Secure Remote Maintenance via Workflow-Driven Security Framework

Remote Maintenance in collaborative manufacturing provides a lot of benefits such as reduced downtime in manufacturing operations. But at the same time, it increases the attack-surface by opening new attack paths to strictly controlled network zones. In this paper, we analyse a real-world cross-organizational remote maintenance scenario by collecting security requirements (e.g., authentication, authorization, and auditability), and present a workflow-based approach to model and formally enforce access control for that scenario. The proposed approach leverages the Workflow-Driven Security Framework (WDSF) to enforce the least privilege principle; to ensure workflow integrity and separation of duties, (i.e., business process enforcement and compliance); to protect the confidentiality and integrity of sensitive information; and to provide traceability and non-repudiation in case of root-cause analysis. The WDSF uses Petri Nets (PN) to model and enforce the workflow, and blockchain and smart contracts to guarantee accountability and traceability of workflow events. The Petri Nets workflows are modelled and validated using the WoPeD tool.