The introduction of information technology (IT) into automation and the increasing integration with office environments, also increases the need for security solutions for automation environments. At the same time, access control is an essential security functionality which establishes and dictates which operations a person can carry out. For example it can specify what access can be implemented by operating personnel for operating and monitoring a procedure or a production method or an industrial or manufacturing process.
The three main pillars of IT security are confidentiality, integrity and availability. In relation to typical office environments, confidentiality and integrity of data are usually the primary roles. In the automation environment, however, the availability is more important than the confidentiality of the data. Usually in this connection it is mainly control and status commands and rarely highly-secret data that are transmitted over the network.
Because of the operating environment, special local restrictions have to be taken into consideration. So, in an industrial process automation environment of a manufacturing process in the processing industry for example, in the event of a safety emergency in the plant control, a physical process such as the heating and stirring of an adhesive cannot easily be halted. Likewise, conversely in an emergency, for example overheating of the adhesive, intervention by operating personnel by means of IT security measures must not be prevented. In such an emergency, strict access rights which are desirable from the point of view of IT security must not prevent the required manual interventions or make them unnecessarily difficult.
Role based access control (RBAC) is known. In practice this often merely means role-based administration of access rights. In this case, groups are defined according to the existing tasks. Access rights are assigned to individual groups. Individual personnel are assigned to the groups corresponding to their tasks and consequently receive the access rights required for their task.
From a theoretical standpoint, RBAC means that an individual employee carries out different tasks at different times and correspondingly performs different roles at different times. If the employee's tasks change over a number of time intervals, in each case he implements a role change in order to obtain the access rights assigned to the respective currently performed role.
Moreover, context-based access control in the care and supervision of elderly persons in the home, in which access rights are also dependent on context information—also termed environment information—is known from Covington et al “Securing context-aware applications using environment roles”, Proceedings of the sixth ACM symposium on access control models and technologies, Chantilly, Va., United States, pp 10-20, 2001, ISBN: 1-58113-350-2. This context information relates to the time of day, the day of the week, the place of residence or the current status of a sequence of operations. The access rights are assigned to specific environment roles. Different environment roles can be initiated by context information. Activation of an environment role can automatically initiate an action. For example, an emergency call can be set up automatically when the “injured” environment role is activated.