Continually increasing significance of information technology for automation systems means that methods for protecting networked system components, such as monitoring, control and regulatory devices, sensors and actuators, against unauthorized access are becoming increasingly important. In comparison with other areas of application for information technology, data integrity is particularly important in automation engineering. Particularly when measurement and control data are captured, evaluated and transmitted, it is necessary to ensure that complete and unaltered data are obtained. Intentional alterations, unintentional alterations or alterations caused by technical error must be avoided. Special requirements in automation engineering for security-related methods result, furthermore, from control traffic with a relatively large number of, but relatively short, messages. In addition, it is necessary to take account of a real-time capability of an automation system and of the system components thereof.
In order to define security guidelines and access authorizations, markup languages representing hierarchically structured data in the form of text files have been used a great deal to date, these being relatively simple for different information-technology systems to interchange, particularly via wide-ranging networks. One such markup language is XACML (eXtensible Access Control Markup Language), which has been standardized by the OASIS consortium for presentation and processing of authorization guidelines. In particular, XACML is used to create evaluatable rules which control access to resources of a system by subjects.
In large, distributed automation systems, security and access guidelines defined by means of XACML can become very extensive. A particular problem in this instance is system-wide distribution of such guidelines to all the network nodes which need to be covered within an automation system. Previously, this problem has been solved by specifying separate security and access guidelines for each network node, but this requires increased configuration complexity. As an alternative, it is possible to generalize or simplify system-wide security and access guidelines. A drawback in this case is that accuracy requirements are occasionally met only unsatisfactorily, and only coarse management of access rights is made possible. In areas of application which are dependent upon refined management of access rights, such approaches are therefore unsuitable.