cs.CR
RTS-ABAC: Real-Time Server-Aided Attribute-Based Authorization & Access Control for Substation Automation Systems
Mar 24, 2026
The paper proposes RTS-ABAC, a novel real-time server-aided Attribute-Based Access Control mechanism designed to secure time-critical communications in substation automation systems, achieving low-latency protection even for retrofitting existing infrastructure.
Critical energy infrastructures increasingly rely on information and communication technology for monitoring and control, which leads to new challenges with regard to cybersecurity. Recent advancements in this domain, including attribute-based access control (ABAC), have not been sufficiently addressed by established standards such as IEC 61850 and IEC 62351. To address this issue, we propose a novel real-time server-aided attribute-based authorization and access control for time-critical applications called RTS-ABAC. We tailor RTS-ABAC to the strict timing constraints inherent to the protocols employed in substation automation systems (SAS). We extend the concept of conventional ABAC by introducing real-time attributes and time-dependent policy evaluation and enforcement. To safeguard the authenticity, integrity, and non-repudiation of SAS communication and protect an SAS against domain-typical adversarial attacks, RTS-ABAC employs mandatory authentication, authorization, and access control for any type of SAS communication using a bump-in-the-wire (BITW) approach. To evaluate RTS-ABAC, we conduct a testbed-based performance analysis and a laboratory-based demonstration of applicability. We demonstrate the applicability using intelligent electronic devices, merging units, and I/O boxes communicating via the GOOSE and SV protocol. The results show that RTS-ABAC is able to secure low-latency communication between SAS devices, as up to 99.82 % of exchanged packets achieve a round-trip time below 6 ms. Moreover, the results of the evaluation indicate that RTS-ABAC is a viable solution to enhance the cybersecurity not only in a newly constructed SAS but also via retrofitting of existing substations.
MuSimA: A Tool with Multi-modal Input for Generating Bespoke ABAC Datasets
The paper introduces MuSimA, a web-based tool that addresses the lack of large-s…
EXTree: Towards Supporting Explainability in Attribute-based Access Control
This paper introduces EXTree, a novel structure for Attribute-based Access Contr…
Privacy as Permissible Operations: An ABAC Framework for Policy-Law Compliance
The paper introduces APLiance, a novel ABAC framework that models privacy polici…
CritBench: A Framework for Evaluating Cybersecurity Capabilities of Large Language Models in IEC 618…
The paper introduces CritBench, a novel framework to evaluate LLM cybersecurity…
Anomaly Detection in IEC-61850 GOOSE Networks: Evaluating Unsupervised and Temporal Learning for Rea…
This paper evaluates unsupervised temporal learning models, specifically recurre…
Performance Testing of ChaCha20-Poly1305 for Internet of Things and Industrial Control System Device…
This paper evaluates the performance overhead of implementing ChaCha20-Poly1305…
Before the Tool Call: Deterministic Pre-Action Authorization for Autonomous AI Agents
The paper introduces the Open Agent Passport (OAP), a deterministic pre-action a…
Access Controlled Website Interaction for Agentic AI with Delegated Critical Tasks
The paper proposes a novel design for website interaction that provides fine-gra…