Specification and adaptive verification of access control policy for cyber-physical-social spaces

Cyber-Physical-Social Space (CPSS) is a promising paradigm to provide people with an intelligent environment by emphasizing the deep fusion of cyberspace, physical space, and social space. The interdependence of these spaces makes that CPSS is more likely to be attacked. The attack consequences may directly affect the state of the physical world and even endanger the people's life. Thus, the most challenging issue for CPSS is to ensure the space security. However, existing security analysis methods focus on the static analysis at the design phase. They do not consider the open and dynamic characteristics which are the core features of CPSS. In this paper, we propose an adaptive security analysis framework for CPSS to prevent the unauthorized flow of information. Firstly, the access control model of CPSS is proposed. It controls the access behaviors by considering the space information covering the social, cyber, and physical spaces. Secondly, Labelled Transition System (LTS) is established to describe the future evolutions of CPSS. The space states in the LTS which violate the security requirements are reasoned by the model checking technology. Thirdly, a policy adjustment method is proposed to prevent the system from entering the violated states or mitigate the bad results caused by the violations. In the end, the effectiveness of our approach is evaluated by a smart building case, and the necessity of our approach is analyzed by the performance evaluation. (C) 2021 Elsevier Ltd. All rights reserved.

Automated summary

Cyber-Physical-Social Space (CPSS) is a promising paradigm that combines cyberspace, physical space, and social space to create an intelligent environment. However, existing security analysis methods for CPSS do not take into account its open and dynamic characteristics. This paper proposes an adaptive security analysis framework for CPSS that includes an access control model, a Labelled Transition System (LTS), and a policy adjustment method to prevent unauthorized information flow and ensure space security.