Abstract
In the context of energy efficiency, smart metering solutions are receiving growing attention as they support the automatic collection of (fine-grained) consumption data of appliances. While the capability of a stakeholder (such as a consumer, an utility, or a third-party service) to access smart metering data can give rise to innovative services for users, it makes the control of data release and usage significantly more complex. It is thus extremely important to put in place an adequate access control mechanism that takes into account the authorization requirements of the various stakeholders. To address this issue, we propose a framework based on the Attribute Based Access Control model for the selective release of smart metering data in cloud-based solutions for smart grids.
We applied our framework to a scenario proposed by Energy@Home, a non-profit association of companies with the mission of developing and promoting techniques for energy efficiency in smart homes. As a proof of concept, we implemented our approach on top of the open-source Spring Security framework.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
More details can be found on the official website of the JEMMA project: http://jemma.energy-home.org.
- 7.
- 8.
References
Skopik, F.: Security is not enough! on privacy challenges in smart grids. Int. J. Smart Grid Clean Energy 1(1), 7–14 (2012)
Simmhan, Y., Kumbhare, A.G., Baohua, C., Prasanna, V.: An analysis of security and privacy issues in smart grid software architectures on clouds. In: IEEE International Conference on Cloud Computing (CLOUD), pp. 582–589 (2011)
Accenture in collaboration with WSP. Cloud Computing and Sustainability: The Environmental Benefits of Moving to the Cloud. White paper (2010). http://download.microsoft.com/download/A/F/F/AFFEB671-FA27-45CF-9373-0655247751CF/CloudComputingandSustainability-Whitepaper-Nov2010.pdf
Murrill, B.J., Liu, E.C., Thompson II, R.M.: Smart meter data: privacy and cybersecurity. Congressional Research report, R42338 (2012)
Cloud Security Alliance (2013). https://cloudsecurityalliance.org/download/the-notorious-nine-cloud-computing-top-threats-in-2013
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: Proceedings of the IEEE International Conference on Web Services, ICWS ’05, pp. 561–569. IEEE Computer Society, Washington, DC (2005)
NIST. Guide to Attribute Based Access Control (ABAC) Definition and Considerations (2013). http://csrc.nist.gov/publications/drafts/800-162/sp800_162_draft.pdf
Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012)
Zave, P., Jackson, M.: Conjunction as composition. ACM Trans. Softw. Eng. Methodol. 2(4), 379–411 (1993)
Gong, L., Qian, X.: Computational issues in secure interoperation. IEEE Trans. Softw. Eng. 22(1), 43–52 (1996)
Spring. Spring Expression Language (2013). http://docs.spring.io/spring/docs/3.2.x/spring-framework-reference/html/expressions.html
De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Samarati, P.: Access control policies and languages. Int. J. Comput. Sci. Eng. 3(2), 94–102 (2007)
Bonatti, P., De Capitani di Vimercati, S., Samarati, P.: An Algebra for Composing Access Control Policies. ACM Trans. Inf. Syst. Secur. (TISSEC) 5(1), 1–35 (2002)
Wijesekera, D., Jajodia, S.: A propositional policy algebra for access control. ACM Trans. Inf. Syst. Secur. 6(2), 286–325 (2003)
Jung, M., Hofer, T., Dobelt, S., Kienesberger, G., Judex, F., Kastner, W.: Access control for a smart grid SOA. In: 2012 International Conference for Internet Technology and Secured Transactions, pp. 281–287 (2012)
Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A flexible attribute based access control method for grid computing. J. Grid Comput. 7(2), 169–180 (2009)
Kim, J., Kwon, Y., Lee, Y., Seo, J., Kim, H.: Access control mechanism supporting scalability, interoperability and flexibility of multi-domain smart grid system. In: Information Science and Industrial Applications ISI (2012)
Ebinger, P., Hernández Ramos, J.L., Kikiras, P., Lischka, M., Wiesmaier, A.: Privacy in smart metering ecosystems. In: Cuellar, J. (ed.) SmartGridSec 2012. LNCS, vol. 7823, pp. 120–131. Springer, Heidelberg (2013)
Ardagna, C.A., Cremonini, M., De Capitani di Vimercati, S., Samarati, P.: A privacy-aware access control system. J. Comput. Secur. (JCS) 16(4), 369–392 (2008)
Armando, A., Oudkerk, S., Ranise, S., Wrona, K.: Formal modelling of content-based protection and release for access control in NATO operations. In: Danger, J.-L., Debbabi, M., Marion, J.-Y., Garcia-Alfaro, J., Heywood, N.Z. (eds.) FPS 2013. LNCS, vol. 8352, pp. 227–244. Springer, Heidelberg (2014)
Acknowledgments
This work has partially been supported by the activity “SecSES Secure Energy Systems” of the action line ASES Smart Energy Systems of the EIT ICT Labs, and by the MIUR PRIN 2010-11 project “Security Horizons.” We are grateful to Jorge Cuéllar, the participants, and the reviewer of the “Second Open EIT ICT Labs Workshop on Smart Grid Security” for their remarks and comments that helped to improve the paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Armando, A., Carbone, R., Chekole, E.G., Petrazzuolo, C., Ranalli, A., Ranise, S. (2014). Selective Release of Smart Metering Data in Multi-domain Smart Grids. In: Cuellar, J. (eds) Smart Grid Security. SmartGridSec 2014. Lecture Notes in Computer Science(), vol 8448. Springer, Cham. https://doi.org/10.1007/978-3-319-10329-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-10329-7_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10328-0
Online ISBN: 978-3-319-10329-7
eBook Packages: Computer ScienceComputer Science (R0)