role-based access con- trol (RBAC) system is proposed for the dis- tributed resources in a cyber-physical system. The RBAC system uses Shibboleth [20], which is an attribute authorization service currently being used in Grids. In their latest research work, Tang et al. [21] present a method called Tru-Alarm, which 22.2.2. Policies for Security in Distributed Systems According to Sloman, policies define a relation- ship between subjects and targets [25]. Policy- based security is often used in systems where flexibility is required as users, services, and access rights change frequently, such as wireless net- works and other large-scale distributed systems. In these distributed systems, it is essential to ensure that all the heterogeneous entities behave appropriately. Therefore, policy-based security should be the most effective mechanism for dis- tributed systems, because it is possible to specify how different entities act without modifying their internal mechanisms [8]. Multiple policy languages have been studied in the past decade, such as Extensible Access Con- trol Markup Language (XACML) [26] and the Rei policy language [8]. XACML [26] is a language