Role-Based Access Control for the Large Hadron Collider at CERN
Keywords:
Software development, role-based access control, information security, equipment protectionAbstract
Large Hadron Collider (LHC) is the largest scientific instrument ever created. It was built with the intention of testing the most extreme conditions of the matter. Taking into account the significant dangers of LHC operations, European Organization for Nuclear Research (CERN) has developed multi-pronged approach for machine safety, including access control system. This system is based on rolebased access control (RBAC) concept. It was designed to protect from accidental and unauthorized access to the LHC and injector equipment. This paper introduces the new model of the role-based access control developed at CERN and gives detailed mathematical description of it. We propose a new technique called dynamic authorization that allows deploying RBAC gradually in the large systems. Moreover, we show how the protection for the very large distributed equipment control system may be implemented in efficient way. This paper also describes motivation of the project, requirements and overview of the main components: authentication and authorization.References
CERN: Why the LHC. http://public.web.cern.ch/public/en/LHC/WhyLHC-en.html (2008), Accessed 1 August 2009.
Wikipedia: Large Hadron Collider. http://en.wikipedia.org/wiki/Large_Hadron_Collider (2008), Accessed 1 August 2009.
CERN: What is LHCb. CERN FAQ LHC: the guide. CERN Communication Group. http://cdsmedia.cern.ch/img/CERN-Brochure-2008-001-Eng.pdf (2008). Accessed 9 December 2008.
Wenninger J.: Operational challenges of the LHC. http://irfu.cea.fr/Phocea/file.php?class=std&file=Seminaires/1595/Dapnia-Novc07-partB.ppt. (2007), Accessed 1 August 2009
Wikipedia: Role Based Access Control, http://en.wikipedia.org/wiki/Role_based_access_control(2009), Accessed 1 August 2009
Petrov A., Schumann C., Gysin S.: User Authentication for Role-Based Access Control. Proceedings of ICALEPCS 2007
Ferraiolo D.F., Kuhn D.R.: Role Based Access Control. 15th National Computer Security Conference, Baltimore, USA, (1992)
Sandhu R., Coyne E. J., Feinstein H. L., Youman C. E.: Role-Based Access Control Models. IEEE Computer 29 (2): 38-47, (1996) http://dx.doi.org/10.1109/2.485845
Sandhu R., Ferraiolo D.F., Kuhn D.R.: The NIST Model for Role Based Access Control: Toward a Unified Standard, 5th ACM Workshop Role-Based Access Control, 47-63, (2000) http://dx.doi.org/10.1145/344287.344301
Ferraiolo D.F., Cugini J.A., D. Kuhn D.R.: Role-Based Access Control (RBAC): Features and Motivations. Proceedings of 11th Annual Computer Security Application Conference, New Orleans, LA, 241-248, (1995)
Gysin S., Kostro K., Kruk G., Lamont M., Lueders S., SliwinskiW., Charrue P.: Role-Based Access for the Accelerator Control System in the LHC Area - Requirements, EDMS Id 769302, (2006)
Charrue P. et al.: Role Based Access Control for the Accelerator Control System in the LHC Era - Design. EDMS Id 805654, (2007)
Kostro K., Baggiolini V., Calderini F., Chevrier F., Jensen S., Swoboda R., Trofimov N.: Controls Middleware - the New Generation, EPAC, Paris, France, p. 2028. (2002)
Kostro K., Gajewski W., Gysin S.: Role-Based Authorization in Equipment Access at CERN. Proceedings of ICALEPCS, (2007)
Published
Issue
Section
License
ONLINE OPEN ACCES: Acces to full text of each article and each issue are allowed for free in respect of Attribution-NonCommercial 4.0 International (CC BY-NC 4.0.
You are free to:
-Share: copy and redistribute the material in any medium or format;
-Adapt: remix, transform, and build upon the material.
The licensor cannot revoke these freedoms as long as you follow the license terms.
DISCLAIMER: The author(s) of each article appearing in International Journal of Computers Communications & Control is/are solely responsible for the content thereof; the publication of an article shall not constitute or be deemed to constitute any representation by the Editors or Agora University Press that the data presented therein are original, correct or sufficient to support the conclusions reached or that the experiment design or methodology is adequate.
