1. Field of the Invention
The present invention relates to network security and, more particularly, to a method for providing a control information item for a distributed operation in an automation system.
2. Description of the Related Art
Due to the constantly increasing significance of information technology for automation systems, methods for protecting networked system components, such as monitoring, control and regulatory devices, sensors and actuators, against unauthorized access are becoming increasingly important. In comparison with other areas of application for information technology, data integrity has a particularly high level of importance in automation engineering. Particularly when capturing, evaluating and transmitting measurement and control data, it is necessary to ensure that complete and unaltered data are available. Intentional or unintentional alterations, or alterations caused by a technical error, must be avoided. Furthermore, particular demands in automation engineering for safety-related methods result from message traffic with comparatively many but relatively short messages. It is additionally necessary to take account of realtime capability in an automation system and in its system components.
Granting access to resources provided by computer units within an automation system, and actions performed using the resources, such as requests, initializations or changes, regularly require the provision of context-related information. For example, context-related information includes information about a user or authorizations of the user to perform an action or about a configuration for a computer unit used for a user-selected action. When a computer-based object is used to provide a service from the automation system within a service-oriented architecture, a called service requires the above context-related information to be made available.
Context-related information has to date been provided by additional parameters for a function such as a function for implementing a service. The continuous application of such an approach in a distributed automation system requires each function or application to be able to automatically identify and evaluate context-related information. Furthermore, it is necessary to ensure that context-related information is managed, i.e., stored and provided for other services, by all functions or applications uniformly. This means that global objects need to be provided for managing context-related information, which is extremely complex and susceptible to error and provides little flexibility in respect of possible changes to a system configuration.
As an alternative to the above approach, context-related information is provided for stub-skeleton-based system architectures by additional state information for a stub or skeleton. Here, the context-related information is made available for the stub and can be requested by the skeleton. However, in this case too, all functions or applications need to be able to identify, evaluate and manage appropriate global objects. Inconsistent handling of global objects for managing context-specific information by individual functions or applications can result in inoperable states in an automation system.