Industry 4.0 tries to digitalize the production process further. The digitalization is achieved by connecting different entities (machines, worker) to data-exchange, which needs to be dynamic and to adapt to different changing situations and members in the process. However, just exchanging data might lead to confidentiality issues. The data-exchange needs to be protected to secure the confidentiality and trust in the system. Therefore, security rules need to adapt to these dynamic situations. One part of a possible solution might be dynamic access control rules. However in many cases, existing "legacy" systems are reused, which can in not handle dynamic access control rules. Due to this gap between the required and provided functionality, we propose an approach, which integrates dynamic access control based on the system-context into legacy systems. Our approach uses a security adaption controller, which dynamically adapts the access control rules to a new situation and integrates them into an existing legacy system. We discussed our approach with industrial practitioners and related our approach to their existing legacy system. In addition, we performed a scalability analysis to demonstrate the applicability of our approach in a realistic environment.
CCS CONCEPTS• Security and privacy → Domain-specific security and privacy architectures; • Computer systems organization → Self-organizing autonomic computing.