Role-Based Access Control for the Large Hadron Collider at CERN

Authors

  • Ilia Yastrebov 1. European Organization for Nuclear Research Switzerland, 1211 Geneva 23, and 2. Joint Institure for Nuclear Research Russia, 141980 Dubna, 6 Jolio-Curie E-mail:

Keywords:

Software development, role-based access control, information security, equipment protection

Abstract

Large Hadron Collider (LHC) is the largest scientific instrument ever created. It was built with the intention of testing the most extreme conditions of the matter. Taking into account the significant dangers of LHC operations, European Organization for Nuclear Research (CERN) has developed multi-pronged approach for machine safety, including access control system. This system is based on rolebased access control (RBAC) concept. It was designed to protect from accidental and unauthorized access to the LHC and injector equipment. This paper introduces the new model of the role-based access control developed at CERN and gives detailed mathematical description of it. We propose a new technique called dynamic authorization that allows deploying RBAC gradually in the large systems. Moreover, we show how the protection for the very large distributed equipment control system may be implemented in efficient way. This paper also describes motivation of the project, requirements and overview of the main components: authentication and authorization.

References

CERN: Why the LHC. http://public.web.cern.ch/public/en/LHC/WhyLHC-en.html (2008), Accessed 1 August 2009.

Wikipedia: Large Hadron Collider. http://en.wikipedia.org/wiki/Large_Hadron_Collider (2008), Accessed 1 August 2009.

CERN: What is LHCb. CERN FAQ LHC: the guide. CERN Communication Group. http://cdsmedia.cern.ch/img/CERN-Brochure-2008-001-Eng.pdf (2008). Accessed 9 December 2008.

Wenninger J.: Operational challenges of the LHC. http://irfu.cea.fr/Phocea/file.php?class=std&file=Seminaires/1595/Dapnia-Novc07-partB.ppt. (2007), Accessed 1 August 2009

Wikipedia: Role Based Access Control, http://en.wikipedia.org/wiki/Role_based_access_control(2009), Accessed 1 August 2009

Petrov A., Schumann C., Gysin S.: User Authentication for Role-Based Access Control. Proceedings of ICALEPCS 2007

Ferraiolo D.F., Kuhn D.R.: Role Based Access Control. 15th National Computer Security Conference, Baltimore, USA, (1992)

Sandhu R., Coyne E. J., Feinstein H. L., Youman C. E.: Role-Based Access Control Models. IEEE Computer 29 (2): 38-47, (1996) http://dx.doi.org/10.1109/2.485845

Sandhu R., Ferraiolo D.F., Kuhn D.R.: The NIST Model for Role Based Access Control: Toward a Unified Standard, 5th ACM Workshop Role-Based Access Control, 47-63, (2000) http://dx.doi.org/10.1145/344287.344301

Ferraiolo D.F., Cugini J.A., D. Kuhn D.R.: Role-Based Access Control (RBAC): Features and Motivations. Proceedings of 11th Annual Computer Security Application Conference, New Orleans, LA, 241-248, (1995)

Gysin S., Kostro K., Kruk G., Lamont M., Lueders S., SliwinskiW., Charrue P.: Role-Based Access for the Accelerator Control System in the LHC Area - Requirements, EDMS Id 769302, (2006)

Charrue P. et al.: Role Based Access Control for the Accelerator Control System in the LHC Era - Design. EDMS Id 805654, (2007)

Kostro K., Baggiolini V., Calderini F., Chevrier F., Jensen S., Swoboda R., Trofimov N.: Controls Middleware - the New Generation, EPAC, Paris, France, p. 2028. (2002)

Kostro K., Gajewski W., Gysin S.: Role-Based Authorization in Equipment Access at CERN. Proceedings of ICALEPCS, (2007)

Published

2010-09-01

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.