Björn Leander PhD Defence announcement


Title: Dynamic Access Control for Industrial Systems

Date and time: December 8, 2023, 13:00

Room: Beta (Västerås Campus)

Opponent: Marina Krotofil, PhD, ISSP, Switzerland. 


Simone Fischer-Hübner, Professor, Karlstad University, Sweden

Mikael Gidlund, Professor, Mid Sweden University, Sweden

Matthias Meyer, PhD, Fraunhofer Institute, Germany

Jakob Axelsson, Professor, Mälardalen University, Sweden (reserve)


Hans Hansson, Professor, Mälardalen University, Sweden

Aida Causevic, PhD, Mälardalen University / Alstom Rail, Sweden

Industry Mentor:

Tomas Lindström, M.Sc., ABB


Industrial automation and control systems (IACS) are taking care of our most important infrastructures, providing electricity and clean water, producing medicine and food, along with many other services and products we take for granted. The continuous, safe, and secure operation of such systems are obviously of great importance. Future iterations of IACS will look quite different from the ones we use today. Modular and flexible systems are emerging, powered by technical advances in areas such as artificial intelligence, cloud computing, and motivated by fluctuating market demands and faster innovation cycles. Design strategies for dynamic manufacturing are increasingly being adopted. These advances have a fundamental impact on industrial systems at component as well as architectural level.

As a consequence of the changing operational requirements, the methods used for protection of industrial systems must be revisited and strengthened. This for example includes access control, which is one of the fundamental cyber- security mechanisms that is hugely affected by current developments within IACS. The methods currently used are static and coarse-grained and therefore not well suited for dynamic and flexible industrial systems. A transition in security model is required, from implicit trust towards zero-trust, supporting dynamic and fine-grained access control.

This PhD thesis discusses access control for IACS in the age of Industry 4.0, focusing on dynamic and flexible manufacturing systems. The solutions presented are applicable at machine-to-machine as well as human-to-machine interactions, using a zero-trust strategy. An investigation of the current state of practice for industrial access control is provided as a starting point for the work. Dynamic systems require equally dynamic access control policies, why several approaches on how dynamic access control can be achieved in industrial systems are developed and evaluated, covering strategies for policy formulations as well as mechanisms for authorization enforcement.

List of publications -- Included in the thesis

Paper A: A Questionnaire study on Access Control for Industrial Systems, Björn Leander, Aida Causevic, Hans Hansson, Tomas Lindström, 26th International Conference on Emerging Technologies and Factory Automation, ETFA, Västerås, Sweden, September 2021.

Paper B: Towards an ideal Access Control Strategy for Industry 4.0 Manufacturing Systems, Björn Leander, Aida Causevic, Hans Hansson, Tomas Lindström, In IEEE Access journal, August 2021.

Paper C: Access Control Enforcement Architectures for Dynamic Manufacturing Systems, Björn Leander, Aida Causevic, Hans Hansson, Tomas Lindström, 20th IEEE International Conference on Software Architecture, ICSA, L’Aquila, Italy, March 2023.

Paper D: Simulation Environment for Modular Automation Systems, Björn Leander, Tijana Markovic, Aida Causevic, Tomas Lindström, Hans Hansson, Sasikumar Punnekkat, 48th Annual Conference of the Industrial Electronics Society, IECON, Brussels, Belgium, October 2022.

Paper E: Evaluation of an OPC UA-based Access Control Enforcement Architecture, Björn Leander, Aida Causevic, Tomas Lindström, Hans Hansson, 28th European Symposium on Research in Computer Security, ESORICS, 9th CyberICPS Workshop, Hague, Netherlands, September 2023.

Paper F: An Authorization Service supporting Dynamic Access Control in Manufacturing Systems, Ivan Radonjic, Enna Basic, Björn Leander, Tijana Markovic, IEEE 9th World Forum on Internet of Things, Aveiro, Portugal October 2023.