Fine-grained Access Control for Time-Series Databases using NGAC

Industrial Internet of Things (IIoT) and Industry 4.0 rely heavily on data for reasons such as production follow-up, planning and optimization. Industrial data come in large volumes from production logs and sensors whereof some data carries business and strategic value, sensitive information, or a combination of both. Such data must be protected from unauthorized access, but also be easy to access for authorized users to facilitate work to gain business and operational values from the data. The efficient creation and maintenance of access policies for secure data sharing is hence essential, but unfortunately also challenging in terms of the complexity and administrative effort for fine-grained such. Attribute-based access control (ABAC) such as the Next Generation Access Control (NGAC) provides efficient models for handling access policies. Existing access control models fail however to provide a simple and easy-to-maintain policy language capable of efficiently enforcing fine-grained access control policies for large volumes of time-series data. In this paper, we propose extensions to NGAC based on filter strings that facilitates efficient enforcement of row-level value and time constraint policies for time-series data. We evaluate two approaches for storing and retrieving these filter strings and provide a qualitative and quantitative discussion of the results.