Modeling access control for cyber-physical systems using reputation

The emergence of Cyber-Physical Systems (CPSs) heralds the ubiquitous and autonomous globally interconnected networks of embedded devices with their own means of interaction with the physical environment. The complex interactions with the physical environment significantly increase security risks. Especially, for mission-critical CPSs, sensitive data are closely related to security issues and are accessed only by authorized users. Role based access control is an essential component for protecting CPSs from unauthorized access. However, existing mechanisms are inadequate. We argue that role assignment should not depend on the remaining energy of a node but its reputation. This paper proposes a role-based access control model, R2BAC, for CPSs using reputation. The definitions and evaluation metrics of trust and reputation are given in order to evaluate the behavior of the nodes. Then reputation evaluation scheme and role assignment scheme are presented, respectively. In addition, we give the proofs of correctness and complexity analysis for R2BAC. Eventually, a wide set of simulations are provided to evaluate its performance. ! 2012 Elsevier Ltd. All rights reserved.