A role-based access control model supporting regional division in smart grid system

Abstract

© Budapest Tech Polytechnical Institution, All rights reserved. Smart grids are modern electric power infrastructures, which incorporate elements of traditional power systems and information and communication technology (ICT), with the aim to improve the reliability, efficiency and safety requirements of critical infrastructure systems. Due to its reliance on ICT, the Smart Grid exposes electrical power systems to new vulnerabilities and security issues. Therefore, security is becoming an ever increasing concern, in the physical and ICT domain as well. Access controls are one of the most important aspects of information security and a vital element of a layered security strategy. The role-based access control (RBAC) model is widely used in complex enterprise systems which are characterized by many participants accessing the system, but with different levels of access rights depending on their specific duties and responsibilities. The existing security models, which are primarily role-based, are usually not tailored for critical infrastructure systems with specialized features, such as high numbers of equipment and devices dispersed over vast geographical regions. In order to meet the security requirements of smart grids, it is important to manage their assets on a fine level of granularity. This paper proposes an access control management system for smart grids by considering the regional division of critical assets and concept of areas of responsibility (AOR). To this end, the standardized RBAC model was extended with the aim to improve the existing access control policy with greater level of granularity from the aspect of managing electrical utilities. In this paper, we propose the RBACAOR model, which was developed and tested on the Windows operating system platform using.NET Framework role-based security, with the use of different data stores for the RBACAOR configuration, namely Active Directory (AD), AD Lightweight Directory Services (AD LDS) and Microsoft SQL Server.