This project aims to enhance the security of energy systems and other cyber-physical systems, particularly Distributed Energy Resource (DER) systems. These systems incorporate components from various vendors and are connected to Informational Technology (IT) networks. Despite technological advances, cybersecurity concerns persist, leading to an increase in cyberattacks on energy systems. The root cause of these attacks is identified as insufficient authentication and access control.
The research focuses on addressing access control vulnerabilities in DER systems, which predominantly rely on Role-Based Access Control (RBAC). The hypothesis is that implementing a more robust access control model, specifically Attribute-Based Access Control (ABAC), could provide higher levels of protection. NIST’s Next Generation Access Control (NGAC) is selected in this research for its ability to manage policies dynamically and it is well-suited for event-based cyber-physical systems.
Project’s Latest News
Publications & Software
- Shwetha Gowdanakatte, Mahmoud Abdelgawad and Indrakshi Ray, “Security Hardening of Industrial Control Systems using Attribute Based Access Control”, In Proceedings of the 9th Annual Industrial Control System Security Workshop (ICSS@ACSAC), Austin, Texas, December 2023. Paper | Presentation
- Shwetha Gowdanakatte and Indrakshi Ray and Mahmoud Abdelgawad, “Model Based Risk Assessment and Risk Mitigation Framework for Cyber-Physical Systems“, In 5th International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, Atlanta, GA, November, 2023. Paper
- Shwetha Gowdanakatte and Indrakshi Ray and Siv Hilde Houmb, “Attribute Based Access Control Model for Protecting Programmable Logic Controllers“, In Proceedings of the 2022 Workshop on Secure and Trustworthy Cyber-Physical Systems (Sat-CPS@CODASPY), Baltimore, MD, April 2022. Paper
Our Team
Faculty Members
Students
